T
Tom
What is subject file and what does it do. Should I let NOrton delete it?
Thanks,
Tom D.
Thanks,
Tom D.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
David H. Lipman
1) Download the following three items...
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt359.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.
2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
| What is subject file and what does it do. Should I let NOrton delete it?
|
| Thanks,
|
| Tom D.
|
|
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt359.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.
2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
| What is subject file and what does it do. Should I let NOrton delete it?
|
| Thanks,
|
| Tom D.
|
|
N
Nigel
A full NAV 2005 scan of my PC reports 4 AdWare files in
c:/windows/downloaded program files, eg SahHtml_.exe. There are no files
of those names in that directory. I suspect they're actually compressed
components of one (or more) of the files in that directory. How can I
find out which one(s)?
I asked NAV support - the answers I got were very polite and completely
useless.
Thanks,
Nigel
c:/windows/downloaded program files, eg SahHtml_.exe. There are no files
of those names in that directory. I suspect they're actually compressed
components of one (or more) of the files in that directory. How can I
find out which one(s)?
I asked NAV support - the answers I got were very polite and completely
useless.
Thanks,
Nigel
R
Rick \Nutcase\ Rogers
Hi Tom.
Simply put, yes. That is not a system file, or even something I can find on
a search of the web. The remaining possibility is a virus of some sort.
--
Best of Luck,
Rick Rogers, aka "Nutcase" - Microsoft MVP
Associate Expert - WindowsXP Expert Zone
Windows help - www.rickrogers.org
Simply put, yes. That is not a system file, or even something I can find on
a search of the web. The remaining possibility is a virus of some sort.
--
Best of Luck,
Rick Rogers, aka "Nutcase" - Microsoft MVP
Associate Expert - WindowsXP Expert Zone
Windows help - www.rickrogers.org
S
Sharon F
A full NAV 2005 scan of my PC reports 4 AdWare files in
c:/windows/downloaded program files, eg SahHtml_.exe. There are no files
of those names in that directory. I suspect they're actually compressed
components of one (or more) of the files in that directory. How can I
find out which one(s)?
I asked NAV support - the answers I got were very polite and completely
useless.
Nigel, the "Downloaded Programs" folder is misleading. It doesn't show
files and folders. It shows components that have been downloaded and
installed. If you right click on any of the objects listed here, you can
select Properties. The pages that appear give you a range of information
about the item.
On the "Dependency" tab is a list of the files involved and their location.
NOTE: Most of the locations will be abbreviated. Example:
C:\Windows\filename may show up as C:\Win...\filename. While it may be
possible for something to hide in this folder, it's also likely that your
antivirus is reporting a name of a file that is listed in one of the
dependency sections.
R
Rush
What is subject file and what does it do. Should I let NOrton delete it?
Thanks,
Tom D.
It's most likely a Trojan Downloader. As mentioned before, let Norton
delete the file and you need to do a good scan of your system.
Rush
http://www.bythedrop.com
B
Bullwinkle. J. Moose
If you have compressed file in that particular directory you will have to
expand them. As long as you don't run the files there should be no problem.
Then just delete the entire zip/rar file and get rid of it.
Too many off-color programs are installing adware and worms and viruses into
their compressed files.
I today bought a program from a reliable company. I installed it and lo and
behold 2 instances of adware showed up on my desktop. Don't think I haven't
complained about it. I've warned them that they run the risk of losing
customers and worse being black-listed.
Check any program you download carefully and set up and isolation directory
away from your system disk.
Good luck
Regards
werner
expand them. As long as you don't run the files there should be no problem.
Then just delete the entire zip/rar file and get rid of it.
Too many off-color programs are installing adware and worms and viruses into
their compressed files.
I today bought a program from a reliable company. I installed it and lo and
behold 2 instances of adware showed up on my desktop. Don't think I haven't
complained about it. I've warned them that they run the risk of losing
customers and worse being black-listed.
Check any program you download carefully and set up and isolation directory
away from your system disk.
Good luck
Regards
werner
N
Nigel
Sharon said:Nigel, the "Downloaded Programs" folder is misleading. It doesn't show
files and folders. It shows components that have been downloaded and
installed. If you right click on any of the objects listed here, you can
select Properties. The pages that appear give you a range of information
about the item.
On the "Dependency" tab is a list of the files involved and their location.
NOTE: Most of the locations will be abbreviated. Example:
C:\Windows\filename may show up as C:\Win...\filename. While it may be
possible for something to hide in this folder, it's also likely that your
antivirus is reporting a name of a file that is listed in one of the
dependency sections.
Hi Sharon,
Thanks for your help. I had just about made it that far on my own, but
the rogues aren't listed amongst the dependencies.
I followed the instructions on the Symantec website about editing the
registry and deleting the files associated with the AdWare, apart from
the ones mentioned above. Does that mean my PC is now AdWare-free and
the files flagged by NAV now serve only as an 'audit trail'?
Nigel
S
Sharon F
Hi Sharon,
Thanks for your help. I had just about made it that far on my own, but
the rogues aren't listed amongst the dependencies.
I followed the instructions on the Symantec website about editing the
registry and deleting the files associated with the AdWare, apart from
the ones mentioned above. Does that mean my PC is now AdWare-free and
the files flagged by NAV now serve only as an 'audit trail'?
I think it would be safe to assume that the reference is a leftover. You
can use DIR /A command in a command prompt window if you want to check.
Start> Run> CMD. Work your way over to the windows folder. Then type DIR /A
and press enter. Next type:
CD downloaded program files
Press enter. Then DIR again and you'll get a list of any actual files in
this location. Most will be INF files but if there is a file hiding here,
you'll be able to see it and delete it.