[pchelpers] Re: trojans
- From: Scott McNay <wizard@xxxxxxxx>
- To: "Ekhart GEORGI (last name last)" <pchelpers@xxxxxxxxxxxxx>
- Date: Mon, 26 Dec 2005 09:58:43 -0600
Hi Ekhart,
Monday, December 26, 2005, 9:43:29 AM, you wrote:
>>> PS: On the topic of strange and interesting problems, here's another
>>> one. AVG's rescue disks found but didn't delete 3 trojans. I had to do
>>> that manually in DOS.
So you were running the AVG diskettes in DOS (without starting up
Windows), and were unable to do what you could do manually?
>> This problem often happens with bitdefender as well. It is usually
>> because the file is in use when scanned, so it can't be deleted. Often
>> it is write protected as well. To do it, you may have to note the files
>> and their locations, and slave the drive to another system. Look up the
>> locations and manually delete them.
EGlnl> Yes, that's exactly what i tried to say i'd done. And it would seem that
EGlnl> at least these trojans were not running in DOS because i was able to
EGlnl> delete them manually.
EGlnl> What was so strange about it is that the AVG rescue diskettes scan the
EGlnl> computer in DOS mode - which i guess is essentially the same as slaving
EGlnl> the drive to another system - but AVG couldn't delete what it found. Too
EGlnl> bad i didn't think about checking whether the trojans were write
EGlnl> protected. In any case, it seems that the DOS del command was able to
EGlnl> delete the trojans irrespective of whether or not they were write
EGlnl> protected or not. It seems extremely strange that AVG's rescue program
EGlnl> was not able to execute the same DOS command i could.
There's a lot of strange mis-functionality out there, that's for sure.
At least the problem with the "\System Volume Information" folder
under Windows XP is understandable, since it has access permissions,
etc. Your problem doesn't make sense, though, unless the files in
question were open at the time (by the malware itself, presumably),
and weren't available until after AVG had given up.
Are these boot floppies? If not, might want to make a set of boot
floppies, to help avoid this issue.
--
Scott.
--
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.
- Follow-Ups:
- [pchelpers] Re: trojans
- From: Ekhart GEORGI (last name last)
- References:
- [pchelpers] unbranding IE, premature end of software trial
- From: Ekhart GEORGI (last name last)
- [pchelpers] Re: trojans
- From: John Durham
- [pchelpers] Re: trojans
- From: Ekhart GEORGI (last name last)
Other related posts:
- » [pchelpers] Re: trojans
- » [pchelpers] Re: trojans
- » [pchelpers] Re: trojans
- » [pchelpers] Re: trojans
- [pchelpers] Re: trojans
- From: Ekhart GEORGI (last name last)
- [pchelpers] unbranding IE, premature end of software trial
- From: Ekhart GEORGI (last name last)
- [pchelpers] Re: trojans
- From: John Durham
- [pchelpers] Re: trojans
- From: Ekhart GEORGI (last name last)