[pchelpers] Re: indomitable malware - Antivir best antimalware program

Hi Scott

> EGlnl> + Alice XPFix (Not verified) Gemtek c:\program files\wireless
> EGlnl> 11mbps network\xpfix.exe
> 
> You might want to double-check that "Alice" didn't come from
> Wonderland. :) "XPFix" is a name that vigorously waves a red flag for
> me... it's a name which is absolutely meaningless, and which would be
> ignored by someone naive ("Oh, it fixes something in XP, I'd better
> leave it alone!!"), and it looks exactly like some malware I've seen.

Yes, as i said, i'll check whether XPFix.exe has a legit folder in
the start menu and the program files folder. The reason i'm not too 
worried about this is that i seem to remember seeing such a start menu 
folder with a help file and everything and even seeing an installation 
CD. In addition, the link i sent last time 
www.file.net/process/xpfix.exe.html explained this is installed on all 
Fujitsu-Siemens laptops.

It also said what you quoted, but this also supports the idea that it's 
legit because the logs show it's in the Program Files and not the 
Windows folder:

> It's just that that "fix" word makes me wonder.  :)   Did you see this?
> 
>    "Important: Some malware camouflage themselves as XPFix.exe,
>    particularly if they are located in c:\windows or
>    c:\windows\system32 folder."


> EGlnl> R0 - HKCU\Software\Microsoft\Internet
> EGlnl> Explorer\Toolbar,LinksFolderName = 
> EGlnl> Linkit
> 
> Might want to double-check where this is pointing at.

How do i do that?

> EGlnl> HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components +
> EGlnl> 0 File not found: About:Home
> 
> This can be deleted (with some difficulty)

I also have this on my own computer, which is clean, because i have an 
empty start page in IE. I realise that there is also malware that 
produces an empty start page, but apparently the AutoRuns log provides 
no indication whether this is a user or a malware setting?

> Happy now, John? :)

Sorry, about the long message, John, but it doesn't seem to make any 
sense to split scan logs into several parts. We'll just have to wait 
until you have time to repost them after they're bounced by the list 
server. The responses should of course remove all except those parts 
that need a comment, as Scott did, and even put those responses in more 
than one message if they amount to more than 50 lines.

It also doesn't seem to make much sense to send messages with scan logs 
to you, John, directly because that doesn't reduce your workload either. 
Are you informed immediately when a message is longer than 50 lines? 
Otherwise, if someone is in a hurry to get help with a scan log (which 
is almost always longer than 50 lines even when there is no malware), 
they may want to speed things up by sending it to you directly and 
asking you to post it.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: