Posted 08 November 2006 - 07:44 AM
I recently uninstalled the a-squared Free Anti-Trojan program because I found that, after a complete scan in which it found 3 tracking cookies, it either wouldn't or couldn't delete them so I had to use CCleaner to do the job.
Today I installed an updated version of a-squared Free - version 220.127.116.11 - in the hope that it would do better but the same thing happened. This time it found 2 instances of winlogon.exe in WINNT:
a-squared Free - Version 2.1
Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
ADS Scan: On
Scan start: 11/8/2006 6:09:03 PM
C:\WINNT\ServicePackFiles\i386\winlogon.exe detected: Trojan.Win32.Patched.e
D:\X-WINNT2\ServicePackFiles\i386\winlogon.exe detected: Trojan.Win32.Patched.e
So far as I understand, winlogon.exe is fine if it's where it's supposed to be - in System32 - but is a Trojan if found anywhere else.
But once again, after the scan finished, a-squared Free would neither delete nor quarantine these files.
Not only that, but in running a Windows search for 'winlogon.exe' I discovered two more instances of it in another part of WINNT which a-squared Free had failed to spot and so I manually moved all four into quarantine and wiped them myself.
Am I in the clear now?
* HP Pavilion dv7 * 2.20 gigahertz AMD Phenom II N850 Triple-Core * 4.0 GB RAM * Windows 7 Home Premium (x64) * Firefox 3.6.17 * Thunderbird 3.1.11 * Comodo Firewall * Malwarebytes' Anti-Malware 1.50.1 Pro * avast! Free Anti-Virus 2014.9.0.2007 * Erunt *