Not being able to find virus file

  • Thread starter Thread starter Axis
  • Start date Start date
A

Axis

srcmon.exe was found in my Local_settings/Temp file. The Antivirus said it
was undisinfectable. But worse than that, the file wasn't apparent in the
folder given. This had me confused, because I thought Windows would surely
show me a file that existed in that folder. I deleted all the files I could
find that Windows would allow me to, in that folder. Would that have done
the trick (I'm assuming it was there under an alias)? And why should a file
be undisinfectable?

Another anti-virus scan found icon.acad162_icon.exe, which I assume to be to
do with an AutoCAD download; but once again the scanner said it was
undisinfectable, and again Windows searches didn't find it. I can't make
sense of this; and there is no information about that exe file on the 'net.

What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
password?

WTIA.
 
Axis said:
srcmon.exe was found in my Local_settings/Temp file. The Antivirus said it
was undisinfectable. But worse than that, the file wasn't apparent in the
folder given. This had me confused, because I thought Windows would surely
show me a file that existed in that folder. I deleted all the files I could
find that Windows would allow me to, in that folder. Would that have done
the trick (I'm assuming it was there under an alias)? And why should a file
be undisinfectable?

Another anti-virus scan found icon.acad162_icon.exe, which I assume to be to
do with an AutoCAD download; but once again the scanner said it was
undisinfectable, and again Windows searches didn't find it. I can't make
sense of this; and there is no information about that exe file on the 'net.

What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
password?

WTIA.
Click to expand...

Please reply with much more system detail than above. OS ? Antimalware?

What exactly told you that an infection exists?

<http://catb.org/~esr/faqs/smart-questions.html>

<http://support.microsoft.com/kb/555375>
 
1PW said:
Please reply with much more system detail than above. OS ?
Click to expand...

Windows XP.
Antimalware?
Click to expand...

None that I was regularly using.
Now put on Stopzilla.
What exactly told you that an infection exists?
Click to expand...

Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
active scan for scrcom.exe -- or the other way round.
Anyhow, it's this thing of being 'undisinfectable' that I have never come
across before.
 
From: "Axis" <[email protected]>



| Windows XP.


| None that I was regularly using.
| Now put on Stopzilla.

| Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
| active scan for scrcom.exe -- or the other way round.
| Anyhow, it's this thing of being 'undisinfectable' that I have never come
| across before.


It means unlike a file where code is prepended, inserted or appended and said code can be
removed, in this case such an action can not be preformed and thus can't be disinfected.
All you can do is delete the file.
 
David H. Lipman said:
From: "Axis" <[email protected]>




| Windows XP.



| None that I was regularly using.
| Now put on Stopzilla.


| Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
| active scan for scrcom.exe -- or the other way round.
| Anyhow, it's this thing of being 'undisinfectable' that I have never
come
| across before.


It means unlike a file where code is prepended, inserted or appended and
said code can be
removed, in this case such an action can not be preformed and thus can't
be disinfected.
All you can do is delete the file.
Click to expand...

I need to find it first, but the search doesn't yield.
I see that icon.acad162_icon.exe is in System volume information, for which
access is denied. How come, incidentally, if this is a virus, there is
nothing about it on the 'net?

Cheers.
 
From: "Axis" <[email protected]>



| I need to find it first, but the search doesn't yield.
| I see that icon.acad162_icon.exe is in System volume information, for which
| access is denied. How come, incidentally, if this is a virus, there is
| nothing about it on the 'net?

| Cheers.

Who said "icon.acad162_icon.exe" is a virus ?

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
 
FromTheRafters said:
Possibly hidden.
Click to expand...

By I always have 'Show hidden files and folders' selected.
Hidden files may not 'appear' when navigated to or searched for, but
deleting, copying, moving, renaming, or changing the attributes of them by
using the fully qualified path should work despite not being able to 'see'
them.
Click to expand...

How would I do that?
No, if the detecting software found it under that name - then that is the
name it has.


If a program is "all bad" (such as most trojans) then disinfecting is
equivalent to deleting - that is to say there is nothing salvageable.
Click to expand...

It seems to be a recent fad in anti-virus software. I would happily delete a
trojan if I could.
Could be a false positive declaration. If you don't need the file - delete
it.
Click to expand...

I can't because it's in System Volume Information.

Cheers.
 
Axis said:
By I always have 'Show hidden files and folders' selected.
Click to expand...

Still...there's hidden from you and (filtered) hidden even from
administrative tools. :o)
How would I do that?
Click to expand...

The full path to the subject file might have been logged by the
antivirus application, or if your memory serves you, you can just use it
to enter "del said:
It seems to be a recent fad in anti-virus software. I would happily
delete a trojan if I could.
Click to expand...

Once debated here years ago, the AV purists are against disinfection in
favor of replacing files modified by malware with known good backups.
Still, there will always be a need for undoing what malware has done
because there are not always suitable backups to be had.
I can't because it's in System Volume Information.
Click to expand...

You can flush your restore points - orjust wait for it to "fall out" as
newer points are added.
 
Back
Top