HI there,

Running XP pro sp2 on a P3 850 with 512ram. XP firewall is functioning and I am also behind a router. My IE privacy tab is set to "prompt" for third party cookies and I block the unwanted ones as they occur (sad but it pleases me. lol).

I noticed the computer "labouring" when I was browsing. I looked in task manager and noticed a higher usage of IEXPLORE.exe than I'd noticed before. I ran Adaware and Spybot, and AVG all with latest defintions and found nothing so I restarted in safe mode and repeated this and Adaware detected and removed a Win32 Trojan downloader. Then I cleared the internet offline files and unessary cookies.

At this point I realised I'd forgotten to set the Tools, View options to show hidden files etc so I did that and re-ran Adaware, Spybot, AVG and Ewido ( which I'd downloaded for good measure) in both normal and safe mode. Nothing found this time.

I ran scandisc and it reported a few minor inconsistancies which it repaired. The computer seems to be a little slower still but I havent as yet defragmented ( which it needs) as I wasnt sure whether it would "hide" any traces of the malware. I installed the latest XP security updates and the monthly malware check made no finds.

Will there be any registry entries ( Adaware removed 1) left behind? If so what do I search for. Also can I be sure the computer is now "clean" or would you recommend further procedures.

Thanks.

Hi again,

I just read in the breaking news that Adaware is giving false positives. I am now using SE1R123 Internal build : 151 so have I just had a false alarm? If so can someone put my mind at rest.

Thanks again.

Internal build 151 is the latest and was released on 9/14/06 to fix another FP after Lavasoft fixed five others. See here.

If all your subsequent scans found nothing then you should be in good shape. However, you can always run an online scan using Trend Micro Housecall to double check.

Then its time to do some cleaning and defrag which you reported needs to be done. Also read over Slow Computer?, Use this troubleshooting checklist. You may have already done some of the steps but there are more tips.

Hi there and thanks for your response.

Adaware removed these on the earlier internal build scan:-

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

and

DIAREMOVER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : S-1-5-21-1229272821-436374069-1957994488-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Should I restore these files as they were false positives?

Thanks.