Scan and hidden program problem [Archive]

View Full Version : Scan and hidden program problem

gberns

July 24th, 2009, 11:21 AM

The other day when I plugged in my external USB disk to do a backup I found a program had been installed on the disk. I had no idea what it did or how it got there. Was unable to use it using usual tools as program did not show up on the list. I therefore did a brute removal. Today all my computer wants to do is run this program and keeps reporting it can't find it (which is no surprise.) Ran a full scan and ESS 4 found only one problem which it said "might" be a variation of a trojan. However I have had that file for five years and know it's okay. Went to quarantine to try and return it to its proper location and found three files which had all be removed at same time and assigned different names.

Question #1 How do I return this file to its original form and location.

Question #2: How do I fine the program which is trying to run so I may delete whatever needs to be deleted. Have searched for it and run CC Cleaner's registry app with no results.

Many thanks.

Gary Berns

Cudni

July 25th, 2009, 02:54 PM

what file does it want to run? what file was found as possible trojan did you let Eset know about it, in case it is false positive as you think? using CC go to tools/startup and see what is running there

gberns

July 25th, 2009, 09:46 PM

-{ Quote: "what file does it want to run? what file was found as possible trojan did you let Eset know about it, in case it is false positive as you think? using CC go to tools/startup and see what is running there" }-

I can not figure out what it is trying to run. Event viewer is no help and my startup programs are correct.

ronjor

July 25th, 2009, 10:06 PM

Use SysInspector within ESS and Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) to see what is running on your computer.

gberns

July 26th, 2009, 09:26 AM

I was mistaken when I said the problem was on the external drive. It turned out to be on the flash drive I use for ready boost under vista. I looked at it again and found autorun inf file. I have now removed it and the problem may be gone. What probably happened was that every time ready boost was used the autorun file was triggered.

Incidentally, I still have no idea how Gaviri Search got on there.