Traveling Salesman or like

  • Thread starter Thread starter Jacques
  • Start date Start date
J

Jacques

Hi,

I found a suspicious dir on a friend's box (unfortunately under Win-Me).
Taking files to my comp shows their are seen as trojan or Xupiter by AV
(each AV gives diferent names). MSAS named them "Unclassified.Spyware.45"
and "Traveling Salesman".

My first remark is the link at right bottom : "Learn more about this
threat..." which send me on the general information about MSAS and not on
anything related to the found thread.

My second worry is whre to find the cleaning directives for a Win-Me box
which 25 km away with unskilled user.

Thanks

Jacques
 
From Bill Sanderson:
I'd recommend updating the antivirus defs, and restarting
in safe mode, and scanning with both Microsoft Antispyware
and your antivirus in that mode. Scan with both until a
scan comes through clean.

This isn't a guarantee at all, but you have a better
chance of success, particularly with a bug that Microsoft
Antispyware identifies, but isn't cleaning successfully in
normal mode.

You should also take a good look at the tools, advanced
tools, system explorers. These will show you the vast
majority of the bugs, if you know what to look for, but
I've not worked with Xupiter--I'm not sure whether it will
show there or not, and what to look for. Use google to
find cleaning instructions, in general--or check, for
example, Symantec's site to see if they have a automated
cleaning tool.
 
Thanks Andre,

Unfortunatly MSAS is'nt available under Win-Me so, as i don't find anything
helpfull regarding cleaning a suspicious file I tried (with success) to
have the detection on my XP system in order to know how it is identified
with MS-AS.
Detection worked fine, No cleaning difficult as my system is clean...! BUT,
when I tried to have more info, the link doesn't work.
It's my first concern with the beta.

As an add, if someone can help me cleaning a Win-Me with IE crashed (so no
online AV scan) it would be splendid (even if it is out of topic).

Jacques
 
The method of cleaning via submitted HijackThis logs published to a forum
with advice given publicly (and so "peer reviewed" after a fashion) is both
proven over time, and applicable to a WinMe machine with a novice user.

If you want to vary some details of that prescription--if you can get them a
copy of HijackThis, and get them to run it properly--check some of Ron
Kinner's messages here for the minimal details involved in that "properly"
spec.

I think this might have a good chance of success--You provide them with
HijackThis--this is very small and fits on a floppy. See whether Ron Kinner
will agree to assisting, via email.

Alternatively, use the information at a reputable public forum that
specializes in such work, such as:

http://www.aumha.org/a/quickfix.htm

to provide the tools and the expert assistance.

There are several excellent antivirus tools to use in an offline situation.
One is McAfee's Stinger, but this is limited to high-profile genuine
viruses. Still worth using, though.

Trend Micro's System Cleaner is broader--it cleans any virus that they
detect. I haven't verified that it cleans spyware--but their online scanner
now detects and cleans spyware, so it may be worth trying on a spyware
threat.

It is more complex to use than Stinger--you need to download sysclean.exe
and their current zipped definitions, and unzip the definitions in the same
folder as sysclean.exe.

Let me know if you need precise URL's for any of the above stuff--I can dig
them up if you have trouble finding stuff.
 
Back
Top