Win2k trojan wont delete
Hi guys i was checking a network pc this evening and turned up a trojan. the report is pasted in at bottom of the post. . . Great its renamed. so i go in to the directory g:\documents and settings\administrator\local settings\temporary internet files\ and look for the subdirectory that should contain the file.
Hi guys i was checking a network pc this evening and turned up a trojan.
the report is pasted in at bottom of the post...
Great its renamed. so i go in to the directory g:\documents and settings\administrator\local settings\temporary internet files\ and look for the subdirectory that should contain the file. But, there is nothing but files, no directories at all.
O.K change my view settings so as none of the files are hidden and then try again you say. well all hidden files are visable. just to check i made a new one. So then i select all and hit the shift delete button just to make sure. then i rescan the drive and guess what, the virus checker finds all the files and the virus still there in the same place they were before even though i cant see them and none of the files are hidden. (to make sure i changed the attributes of the folder g:\documents and settings\administrator\local settings\ all its contents and sub directories, and still no luck.
I am pretty sure that its not the virus that is dooing this but win2k that has made some kind of virtual file structure or something, but wtf is it?
Help please
tpe
Scanned at: 10/08/2001 11:59 PM Virus Alert!
Scanned by: fb at Hiccup
F-Secure Anti-Virus for Windows version 4.03
Scan engines used:
F-PROT version 3.04.812 (signatures database date 2001-09-20)
AVP version 3.00.129 (signatures database date 2001-09-19)
Search: Drive G:
Action: Disinfect
Targets: File viruses Boot sector viruses
Files: All
Results of virus scanning:
Scanned: 1 drive(s), 12319 file(s)
Time: 16 min 10 sec
Found: 1 infection(s), 0 suspected infection(s) in 1 file(s)
Disinfected 0 file(s)
g:\documents and settings\administrator\local settings\temporary internet files\content.ie5\s1yvcden\fst[1].0s
Infection: 'JS.Trojan.Seeker-based' [AVP]
the report is pasted in at bottom of the post...
Great its renamed. so i go in to the directory g:\documents and settings\administrator\local settings\temporary internet files\ and look for the subdirectory that should contain the file. But, there is nothing but files, no directories at all.
O.K change my view settings so as none of the files are hidden and then try again you say. well all hidden files are visable. just to check i made a new one. So then i select all and hit the shift delete button just to make sure. then i rescan the drive and guess what, the virus checker finds all the files and the virus still there in the same place they were before even though i cant see them and none of the files are hidden. (to make sure i changed the attributes of the folder g:\documents and settings\administrator\local settings\ all its contents and sub directories, and still no luck.
I am pretty sure that its not the virus that is dooing this but win2k that has made some kind of virtual file structure or something, but wtf is it?
Help please
tpe
Scanned at: 10/08/2001 11:59 PM Virus Alert!
Scanned by: fb at Hiccup
F-Secure Anti-Virus for Windows version 4.03
Scan engines used:
F-PROT version 3.04.812 (signatures database date 2001-09-20)
AVP version 3.00.129 (signatures database date 2001-09-19)
Search: Drive G:
Action: Disinfect
Targets: File viruses Boot sector viruses
Files: All
Results of virus scanning:
Scanned: 1 drive(s), 12319 file(s)
Time: 16 min 10 sec
Found: 1 infection(s), 0 suspected infection(s) in 1 file(s)
Disinfected 0 file(s)
g:\documents and settings\administrator\local settings\temporary internet files\content.ie5\s1yvcden\fst[1].0s
Infection: 'JS.Trojan.Seeker-based' [AVP]
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Many thanks AlecStaar, it wasnt the virus checker stoping me it was win2k making some virtual directories. I managed to delete it by clearing the temp internet files.
Anyone know how win2k puts these virtual directories with files in on the disk, it could well be useful to be able to edit them.
tpe
Anyone know how win2k puts these virtual directories with files in on the disk, it could well be useful to be able to edit them.
tpe
No, Win2K uses namespace extensions so that it can display useful information within the Temporary Internet Files directory from Explorer -- that's how its "details" listing is special (it shows what site a cached file came from, and so on).
If you use a shell that doesn't use the namespace extensions (e.g. File Manager, cmd, 4NT, bash) then you can see inside the TIF directory.
If you use a shell that doesn't use the namespace extensions (e.g. File Manager, cmd, 4NT, bash) then you can see inside the TIF directory.
