Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MM2048.DAT (Trojan.Agent)/ Moved


  • Please log in to reply
28 replies to this topic

#1 aland08

aland08

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 March 2009 - 12:26 PM

Hi,

I recently turned on a computer that has been off for a few years. Updated everything, including my CA Anti Virus & Spy. No threats detected during scan. I decided to download Malwarebytes about a week later just as another precaution and of course, it found a couple of issues. Gotta love Malwarebytes! Anyway, enough smoke The following files were detected & deleted successfuly but despite my research, I cannot find out much about the type of infections. Can anyone tell me more about these infections? How serious are they, etc? I did fid the following info on the Microsoft site:

"The Mm256.dat and Mm2048.dat files are cache files used by Internet Explorer. When you visit a Web page, Internet Explorer assigns the Web address a unique identification number and searches the Mm256.dat and Mm2048.dat files for that identification number. If the Web page's identification number is found, the contents of the Web page are stored locally on your computer's hard disk and Internet Explorer uses the locally stored content instead of downloading the information from the Internet. If the Web page's identification number is not found, the contents of the Web page must be downloaded from the Internet. This occurs if you have not visited the Web page before, the Web page has changed, or the Web page's identification number has expired. When the Web page's content has been downloaded to the hard disk, the Mm256.dat or Mm2048.dat file is updated with the Web page's identification number.

The Mm256.dat file is used to store the identification numbers of Web pages whose Web addresses are equal to or less than 256 characters. The Mm2048.dat is used to store the identification numbers of Web pages whose Web addresses are between 257 and 2048 characters."

My Infected Files/Log:

Files Infected:
C:\Documents and Settings\Administrator\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks, Alan

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:15 AM

Posted 04 March 2009 - 06:11 PM

Hello aland08,

I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum as no specialized logs have been posted.

It appears that the three log lines you posted are from MBAM. Please post the entire log. Also, please tell us what your operating system is: Windows XP, Vista, etc.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 March 2009 - 06:43 PM

Orange,

Thanks for the reply! I will post the entire log file below, although it's not much, system was clean otherwise. The operating system is XP pro, about 5 years old but I recently updated Windows, Antivirus & Antispyware & a few other programs. My CA Antivirus & Spy didn't pick this issue up, only Malwarebytes. Just want to be sure it was nothing serious. My CA Antispy did however pick up a few other issues. The Kooly Noody & the GoToMyPC Commercial Rat. Maybe you could check those out as well. Thanks!

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/3/2009 7:45:13 PM
mbam-log-2009-03-03 (19-45-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119366
Time elapsed: 34 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.


AND

CA Anti-Spyware Log Report
This report was generated on: 3/4/2009-6:37:24 PM

2/25/2009-8:22:00 PM , Quarantined , GoToMyPC , Commercial RAT , Key "hkey_local_machine \software\citrix\gotomypc" , -1
3/4/2009-12:00:16 PM , Deleted , Ad.YieldManager.com Cookie , Tracking Cookie , Cookie "alan@ad.yieldmanager[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@ad.yieldmanager[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , adrevolver.com , Tracking Cookie , Cookie "alan@adrevolver[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@adrevolver[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , adrevolver.com , Tracking Cookie , Cookie "alan@media.adrevolver[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@media.adrevolver[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , Advertising.com , Tracking Cookie , Cookie "alan@advertising[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@advertising[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , AtlasDMT.com , Tracking Cookie , Cookie "alan@atdmt[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@atdmt[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , Casalemedia , Tracking Cookie , Cookie "alan@casalemedia[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@casalemedia[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , Com.com , Tracking Cookie , Cookie "alan@com[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@com[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , DoubleClick , Tracking Cookie , Cookie "alan@doubleclick[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@doubleclick[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , lycos.com , Tracking Cookie , Cookie "alan@lycos[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@lycos[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , webtrends.com , Tracking Cookie , Cookie "alan@m.webtrends[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@m.webtrends[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , quantserve.com , Tracking Cookie , Cookie "alan@quantserve[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@quantserve[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , QuestionMarket.com , Tracking Cookie , Cookie "alan@questionmarket[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@questionmarket[1].txt" , -1
3/4/2009-12:00:16 PM , Deleted , revsci.net , Tracking Cookie , Cookie "alan@revsci[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@revsci[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , Tacoda cookie , Tracking Cookie , Cookie "alan@tacoda[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@tacoda[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , TribalFusion.com , Tracking Cookie , Cookie "alan@tribalfusion[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@tribalfusion[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , Tripod , Tracking Cookie , Cookie "alan@tripod[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@tripod[2].txt" , -1
3/4/2009-12:00:16 PM , Deleted , xiti.com , Tracking Cookie , Cookie "alan@xiti[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@xiti[1].txt" , -1
3/4/2009-3:19:14 PM , Quarantined , KoolyNoody , Downloader , Key "hkey_users \CAHive_S-1-5-21-2387315076-2837557775-1347746366-1008\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net" , -1
3/4/2009-3:19:14 PM , Quarantined , KoolyNoody , Downloader , Key "hkey_users \S-1-5-21-2387315076-2837557775-1347746366-1006\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net" , -1
3/4/2009-3:19:14 PM , Quarantined , KoolyNoody , Downloader , Key "hkey_users \S-1-5-18\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net" , -1
3/4/2009-3:19:15 PM , Deleted , 247RealMedia.com , Tracking Cookie , Cookie "alan@247realmedia[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@247realmedia[2].txt" , -1
3/4/2009-3:19:15 PM , Deleted , adlegend.com , Tracking Cookie , Cookie "alan@adlegend[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@adlegend[2].txt" , -1
3/4/2009-3:19:15 PM , Deleted , AtlasDMT.com , Tracking Cookie , Cookie "alan@atdmt[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@atdmt[2].txt" , -1
3/4/2009-3:19:15 PM , Deleted , Com.com , Tracking Cookie , Cookie "alan@com[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@com[1].txt" , -1
3/4/2009-3:19:15 PM , Deleted , quantserve.com , Tracking Cookie , Cookie "alan@quantserve[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@quantserve[1].txt" , -1
3/4/2009-3:19:15 PM , Deleted , revsci.net , Tracking Cookie , Cookie "alan@revsci[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@revsci[1].txt" , -1
3/4/2009-3:19:15 PM , Deleted , TribalFusion.com , Tracking Cookie , Cookie "alan@tribalfusion[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@tribalfusion[2].txt" , -1
3/4/2009-6:20:38 PM , Deleted , Ad.YieldManager.com Cookie , Tracking Cookie , Cookie "alan@ad.yieldmanager[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@ad.yieldmanager[2].txt" , -1
3/4/2009-6:20:38 PM , Deleted , quantserve.com , Tracking Cookie , Cookie "alan@quantserve[2].txt" File "C:\Documents and Settings\Alan\cookies\alan@quantserve[2].txt" , -1
3/4/2009-6:20:38 PM , Deleted , QuestionMarket.com , Tracking Cookie , Cookie "alan@questionmarket[1].txt" File "C:\Documents and Settings\Alan\cookies\alan@questionmarket[1].txt" , -1
***End Report***

