Hi all,

everytime if i scan the documents and settings file i get this detection:

http://img301.imageshack.us/img301/4678/nod32lu4.jpg

NOD32 says it can be deleted, but there's no option to press that as you can see (only 'No action' ). The strange thing is, is that if i look the file up, it's empty.

Update: i detected the file itself as a hidden application and deleted it. Strange thing is that now when i have the option on for showing hidden files, there's also a strange document on my desktop named Ghost with 15 showing in it.

Hello !

Check your NOD32 settings and make sure you configure them as per Blackspear's tutorial here (http://www.wilderssecurity.com/showthread.php?t=37509)

Make sure your NOD32 is fully updated by pressing the update buttom from Control Panel -> Update -> Update now

Download , install , run and update Lavasoft's Ad-Aware se Personal here (http://www.lavasoftusa.com/software/adaware)

Boot your computer into Safe Mode (instructions how-to here (http://support.microsoft.com/kb/315222)) .

In Safe Mode , start Ad-Aware se Personal and perform full scan and clean of all your hard drive(s) . Eliminate the infections found

After that goto Start->Programs->ESET->NOD32 , in the "Profiles" tab make sure you use Control Center profile and perform full Scan&Clean of your hard drive

Restart and report back your results ! ;D :thumb:

Regards!

WhenU.SaveNow is bundled with BSplayer and some other software. It used to be detected as adware, but it will need to be reclassified as soon as we add a new category for such unwanted applications.

{QUOTE-> WhenU.SaveNow is bundled with BSplayer and some other software. It used to be detected as adware, but it will need to be reclassified as soon as we add a new category for such unwanted applications. <-QUOTE}
Reclassified to what? Sorry, I didn't understand your post. Did you reffer to changing its label to Adware.WhenU.SaveNow dropping the Win32 part or what ?

Info
http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.SaveNow&threatid=10810

Skywriter.exe is that not a screensaver applacation ?

Hi all,

thanks for the reply. Amon detected the file and quarantined it (typed it wrong, i didnt delete it). Do you guys also know what made the ghost text file on my desktop? (that's also hidden)

{QUOTE-> Info
http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.SaveNow&threatid=10810

Skywriter.exe is that not a screensaver applacation ? <-QUOTE}

Think so yeah, if you type it in google it shows as screensavers.

{QUOTE-> Hello !

Check your NOD32 settings and make sure you configure them as per Blackspear's tutorial here (http://www.wilderssecurity.com/showthread.php?t=37509)

Make sure your NOD32 is fully updated by pressing the update buttom from Control Panel -> Update -> Update now

Download , install , run and update Lavasoft's Ad-Aware se Personal here (http://www.lavasoftusa.com/software/adaware)

Boot your computer into Safe Mode (instructions how-to here (http://support.microsoft.com/kb/315222)) .

In Safe Mode , start Ad-Aware se Personal and perform full scan and clean of all your hard drive(s) . Eliminate the infections found

After that goto Start->Programs->ESET->NOD32 , in the "Profiles" tab make sure you use Control Center profile and perform full Scan&Clean of your hard drive

Restart and report back your results ! ;D :thumb:

Regards! <-QUOTE}

Thanks for the help. I scanned with ad-aware and came up clean.:thumb:

You can try scanning with spybot search and destroy, with the latest update installed.

Can you show us the file on your desktop.

{QUOTE-> You can try scanning with spybot search and destroy, with the latest update installed.

Can you show us the file on your desktop. <-QUOTE}
i already scanned with a-squared and came up clean with that also. This is the image:

http://img70.imageshack.us/img70/3630/naamloosvn1.jpg

File is about 4 kb large.. strange that it showed up there (as the skywriter.exe, that also was hidden)

try to see its properties...maybe you can find something there. ;)

{QUOTE-> i already scanned with a-squared and came up clean with that also. This is the image:

image here

File is about 4 kb large.. strange that it showed up there (as the skywriter.exe, that also was hidden) <-QUOTE}

Hi . You are welcome !

Let me first start that after you scanned with NOD32 , Ad-Aware , A-squared , you are less likely to be infected so this "Ghost" file is probably not a part from malware . I would also suggest you see at its properties and see when it was created or ignore/delete it since it is not something important , I believe :thumb:

Sorry for the late reaction. The ghost textfile was just a few bytes large, so i deleted it. Thanks for the help all :thumb:

{QUOTE-> Sorry for the late reaction. The ghost textfile was just a few bytes large, so i deleted it. Thanks for the help all :thumb: <-QUOTE}

You are welcome !
Thank you for letting us know ! :thumb: