brillo
Apr 25 2006, 01:40 PM
Could someone advise soon? McAfee just reported this virus, New Poly Win32 in Temp file and it "cannot be cleaned". I happen to also be scanning with online version of BitDefender right now, 10 minutes till finished. Is this report from McAfee an artifact of BitDefender scan or is it real? and how do I respond? BitDefender, BTW, reports no viruses found at 121118 files checked of 131077 total.
BitDefender now finished, half hour later, no problems found. McAfee continues to report New Poly Win32 in C:\Documents and Settings\Rob\Local Settings\Temp\tmp00007697. When I go to C:\Documents and Settings\Rob\Local Settings\Temp, but I can't find tmp00007697. Why?
Again, Thanks for a prompt response.
Rob
Starbuck
Apr 25 2006, 03:59 PM
I've been looking in to this and the most popular comment i can find is this........
QUOTE
I dont even think its a virus?..Mcafee seem the only ppl who pick it up?..interesting? My bet is its part of a program??
Some comments from others would be helpful
quietman7
Apr 25 2006, 04:32 PM
QUOTE
I can't find tmp00007697. Why?
Reconfigure Windows XP to show hidden files, folders and extensions commonly used by Trojans and Spyware to remain hidden. To do this go to
Folder Options >
View tab and enable "
Show hidden files and Folders", be sure to
UNCHECK "
Hide Protected operating system Files (recommended)" and hit
Apply > OK.
When done, follow the same procedure to hide these files and folders again to protect them from accidental deletionAnother thing you can do is go to
jotti.orgBrowse to the location of the suspicious file and submit [upload] it for scanning/analysis.
QUOTE
This Bagle variant has been mass spammed and arrives in a ZIP file. It is heuristically detected as 'Virus or variant New Poly Win32' by 4424 DATS and above.
Secunia AdvisoriesAlso see:
eTrust Spyware Encyclopedia