R
Rustiferion
After <finally>clearing out all the little files and dialers that came with
the Peper.Trojan worm, including the undocumented TkIz.exe keylogger, I
found to my dismay that they were all still sitting in a folder called
...\windows\prefetch, apparently intact, and their extensions had been
appended with a hex number followed by .PF. I went thru and deleted the
filenames I could remember as having been from Peper, but I'm sure I've
missed one or two.
Can anyone tell me what this folder is for, beyond the obvious? Clearing
out the internet cache didn't affect the files. There are a lot of
legitimate non-internet filenames there, like Paint Shop Pro and Solitaire.
If I simply delete <all> the files, will Windows rebuild the folder as I use
the programs, or does it need this info the launch them? And why didn't the
various Trojan hunters and sweeps find them there?
~RL
the Peper.Trojan worm, including the undocumented TkIz.exe keylogger, I
found to my dismay that they were all still sitting in a folder called
...\windows\prefetch, apparently intact, and their extensions had been
appended with a hex number followed by .PF. I went thru and deleted the
filenames I could remember as having been from Peper, but I'm sure I've
missed one or two.
Can anyone tell me what this folder is for, beyond the obvious? Clearing
out the internet cache didn't affect the files. There are a lot of
legitimate non-internet filenames there, like Paint Shop Pro and Solitaire.
If I simply delete <all> the files, will Windows rebuild the folder as I use
the programs, or does it need this info the launch them? And why didn't the
various Trojan hunters and sweeps find them there?
~RL