Edited by aland08, 04 March 2009 - 06:46 PM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:15 AM

Posted 04 March 2009 - 07:19 PM

Hello there,

Thanks for posting those logs. Most of what they flagged, including MBAM, were tracking cookies. Tracking cookies are not a threat, but there are privacy concerns. Tracking cookies are a kind of third party cookie. You can read more about the kind of cookies and how to block unwanted cookies in IE in this post: http://www.bleepingcomputer.com/forums/ind...st&p=702871

The links he provides will tell you how to block third party cookies in IE.

If you use Firefox, you can set it up to block unwanted and unneeded cookies this way:

Click on Tools --> Options --> Privacy

Make sure there is a check mark by "Accept Cookies from Sites." Then in the box just below, make sure the window says "Ask me every time."

What this will do is that every time a site wants to put a cookie on your computer, a little window will pop up asking you if you want to accept it. The first time it shows up, click on "Show details". From then on, except when you reinstall Firefox or in some instances update it, the details will always be shown. There you can see who wants to put it on your computer and whether it is a session cookie or a permanent cookie.

You can add the site to your black list or white list by putting a check mark Use my choice for all cookies from this site and clicking on Deny which adds it to the black list or Allow for session or Allow. The latter choice means that any permanent cookies will stay on your computer until they expire or you delete them. The former choice means that the cookies will always go away when you close your browser. Either way, the sites will be added to the white list.

You can see what cookies are installed by clicking on the Show Cookies button on the privacy screen where you set the cookie options. When you click on Exceptions you will see the list of sites blocked from or permitted to set cookies. You can manually add sites to the block or allow list here, and you can also remove sites from the list.

Security programs such as Spywareblaster - prevents spyware from being installed on your PC. - Tutorial: Using SpywareBlaster will add many sites to the block list to protect you from tracking cookies.

There are a couple items in your logs, though, that are NOT tracking cookies. I'll want another set of eyes to look at them and either confirm or refute my hunch.

By any chance, do you have such programs as SpywareBlaster or Spybot installed on this machine? Both these programs add items to the Zonemap in the registry to block various bad sites. The following items MIGHT be such entries and thus false positives; however, I do not know this for sure so I want someone more knowledgeable than I to look at this.

3/4/2009-3:19:14 PM , Quarantined , KoolyNoody , Downloader , Key "hkey_users \CAHive_S-1-5-21-2387315076-2837557775-1347746366-1008\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net" , -1
3/4/2009-3:19:14 PM , Quarantined , KoolyNoody , Downloader , Key "hkey_users \S-1-5-21-2387315076-2837557775-1347746366-1006\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net" , -1
3/4/2009-3:19:14 PM , Quarantined , KoolyNoody , Downloader , Key "hkey_users \S-1-5-18\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net" , -1


Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:15 AM

Posted 04 March 2009 - 07:35 PM

http://www.ca.com/us/securityadvisor/pest/...px?id=453134322


Looks like an older infection, the w w w .koolynoody.net has been taken down?

