Discussion in 'ewido anti-spyware forum' started by MagicMa, Aug 19, 2006.
I'm new so testing but would like to know what a 'trace' is. ewido tells me I have two. Thank you
I can't comment on your specific findings since you give no details of file path, name of finding, etc.
However, speaking in general terms, when you get infected a lot of junk files can be deposited on your system, together with a multitude of Registry entries. When you clear the infection it may be that the tools you use will deal with the core file, and most important Reg changes, whilst leaving behind a certain amount of debris. This latter can be picked up at a later date as 'traces'.
In other words, it is not suggested that you have an active infection installed and running in memory, rather that you have, for example, a Registry entry that is nomally associated with malware. Traces are thus items ancillary to infection rather than 'core' files.
Hi Topper, thank you for your prompt reply. When they show up again, which they do each time I use ewido, I will note the path.
I recently had a new Computer with my old files transferred, so maybe this will account for these 'traces'
I will get back to you, if you don't mind. Thanks again. MagicMa
Hi again Topper, this morning when I ran ewido there were 6 traces. All the same really each start with :mozilla.11 then 18 25 97 98 99 then continue with the same wording:
C:\Documents and settings\FranMarsh\Application Data\Mozilla\Firefox\Profiles\rjttwf29.default\cookies
A little bit of background info: I upgraded from Windows Me to XP completely new computer in June. Previously I had been using Internet Explorer but changed to Mozzila Firefox with new machine. All my files etc were transferred.
I have not had more than two of these traces before but usually I have run all my other security things. AVG had already updated. But I have not done AdAware, nor Spybot yet this morning. I also have ZoneAlarm - all up to date.
I hope this gives enough information for you to decide whether I need to get rid of these traces completely and how?
Many thanks MagicMa
I don't think this is something you need to worry about, I think there is problem in the way ewido handles the cookie folder in Firefox. I don't use Firefox myself so I can't confirm what is happening, but have a look at these threads and see if they help:-
OK Topper, I will have a look at the links. Many thanks MagicMa
Hi Topper, thought I would come back to you on here.
I checked the threads you gave and followed the info in the RACHET thread.
Found the cookie file in Profiles and deleted the relevant one.
Did a rescan - all the orginal traces had gone but there were two new items - a new trace one C\Recylcer|S-1-5-21 -(then a load of long numbers)\Dc3.txt.
The other things were Tracking Cookies - Adviva and Atmt.
Anyway I got rid of those as well.
Then I scanned with Spybot and AdAware both clean.
Just rescanned with Ewido - all clean!!
So a good result at the moment. Many thanks MagicMa. See what tomorrow brings. Cheers.
The recycler is the recycle bin - empty that and they are gone.
To avoid these sort of findings in future, you may care to use CCleaner before you do a scan with ewido or your AV. That will clean out all your temp locations and cookies etc (though you can elect, in the options section, to save any cookies you wish to keep):-
Thanks again Topper, I will give ccleaner a try too. MagicMa
Separate names with a comma.