Infected file

Housecall indicates I have an infected file on my machine. The information they offered is as follows:

TROJ WINSHOWL Non-cleanable c:\m00.exe

I ran Avast, Spybot, and Ad-aware, and they came up clean. Any help in this matter would be appreciated. Thanks,

 

And what says TDS about it?

 

Jooske;

I am guessing "TDS" refers to Trojan Defense Suite, and so far you are the only one to comment as I am sure you are aware. I searched the TDS forum prior to posting, and did not find any help. If I am misinterpreting what you meant in your response, kindly correct me. Thanks,

 

Jooske;

I understand the reference you made to TDS. "Welcome to DiamondCS TDS-3." I didn't realize it cost $49 to get a question answered. I am sure it is a very good program, and I may consider purchasing it. I was under the false impression that the forum may offer some input prior to the forced sell. Thank you,

 

Jimmie... this is the support forum for TDS3, that is why Jooske asked if tds spotted this file?

I would suggest downloading TDS3 which is free for 30 days and scan to see if anything comes up, otherwise if your refering to the scan results of other trojan programs then you would be better posting in the "other trojans section" - https://www.wilderssecurity.com/forumdisplay.php?f=33 .

 

I supposed since you post in the TDS forum you are a TDS user, hence my question about scan results with TDS. TDS has a free evaluation version on the site www.diamondcs.com.au -- after installing get back there to grab the latest definitions, reboot and start TDS and let it do it's job in the full system scan swith all the options checked (under system testing > scan control)
In the end in the bottom console you can rightclick on one of the files to save to TXT and thios scandump.txt you can paste in your next posting.
Looking forward to your scan results.

 

timnicebutdim & Jooske;

Thank you both for responding. In retrospect I feel I did post in the wrong forum. Not having run the TDS program beforehand. Appreciate the clearification. I did mention in my initial post that the infection was disclosed by "Housecall", an anti-virus scanning program. I will follow the instructions that you were good enough to offer. Thanks again for your help.

 

You're welcome! and please post the scan results so we can try to help you adequately! Of course i could move this thread to another location in the forums if needed.

 

Jooske;

As you suggested, I ran TDS-3 and this is what was found:

Scan Control Dumped @ 10:51:51 14-02-05

Positive identification: TrojanDownloader.Win32.WinShow.aq
File: c:\m00.exe

Generic Detection: Possible trojan with password-stealing capability
File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\program files\online services\msn50\msnboot.exe

Positive identification: Riskware.ProcessRestart
File: c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\restart.exe

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

If you would be so kind as to direct me further, I would be most grateful.

Thank you,

 

dvk01;

The entry you questioned (Generic Detection: Possible trojan with password-stealing capability
File: c:\options\tools\reskit\netadmin\pwledit\pwledit.exe) is located in a folder c:\options\tools\reskit\netadmin\pwledit. Named "pwledit.exe".
Is that what you mean when asking "but where it is on your computer"? Do you feel it should be left alone?

The rest of your post will be followed as directed.

Thank you very much.

 

Since you found some password stealing trojans, i would also recommend downloading security task manager ( http://www.neuber.com/taskmanager/ ), its free for 30 days.

It can look at your processes and will point out things that it feels are dangerous, including keylogging programs.

 

dvk01;

Thank you and everyone else that was so thoughtful offering help. It was very much appreciated. Jim,