something strange...

...happened to me a few hours ago.
Just started surfing: AVG& running, firewall up, TDS-3 with execution protection doing its bit to keep me safe and sound. Suddenly the ZoneAlarm Pro screen flashed into view and everything froze. All programs indicated Not Responding
Rebooted, and ran some tests. Nothing showed as a nasty, but TDS-3 gave me a message i hadn't seen before.
The screen informed me,immediately after the
[CRC 32] scan (and it verified 31 files, as expected)
of the following

[locked file] couldn't open c:\documents and settings\me\application data\b??t?g.exe for read access file is locked
Navigated to the location and discovered that the .exe had been created only minutes ago. Well, the file is gone now, though I had to remove it manually after closing it via ctrl+alt+delete. Oddly enough, it still doesn't show as dangerous/suspect/whatever on any scans i make of it.

Ant suggestions as to what the wretched thing might represent?

Confusedly,

V

 

It would have been really nice if you'd SUBMITTED THE FILE TO DCS - BEFORE - MANUALLY DELETING IT!

Kind of hard to help/tell you anything without a copy of whatever it was.

 

Yes, please zip and submit and after you can delete the thing;
did TDS scan find other things?
What were you doing the moment the thing happened, opening an email, visiting a site, anything you remember?
Maybe AVG alarm didn't show up but blocked the access to the file.
During a scan with TDS for instance it is necessary to disable AVG completely. If another program like AVG is protecting a file TDS has no access to it to scan it and you'll see that "locked".
So in your next TDS scan please do it without AVG. Hope you'll find nothing bad anymore. Was b??t?g.exe the name it gave or didn't you quite remember what it was? Is it still in the recyclebin or deleted from there as well?

 

Yes, maybe, but when people are suddently hit like that, the majority just want it OFF their PC without thinking about submitting, so I can understand the poster just wanting it gone.

Cheers, TAS

 

Sure Tas, it would be my first idea too, absolutely, certainly with that complete system lock -- but after the first shock (maybe because of being used to TDS finding unexpected alarms at times over the many years of using it) i would try to locate and zip it so it can't do any harm (after having first of all stopped that nasty process of course!!
Think you did the right steps:
locating the running process, stopping it, deleting it.
Did you dio in the mean time a full system scan with TDS and maybe one of the online scanners? And of course SpybotS&D and whatever you feel to, but in all cases please have AVG closed including it's resident protection during those scans.
Can you see in your ZAPro log file what happened around that time, a portscan on a certain port maybe, something with your mailsafe?
Trying to analyse what happened, does ZAPro see the AVG scanner as anti-virus? Could it have been the combined protection with ZAPro and AVG immediately locking that file for all further access? Expecting such an event written somewhere, maybe even in the windows event log!
Did ZAPro lock the system because of an illigal intrusion or whatever what was happening?

One other thing:
did you disable system restore and reboot and enable it again, creating manually a new restore point, to avoid re-infection with whatever it might have been?

Please post back how it goes now and what you might have found!
If all scans are further ok, then you might trust it, and you might like to use HiJackThis to look into your log if there is anything unexpected.

 

Dear peeps,

Yup, in retrospect my reaction reeks of...well, panic, not to put too fine a point in it. I thought that I had provided myself with the equivalent of a cyber chastity belt, and when things went pear-shaped I did take the EEEEK! option, which was not well advised.
Thank you for taking the time to respond, and for throttling back on the sighing and eye-rolling. I will say that the episode erupted immediately after I had closed a pop-up (maybe clicked on the wrong area out of carelessness?) and that the file concerned seemed to have a greek character wherever TDS showed the ? -Certainly the filename looked odd. Unfortunately in the course of my frenzied attacks on the beastie I also chucked the thing out of recycle. hell, I'd prolly have stamped on it if I had been able to
Can I close by observing that this was the first time in 2 years that TDS-3 did other than hold my hand and reassure me by kicking trojan/whatever butt; so yes, was I shocked to encounter something that caused such ructions. Even then, the prog alerted me to look in the right place to start the disinfection process.
I shall sort around and assemble such logs as might be relevant to see if any useful info can be salvaged, and thanks once again, particularly for the advice re AVG7.

Love'n'Kisses

V

 

Must have been the ZaPro safety system Lock, it's somewhere in it's settings, when it happens certainly scaring, but all possible damage prevented.
I thought the system lock only disconnected immediately all internet traffic and leaving you the chances to do your stuff, had not thought of a complete freezing.

BTW: the EEEEK! option doesn't sound very convincing in TDS. Type in the bottom
speak "EEEEEEK!"
and listen to the result.