I was recently infected with a FakeAV virus that was successfully removed with the kind assistance of Fireman4it. The following link describes what we did, if anyone is interested: See Forum Topic 316516 Here (Be aware that it's a rather lengthy topic).
Since then, I've learned more about malware -- in particular, NTFS Alternate Data Streams, which provides a rather nasty place to hide certain files. I ran ADS Spy which reported 57 ADS files on my system.
All but one are harmless "favicon" ADS files attached to various .url files located in c:\documents and settings\...\favorites.
However, I'm concerned about one ADS file called "5C321E34" that is attached to an otherwise empty TEMP directory:
c:\documents and settings\all users\application data\TEMP : 5C321E34 (size 118 bytes).
I don't know if this file is malware or not. I can't display its file contents. Since it's only 118 bytes it may be harmless. I'm tempted to just delete the TEMP directory. Do you have any suggestions?
I should also add that I'm running Win XP SP3.
Edited by paliden, 30 May 2010 - 11:34 PM.