New Trojan hiding Place?

Hi everyone!

My home edition avast 4.7 version found a new trojan on my Hdd but was unable to clean it or send it to the chest.

the Trojan detected was in the protected and hidden c:/windows/installer folder.

The name reported by avast is “Binary.WiseCustomCalla26” in th folder 30227.msi

I currently run Ad-adware, Spybot search& Destroy, Windows XP pro SP2 complete firewall and hardware DEP.

Here is how I got rid of the bug;

Used install disk to boot to recovery console. Logged in as admin. CD to C:\windows\installer.
Entered password for access for installer folder. Deleted \30227.msi\ directory. exited and rebooted back to my normal desktop. Ran avast again (thorough) and it no longer sees the trojan.

My SCSI HDD drives do not access constantly anymore and the system no longer freezes and shutsdown normally.

Thought this might help others in this situation.

Grug1

Intriguing, were there any other indications apart from avast ? and HDD thrashing.

Hi Essexboy.

Just kept telling me that windows was unable to write to the main drive cache. Odd, as I have write caching disabled on all my SCSI drives but enabled on my SATA storage drive.

I work on a Twin Opteron system with 4 gigs of Ecc/Reg memory.

All my software updates automatically, and those process ID’s are visible in task manager. This trojan was running without reporting its process. there must be a way to hook these non-registered processes.

If you get to the windows installer folder, most of the subfolders are in some cryptic number that end in *.msi.

Avast does not see it any longer and I am able to backup my data again.

Truly, Grug1