Housecall indicates I have an infected file on my machine. The information they offered is as follows: TROJ WINSHOWL Non-cleanable c:\m00.exe I ran Avast, Spybot, and Ad-aware, and they came up clean. Any help in this matter would be appreciated. Thanks,
Jooske; I am guessing "TDS" refers to Trojan Defense Suite, and so far you are the only one to comment as I am sure you are aware. I searched the TDS forum prior to posting, and did not find any help. If I am misinterpreting what you meant in your response, kindly correct me. Thanks,
Jooske; I understand the reference you made to TDS. "Welcome to DiamondCS TDS-3." I didn't realize it cost $49 to get a question answered. I am sure it is a very good program, and I may consider purchasing it. I was under the false impression that the forum may offer some input prior to the forced sell. Thank you,
Jimmie... this is the support forum for TDS3, that is why Jooske asked if tds spotted this file? I would suggest downloading TDS3 which is free for 30 days and scan to see if anything comes up, otherwise if your refering to the scan results of other trojan programs then you would be better posting in the "other trojans section" - https://www.wilderssecurity.com/forumdisplay.php?f=33 .
I supposed since you post in the TDS forum you are a TDS user, hence my question about scan results with TDS. TDS has a free evaluation version on the site www.diamondcs.com.au -- after installing get back there to grab the latest definitions, reboot and start TDS and let it do it's job in the full system scan swith all the options checked (under system testing > scan control) In the end in the bottom console you can rightclick on one of the files to save to TXT and thios scandump.txt you can paste in your next posting. Looking forward to your scan results.
timnicebutdim & Jooske; Thank you both for responding. In retrospect I feel I did post in the wrong forum. Not having run the TDS program beforehand. Appreciate the clearification. I did mention in my initial post that the infection was disclosed by "Housecall", an anti-virus scanning program. I will follow the instructions that you were good enough to offer. Thanks again for your help.
You're welcome! and please post the scan results so we can try to help you adequately! Of course i could move this thread to another location in the forums if needed.
Jooske; As you suggested, I ran TDS-3 and this is what was found: Scan Control Dumped @ 10:51:51 14-02-05 Positive identification: TrojanDownloader.Win32.WinShow.aq File: c:\m00.exe Generic Detection: Possible trojan with password-stealing capability File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe Positive identification <Adv>: Possible WebDownloader File: c:\program files\online services\msn50\msnboot.exe Positive identification: Riskware.ProcessRestart File: c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\restart.exe Positive identification (DLL): Adware.MiniBug (dll) File: c:\program files\aws\weatherbug\minibugtransporter.dll If you would be so kind as to direct me further, I would be most grateful. Thank you,
fix these 2 Positive identification: TrojanDownloader.Win32.WinShow.aq File: c:\m00.exe Positive identification (DLL): Adware.MiniBug (dll) File: c:\program files\aws\weatherbug\minibugtransporter.dll right click their entry in the tds window and select delete this one is a legitimate file that can be used for bad purposes, but where it is on your cpomputer it's likely to be legitimate Generic Detection: Possible trojan with password-stealing capability File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe Ignore the other 2, they are false alarms that were fixed in todays update
However You don't NEED the kodak software updater at all so I would uninstall that from add/remove programs in control panel
dvk01; The entry you questioned (Generic Detection: Possible trojan with password-stealing capability File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe) is located in a folder c:\options\tools\reskit\netadmin\pwledit. Named "pwledit.exe". Is that what you mean when asking "but where it is on your computer"? Do you feel it should be left alone? The rest of your post will be followed as directed. Thank you very much.
Since you found some password stealing trojans, i would also recommend downloading security task manager ( http://www.neuber.com/taskmanager/ ), its free for 30 days. It can look at your processes and will point out things that it feels are dangerous, including keylogging programs.
Yes Jimmy that folder is a legitimate folder in mnay installations or windows TDS is right in flagging it as pwledit.exe can be used to steal passwords, but it is designed to allow the user to change and alter passwords http://www.infoworld.com/cgi-bin/displayNew.pl?/livingst/990111bl.htm if you didn't knowingly install it then by all means delete it some installations copy the entire Windows CD to disc & it looks like that is what has happened in your case and it's your choice of whether you want it to be there or not along with the remainder of the tools in the reskit folder. All are useful, but all also can be used maliciously as can most windows tools
dvk01; Thank you and everyone else that was so thoughtful offering help. It was very much appreciated. Jim,