One was Win32 :Adware-gen did a check on Virus total come up clean even avast states it clean.
File C:\Documents and Settings\PeDrO\My Documents!!..JeNnAz!!\×_Odd.Bits.And.Bobs]].«3\×_DownLoads]].«3\FeLiX.exe is infected by Win32:Adware-gen. [Adw]
Have sent off to Alwil for testing.
I also got this but not sure if it can be quarantined or not
File C:\pagefile.sys is infected by Win32:Agent-SG [Trj]
This only shows up on a bootscan.
Is this okay to quarantine, i tried checking it out but could not find anything that i could understand.
The content of the pagefile is not reused (when Windows boot up) - so it doesn’t really matter what’s inside. I’d suggest to ignore the file (i.e. not to move or delete it).
I’m slightly curious, however, how did the Agent-SG signature get there. It is actually possible that it’s a false alarm, but it looks like belonging to a dialer.
Try to run ashQuick.exe “*MEMORY” to see if anything is detected in memory.
I tried it but it keeps coming up saying it can’t find the path etc to sheck that i have put in the right path.
I did a search the only ashQuick.exe that comes up is in C:Windows /Prefetch folder is this correct or am i losing the plot.
I have clicked to show hidden folders files etc
I appreciate your help, but i am not sure how much longer i can stay on, so if i should disappear i am not being rude.
No. The prefetched version is not good.
Where is your avast installed? There should be the ashquick.exe file.
I’ve posted the default folder, where did you install avast?
You have to use two pairs of quotes, like I’ve posted before.
@crofty59
The prefetch is only designed to speed up the loading of files it gives HDD cluster information, etc., it isn’t the original file.
Try this path in the run command, Techs is likely to be incorrect for your setup: “C:\Program Files\Alwil Software\Avast4\ashQuick.exe” “*MEMORY”, this works on mine
Hi polonus i have bookedmarked the web site will check it out .
Cheers crofty59
Hi tech
I installed in the default folder. I can find a icon in Avast folder for ashQuick but not ashQuick exe.
I ended up getting it to work, i put in what David had posted. i was putting in the wrong path.
Try this path in the run command, Techs is likely to be incorrect for your setup: “C:\Program Files\Alwil Software\Avast4\ashQuick.exe” “*MEMORY”, this works on mine
Hi DavidR
Your path you posted worked like a charm. Thanks
Cheers crofty59
Hi igor
Run the scan and this is what i got
File name Process 876, memory block 0x01880000, block size 1814528
Malware name Win32:Agent-SG [Trj]
Malware Type Trogen Horse
VPS version 0642-2 07/11/06
File name Process 876, memory block 0x02B10000 block size 1814528
Malware name Win32:Agent-SG [Trj]
Malware Type Trogen Horse
VPS version 0642-2 07/11/06
I tried posting screen shots but didn’t work
Hopes this help
Can you find out what do these Win32:Agent-SG [Trj] detections correspond to? I mean, if you run Process Explorer and check the process with ID 876 (or what the virus dialog shows at the particular case)… what is it?
Additionally, if you select this process (in Process Explorer) and press Ctrl+D to display the DLLs in the lower pane - is there any DLL where the reported addresses (e.g. 02B10000) would fall into?
Well, I guess I make somebody reproduce the problem here first… I would like to see the corresponding memory block (the one where the virus signature is found) before making conclusions.