Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Thanks for the reply, Floating_Red, but the problem is that I can't get past the step in the removal instructions that says...
"Run a full system scan and delete all the files detected."
...because NIS won't delete the file.
GhostX wrote:Thanks for the reply, Floating_Red, but the problem is that I can't get past the step in the removal instructions that says...
"Run a full system scan and delete all the files detected."
...because NIS won't delete the file.
Greetings,
Have you done a Full System Scan in Safe Mode with Updated Virus Definitions?
Floating_Red wrote:
Greetings,
Have you done a Full System Scan in Safe Mode with Updated Virus Definitions?
No I haven't. I'll try that, but I know my virus definitions are already up-to-date, and I rather doubt that it will make any difference. I'm not really concerned that my computer is infected. I strongly suspect that it isn't, and that this is simply an unactivated threat file that got downloaded somewhere from my e-mail (it happens to me every day, as I get at least 500 spam e-mails per day among my various e-mail accounts!).
All I'm trying to do is figure out where the threat files are located. There must be a way to get this info from NIS, shouldn't there be? This used to be an easy matter to fix pre-NIS 2009. I've been able to fix this exact same issue in NIS 2008 by simply finding and manually deleting the file.
GhostX wrote:
.........I also went into the Security History window to see if there was any information there on the file locations, but there is nothing.
Hi GhostX,
Under Security History, did you select "Scan Results" from the drop down box?
Phil_D wrote:
GhostX wrote:
.........I also went into the Security History window to see if there was any information there on the file locations, but there is nothing.
Hi GhostX,
Under Security History, did you select "Scan Results" from the drop down box?
Greeting, Phil,
Was going to suggest this if it still did you Remove via Safe Mode.
And GhostX, it should be there as Phil pointed out. :)
Find the specfic location of the file and its name. If it is not a critical Windows file, you can try a file unlocker to delete the whole file.
the files are probably in system restore as well. So if you run a scan with system restore than you are probably able to remove th malware
I tried selecting "Scan Results" in the Security History, as Phil_D suggested, but there is no record there of the threats that I posted in my original message. I also tried the "Unresolved Security Threats" and the "Resolved Security Threats" filters in that window, and there is similarly no mention of these Trojans! In fact, the Unresolved Security Threats section is completely blank, and I can't get that threats summary window that I originally posted to reappear now, so I wonder if the threats resolved themselves sometime after I changed my NIS setting to automatically delete compressed files containing a threat. If that's the case, I would think there would still be some record of the resolution, but there doesn't appear to be.
I'll still run the full scan in Safe Mode when I have a chance (I don't have the time to tie up my computer for the 2 hours it will take to run the scan right now). I confirmed (using the infection locations noted in the Removal Instructions) that my computer is not infected (i.e., the Trojan was never executed), so I'm not especially concerned about it.
I guess I just found it disappointing that NIS wouldn't tell me the location of the threat files.
GhostX wrote:I tried selecting "Scan Results" in the Security History, as Phil_D suggested, but there is no record there of the threats that I posted in my original message. I also tried the "Unresolved Security Threats" and the "Resolved Security Threats" filters in that window, and there is similarly no mention of these Trojans! In fact, the Unresolved Security Threats section is completely blank, and I can't get that threats summary window that I originally posted to reappear now, so I wonder if the threats resolved themselves sometime after I changed my NIS setting to automatically delete compressed files containing a threat. If that's the case, I would think there would still be some record of the resolution, but there doesn't appear to be.
I'll still run the full scan in Safe Mode when I have a chance (I don't have the time to tie up my computer for the 2 hours it will take to run the scan right now). I confirmed (using the infection locations noted in the Removal Instructions) that my computer is not infected (i.e., the Trojan was never executed), so I'm not especially concerned about it.
I guess I just found it disappointing that NIS wouldn't tell me the location of the threat files.
You might want to try "Quarantine".
Floating_Red wrote:You might want to try "Quarantine".
Yeah, I had tried there too. I tried every relevant option in the Security History, and could find no record of it anywhere. Very strange.
GhostX wrote:
Floating_Red wrote:You might want to try "Quarantine".
Yeah, I had tried there too. I tried every relevant option in the Security History, and could find no record of it anywhere. Very strange.
Click on: "Resolved Security Risks" > Click on anything here > Click "More Details" > "View: Risk Details". Please confirm if you have tried that.
Floating_Red wrote:Click on: "Resolved Security Risks" > Click on anything here > Click "More Details" > "View: Risk Details". Please confirm if you have tried that.
I just tried that. There is nothing in that window with today's date on it.
Here's my latest theory: After I posted my original message int his thread, as I mentioned earlier, I had gone into my e-mail client's downloads folder and deleted all compressed files, and anything that could have harbored the trojan horses. After doing this, I went back to the Action Required window and clicked the "Rescan" button, which did not do anything to clear the threats from the notification list. However, perhaps the list needed to be refreshed in some other way and was simply still showing threats that no longer existed.
That still doesn't explain why there is no original record of the threats notification anywhere, but it might explain why there is no record of a resolution (because I may have done the resolution manually).
I spoke too soon... the Action Required window just popped up again, and still shows the same six threats, all labeled "Remove Failed." There is just no mention of them anywhere in the Security History, so I still have no idea where the threat files are located.
I'll try the full system scan in a little while.
Please click on the Web Links for each other the Threats i gave you earlier in the Thread.
When it tells you to do a Full System Scan in the instructions, please boot in to Safe Mode to this.
Let us know how you get on.
Floating_Red wrote:Please click on the Web Links for each other the Threats i gave you earlier in the Thread.
When it tells you to do a Full System Scan in the instructions, please boot in to Safe Mode to this.
Let us know how you get on.
Okay, I did all this. The full scan in Safe Mode (after updating the virus defs) didn't find any threats. I went to the web links with the removal instructions, and they didn't help. None of the places it said to look for modifications (Win.ini, System.ini, or the Registry) show any signs of having been infected, and I can't find the trojan file that it says I need to remove first anyway. The "Action Required" window keeps popping up with those same six threats though, and the status just says "Remove Failed."
Again, the problem, as far as I am concerned, is not that my computer is infected (which it's not--these Trojans were never executed), but that NIS 2009 won't tell me where these files are so that I can delete them manually. I'd be inclined to just ignore the warning window, except that I can't clear it and it just keeps popping up every couple of hours.
Tech0utsider wrote:Malwarebyte's Anti-Malware may be of help.
http://www.malwarebytes.org/mbam.php
I tried this as well, running a full system scan. It did find a file that it flagged as a potential trojan horse (a file called cpu.exe). I temporarily disabled the System Restore, removed the suspect file, and rebooted... but the Action Required window still keeps popping up, with the same 6 trojan horses listed.
Try Malwarebytes Anti-malware. http://www.malwarebytes.org/mbam.php
Oh sorry I did not see your latest post. Hm. Empty Malwarebyte’s quarientine. Norton may be detecting the files that are in Malwarebyte’s quarientine and telling you that they are malware.