sas and trojan warning

Discussion in 'malware problems & news' started by mango, Sep 10, 2008.

Thread Status:
Not open for further replies.
  1. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
  2. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    You wont see this file using Windows explorer as it is located in ADS attached to system32 folder.You will only see file with tools that offer ADS detection;)

    System32:schost.exe

    the " : " denounces attachment to ADS in filepath.

    This is almost certainly malware and you should allow SAS to remove the entry:thumb:

    Here is some further reading about ADS
    http://www.windowsecurity.com/articles/alternate_data_streams.html

    HTH:)

    Ps as to why Spybot or NOD32 miss this malware then it could be due to 1 of 2 distinct reasons!
    1)They can scan ADS but do not know this malware

    or

    2)they don't scan ADS and either way even if they both had the malware in their target database it would still happily carry on undetected!
     
  3. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    ok.

    did housecleaning with sas,spybot,nod32,online like symantec,kaspersky.

    Thats enough i think
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    with SUPERAntiSpyWare you are good to go:thumb:
    i can testify that it removes 1.200 malwares in my friends computer,
    conclusion her pc is as fast as a bird now and she is happy.
     
Loading...
Thread Status:
Not open for further replies.