Detection: Skywriter.exe

Discussion in 'NOD32 version 2 Forum' started by Martijn2, Sep 27, 2006.

Thread Status:
Not open for further replies.
  1. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    Hi all,

    everytime if i scan the documents and settings file i get this detection:

    http://img301.imageshack.us/img301/4678/nod32lu4.jpg

    NOD32 says it can be deleted, but there's no option to press that as you can see (only 'No action' ). The strange thing is, is that if i look the file up, it's empty.
     
  2. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    Update: i detected the file itself as a hidden application and deleted it. Strange thing is that now when i have the option on for showing hidden files, there's also a strange document on my desktop named Ghost with 15 showing in it.
     
  3. ASpace

    ASpace Guest

    Hello !

    Check your NOD32 settings and make sure you configure them as per Blackspear's tutorial here

    Make sure your NOD32 is fully updated by pressing the update buttom from Control Panel -> Update -> Update now

    Download , install , run and update Lavasoft's Ad-Aware se Personal here

    Boot your computer into Safe Mode (instructions how-to here) .

    In Safe Mode , start Ad-Aware se Personal and perform full scan and clean of all your hard drive(s) . Eliminate the infections found

    After that goto Start->Programs->ESET->NOD32 , in the "Profiles" tab make sure you use Control Center profile and perform full Scan&Clean of your hard drive

    Restart and report back your results ! :D :thumb:

    Regards!
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    WhenU.SaveNow is bundled with BSplayer and some other software. It used to be detected as adware, but it will need to be reclassified as soon as we add a new category for such unwanted applications.
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Reclassified to what? Sorry, I didn't understand your post. Did you reffer to changing its label to Adware.WhenU.SaveNow dropping the Win32 part or what ?
     
  6. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
  7. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    Hi all,

    thanks for the reply. Amon detected the file and quarantined it (typed it wrong, i didnt delete it). Do you guys also know what made the ghost text file on my desktop? (that's also hidden)
     
  8. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
  9. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    Thanks for the help. I scanned with ad-aware and came up clean.:thumb:
     
  10. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    You can try scanning with spybot search and destroy, with the latest update installed.

    Can you show us the file on your desktop.
     
  11. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    i already scanned with a-squared and came up clean with that also. This is the image:

    http://img70.imageshack.us/img70/3630/naamloosvn1.jpg

    File is about 4 kb large.. strange that it showed up there (as the skywriter.exe, that also was hidden)
     
  12. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    try to see its properties...maybe you can find something there. ;)
     
  13. ASpace

    ASpace Guest

    Hi . You are welcome !

    Let me first start that after you scanned with NOD32 , Ad-Aware , A-squared , you are less likely to be infected so this "Ghost" file is probably not a part from malware . I would also suggest you see at its properties and see when it was created or ignore/delete it since it is not something important , I believe :thumb:
     
  14. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    Sorry for the late reaction. The ghost textfile was just a few bytes large, so i deleted it. Thanks for the help all :thumb:
     
  15. ASpace

    ASpace Guest

    You are welcome !
    Thank you for letting us know ! :thumb:
     
Thread Status:
Not open for further replies.