Downloaded and about to install and run in Safe Mode...(temperature problem still exists...stabilized though at a roasty 64C -_- thanks to a huge box fan and an open case, which I know isn't good).
I assume the new restore point should be set AFTER running Ewdio - does this automatically purge the old restore point? or do I have to do something special to purge it? (I can see it, but it won't let me access it to manually remove it - even on the owner account, there is no 'security' tab in the "security and sharing" popup, so the instructions on the MS website for accessing it in WinXP aren't working
Anywho...off to scan in safe mode (I'm going to run AVG 7.1 again as well in safemode).
[Edit] I got it to give me access (view and such) to the folder, scanned it directly with AVG and it spotted the trojan, only in 1 file, in that 1 restore...
Order of Events (notice cool downs due to odd heat problems - more on that in a second):
- Downloaded and set up Ewido, set the computer up to restart in safe mode.
- Turned off computer, let it cool down for about an hour.
- Turned it on in safe mode, scanned in safe mode, Ewido (AVG Anti-Spyware) only returned 1 "Tracking Cookie" (which I removed).
- Turned off computer to let it cool down again (leaving it set to turn on in safe mode) - this due to a heat warning.
- Turned on in safe mode, scanned with AVG 7.1 in safemode, still only found the 1 trojan.generic3.qtn
- Set it up so I could view the "System Volume Restore" folder on my admin account (didn't give any editing access to this account though, just in case)
- Turned off restore point so it would purge old restores (while in safemode), set to reboot in normal mode.
- Turned off computer again (to cool down).
- Started computer in normal mode, came to post results.
Temperature still acting interesting, curious if this could be related to this trojan (even though no viruses are showing or anything). At this moment it's hovering at 42C/43C like normal, mind you with the case open and the box fan running...in fact MBM is reporting it flipping between these 2 at this very moment, back and forth. I may run a scan to see if it hits the oddly high temperature during the scan again (prior to this incident it'd reach 55 at the highest, mid-summer, during a virus scan, it's been peaking over 60C now which gives warnings *it's autumn and cooler now which is why it concerns me*)
All the fans on my system are working (Power supply Fan, Processor Fan, Rear outtake fans, and front intake fans), and it kept the system more than cool enough for the past 3+ years. There is very minimal dust (probably gonna blow it out again tomarrow with some compressed air just to make sure, but I don't think this is enough dust to cause this issue). My system isn't overclocked... could the overheating have had anything to do with the virus?
And if it's not likely related to a virus, is there a way to underclock (all I do on here is browse online, check email, and digitally paint - all of which I've done without a problem on slower systems...since most of the art programs are mainly just memory hogs).
I'm also curious as to how this may have gotten on my system - I haven't visited any new sites between my last scan prior to the trojan and the discovery of the trojan (I generally only visit about 15 sites I've visited for years without problems, I never open unsolicited emails *even if I know the sender*, I run Zonelabs firewall, restricting most programs access, and use windows auto-updates, and install immediately after downloaded, as well as auto-updates for AVG 7.1 *checks daily for updates*, I update Adaware regularly, and Zonelabs auto-update is active, I install as soon as it notifies me). In case that provides any hint to how I got it :\...
Only thing I can think of is it came on an advertisement on one of the sites (although only a few have random banner advertising), or maybe a malicious person (I have a few people who wouldn't mind seeing me vanish for a while because of my work on a few sites - and personal quarrels) mind you my IP is dynamic (dialup). Any ideas? Or could there be something that these scanners just aren't picking up that was laying dormant and plunking this into files?
I've had trojans pop up before, and AVG + a little research, usually cleaned them up just fine - but with the exception of this incident, haven't had any issues for several months (last year - one nested in some wolfenstein files I had dl'd from the official site about 6-8 months prior to that).
Anywho...hope that reveals something that can maybe give some insight on how to prevent this in the future (or how to fix the overheating problem when it arises).
Thanks for the help, it is greatly appreciated.
PS - yea, it was a mistake running GMER probably (I was following the information in another person's post about a Trojan.Generic2 where a BC official was helping them and got it resolved), didn't turn up anything though.
Going to scan again after posting this btw (praying it doesn't overheat
Edited by AnonArtist, 15 October 2006 - 04:13 AM.