Ewido detected Download.Agent.Fm

Discussion in 'ewido anti-spyware forum' started by hkedi, Jun 9, 2007.

Thread Status:
Not open for further replies.
  1. hkedi

    hkedi Registered Member

    Joined:
    May 24, 2007
    Posts:
    5
    My ewido anti spyware has recently scanned out this malware in my computer.

    There is no describtion on viruslist.com and seems there is no solution on how to remove this virus yet.

    It is in C:/documents and settings/ Administrator/ Local Settings / Temporary Internet Files/ Content.IE5/ ULRWPEJE / b(1). htm

    I tried to delete it, but after I restart my PC it comes out again
    Therefore, I can only quarintine it
    However, since quarintine is not a good solution, could any nice person here teaches me how to remove it?

    Thank you for reading this and at last I would like to say thx again for people who teach me to delete another malware one month ago.
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    From what I can see it's a file located in your temporary internet files folder. Seems your browser is opening a web site with an exploit/drive-by download (probably). Has your browser been hijacked? Or perhaps the exploit/drive-by download is located on a web site you frequently visit? The point is, a browser must be opening a site for you to get this file onto your hard drive (in the temporary internet files folder).

    On the other hand, it could be a false positive. Try locating the file "b(1).htm" in the C:\Documents and settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ULRWPEJE\ and uploading it to VirusTotal or Jotti's online malware scan or Virus.Org
     
  3. hkedi

    hkedi Registered Member

    Joined:
    May 24, 2007
    Posts:
    5
    Sorry. I am not good at computers, wat is meaning by false positive?
    And yes it is in temporary folders, how do you think is the best way to delete it?
     
  4. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    False positive means False Detection... Meaning a clean file could have been in-properly detected as malware and it should be removed from the database.
     
Thread Status:
Not open for further replies.