Housecall indicates I have an infected file on my machine. The information they offered is as follows:

TROJ WINSHOWL Non-cleanable c:\m00.exe

I ran Avast, Spybot, and Ad-aware, and they came up clean. Any help in this matter would be appreciated. Thanks,

And what says TDS about it?

Jooske;

I am guessing "TDS" refers to Trojan Defense Suite, and so far you are the only one to comment as I am sure you are aware. I searched the TDS forum prior to posting, and did not find any help. If I am misinterpreting what you meant in your response, kindly correct me. Thanks,

Jooske;

I understand the reference you made to TDS. "Welcome to DiamondCS TDS-3." I didn't realize it cost $49 to get a question answered. I am sure it is a very good program, and I may consider purchasing it. I was under the false impression that the forum may offer some input prior to the forced sell. Thank you,

Jimmie... this is the support forum for TDS3, that is why Jooske asked if tds spotted this file?

I would suggest downloading TDS3 which is free for 30 days and scan to see if anything comes up, otherwise if your refering to the scan results of other trojan programs then you would be better posting in the "other trojans section" - http://www.wilderssecurity.com/forumdisplay.php?f=33 .

I supposed since you post in the TDS forum you are a TDS user, hence my question about scan results with TDS. TDS has a free evaluation version on the site www.diamondcs.com.au -- after installing get back there to grab the latest definitions, reboot and start TDS and let it do it's job in the full system scan swith all the options checked (under system testing > scan control)
In the end in the bottom console you can rightclick on one of the files to save to TXT and thios scandump.txt you can paste in your next posting.
Looking forward to your scan results.

timnicebutdim & Jooske;

Thank you both for responding. In retrospect I feel I did post in the wrong forum. Not having run the TDS program beforehand. Appreciate the clearification. I did mention in my initial post that the infection was disclosed by "Housecall", an anti-virus scanning program. I will follow the instructions that you were good enough to offer. Thanks again for your help.

You're welcome! and please post the scan results so we can try to help you adequately! Of course i could move this thread to another location in the forums if needed.

Jooske;

As you suggested, I ran TDS-3 and this is what was found:

Scan Control Dumped @ 10:51:51 14-02-05

Positive identification: TrojanDownloader.Win32.WinShow.aq
File: c:\m00.exe

Generic Detection: Possible trojan with password-stealing capability
File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\program files\online services\msn50\msnboot.exe

Positive identification: Riskware.ProcessRestart
File: c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\restart.exe

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

If you would be so kind as to direct me further, I would be most grateful.

Thank you,

fix these 2

Positive identification: TrojanDownloader.Win32.WinShow.aq
File: c:\m00.exe

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll


right click their entry in the tds window and select delete

this one is a legitimate file that can be used for bad purposes, but where it is on your cpomputer it's likely to be legitimate
Generic Detection: Possible trojan with password-stealing capability
File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe

Ignore the other 2, they are false alarms that were fixed in todays update

However

You don't NEED the kodak software updater at all so I would uninstall that from add/remove programs in control panel

dvk01;

The entry you questioned (Generic Detection: Possible trojan with password-stealing capability
File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe) is located in a folder c:\options\tools\reskit\netadmin\pwledit. Named "pwledit.exe".
Is that what you mean when asking "but where it is on your computer"? Do you feel it should be left alone?

The rest of your post will be followed as directed.

Thank you very much.

Since you found some password stealing trojans, i would also recommend downloading security task manager ( http://www.neuber.com/taskmanager/ ), its free for 30 days.

It can look at your processes and will point out things that it feels are dangerous, including keylogging programs.

-{ Quote: "dvk01;

The entry you questioned (Generic Detection: Possible trojan with password-stealing capability
File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe) is located in a folder c:\options\tools\reskit\netadmin\pwledit. Named "pwledit.exe".
Is that what you mean when asking "but where it is on your computer"? Do you feel it should be left alone?

The rest of your post will be followed as directed.

Thank you very much." }-

Yes Jimmy

that folder is a legitimate folder in mnay installations or windows

TDS is right in flagging it as pwledit.exe can be used to steal passwords, but it is designed to allow the user to change and alter passwords

http://www.infoworld.com/cgi-bin/displayNew.pl?/livingst/990111bl.htm

if you didn't knowingly install it then by all means delete it

some installations copy the entire Windows CD to disc & it looks like that is what has happened in your case and it's your choice of whether you want it to be there or not along with the remainder of the tools in the reskit folder. All are useful, but all also can be used maliciously as can most windows tools

dvk01;

Thank you and everyone else that was so thoughtful offering help. It was very much appreciated. Jim,