Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Immediate Response!


  • Please log in to reply
3 replies to this topic

#1 brillo

brillo

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Location:Terrebonne, Oregon
  • Local time:03:22 PM

Posted 25 April 2006 - 01:40 PM

Could someone advise soon? McAfee just reported this virus, New Poly Win32 in Temp file and it "cannot be cleaned". I happen to also be scanning with online version of BitDefender right now, 10 minutes till finished. Is this report from McAfee an artifact of BitDefender scan or is it real? and how do I respond? BitDefender, BTW, reports no viruses found at 121118 files checked of 131077 total.

BitDefender now finished, half hour later, no problems found. McAfee continues to report New Poly Win32 in C:\Documents and Settings\Rob\Local Settings\Temp\tmp00007697. When I go to C:\Documents and Settings\Rob\Local Settings\Temp, but I can't find tmp00007697. Why?

Again, Thanks for a prompt response.

Rob

Edited by brillo, 25 April 2006 - 02:22 PM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:22 PM

Posted 25 April 2006 - 02:21 PM

Try running McAfee in "SAFE MODE".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:22 PM

Posted 25 April 2006 - 03:59 PM

I've been looking in to this and the most popular comment i can find is this........

I dont even think its a virus?..Mcafee seem the only ppl who pick it up?..interesting? My bet is its part of a program??

Some comments from others would be helpful

BBPP6nz.png


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:22 PM

Posted 25 April 2006 - 04:32 PM

I can't find tmp00007697. Why?

Reconfigure Windows XP to show hidden files, folders and extensions commonly used by Trojans and Spyware to remain hidden. To do this go to Folder Options > View tab and enable "Show hidden files and Folders", be sure to UNCHECK "Hide Protected operating system Files (recommended)" and hit Apply > OK. When done, follow the same procedure to hide these files and folders again to protect them from accidental deletion

Another thing you can do is go to jotti.org
Browse to the location of the suspicious file and submit [upload] it for scanning/analysis.

This Bagle variant has been mass spammed and arrives in a ZIP file. It is heuristically detected as 'Virus or variant New Poly Win32' by 4424 DATS and above.

Secunia Advisories

Also see: eTrust Spyware Encyclopedia

Edited by quietman7, 25 April 2006 - 04:42 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users