Maybe just broken remnants from a driveby malware
Chewy

No. Try not. Do... or do not. There is no try.

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:06:15 AM

Posted 04 March 2009 - 08:00 PM

I agree... maybe something leftover from your earlier usage. It will not hurt to try another scan.

Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 March 2009 - 09:21 PM

Wow! Thanks everyone for the help...

Orange - Yes...had old version of Spybot & downloaded it again today but then deleted. Seems like ever since I downloaded it, everything ran slower! The cookies were not what I was worried about...I do appreciate your thoroughness however.

Rigel- I will be doing all that you suggest tonight...stay tuned. Interestingly, the downloader that CA picked up today seems to be new, unless the quick antispy scan didn't catch it. I found it through a complete spyware scan. And...it picked it up after I downloaded Spybot, which I have since removed. Read above...

Stay tuned...

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:15 AM

Posted 04 March 2009 - 09:57 PM

And...it picked it up after I downloaded Spybot,


Bingo. Those are false positives. I just completed a search in my registry, and I have those same entries CA flagged in my registry. What led me to suspect that they were false positives was the presence of the word "zonemap" in each of the registry strings in proper location for same. You will likely notice the same sites listed in the restricted zone of IE if the keys are still present.

You mentioned that Spybot slowed down your system. Per chance, did you have TeaTimer activated? If you did, that would do some slow down of the system. You can install the program without Teatimer, or you can install Teatimer but you can deactivate it. Also, which version of Spybot did you install? I have it installed on my system not so much as a spyware scanner but as a spyware prevention tool as it blocks some baddies that other programs don't list in their databases increasing the protection level.

That said, I'd still follow rigel's instructions. SuperAntiSpyware is an excellent program and spots things that others miss.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 AdvancedSetup

AdvancedSetup

  • Security Colleague
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 04 March 2009 - 10:23 PM

http://www.malwarebytes.org/forums/index.p...ost&p=61443

#10 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 March 2009 - 10:24 PM

Orange,

Thanks again....what about these...

Files Infected:
C:\Documents and Settings\Administrator\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

I know that they seem to be cookies but yet infected, no?

And, I recall the teatimer promt but do not recall which option I chose. Let me search for any remanants of that while I am at it. Thanks again. Going to perform rigels stuff now...will keep you apprised

#11 AdvancedSetup

AdvancedSetup

  • Security Colleague
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 04 March 2009 - 10:37 PM

The only DAT file that should be there on a RECENT IE is INDEX.DAT with a SYSTEM and HIDDEN attribute.
MBAM did not take into account that your system was that old and out of date on Microsoft updates.


Description of the Mm256.dat and Mm2048.dat Files
  • APPLIES TO
  • Microsoft Internet Explorer 1.0
  • Microsoft Internet Explorer 2.0
  • Microsoft Internet Explorer 3.0
  • Microsoft Internet Explorer 3.01
  • Microsoft Internet Explorer 3.02
  • Microsoft Internet Explorer 3.2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 4.01 128-Bit Edition
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5

    Retired KB Content Disclaimer
    This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Additional KB articles also explaining these files are form VERY OLD software and are not valid for an UP TO DATE OS.
http://support.microsoft.com/kb/237839
http://support.microsoft.com/kb/183506

#12 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 March 2009 - 10:46 PM

Actually, my system has been updated. It took almost 3 hours to download all available microsoft updates but it was done days before scanning with Malwarebytes. I also upgraded from IE6 to IE7. So is it possible that these were old files & if so, can you explain the Trojans?

Thanks!

#13 AdvancedSetup

AdvancedSetup

  • Security Colleague
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 04 March 2009 - 11:08 PM

The term Trojan in this sense is generic. Basically only that those files don't belong there. Updating often does not remove all old files.

As long as all new scans come back clean including from an Anti-Virus program you should be just fine.

#14 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 March 2009 - 11:16 PM

Thanks....good to know as I thought I was infected although I still don't completely understand the "generic" Trojan file.

Scan per rigel still running....

#15 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 05 March 2009 - 12:27 AM

rigel and everyone,

Ok...the scan is finally done & no issues! I cannot show you a log because there is no log. Unless I am missing something, I think I'm good, yes? From the info I received from everyone in this forum, I don't believe I ever had a problem. That's what I was looking for...information. Someone to explain to me what exactly the detections were. I appreciate all of your help & I discovered a couple of new maintenance tools as well. While I was waiting for the scan to complete on computer 2, I was researching drive cleaners & anti-spyware & found both of your recommendations to be good choices based on the reviews that I read. Thank you again. This was my first time in this forum & I will most definately come back!

Alan

ps- let me know if I am overlooking an issue

pps- rigel- Can I delete the exe application file for Superantispyware?

Edited by aland08, 05 March 2009 - 12:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users