[pchelpers] Re: trojans
- From: "Ekhart GEORGI (last name last)" <Ekhart.GEORGI@xxxxxxxxxxx>
- To: pchelpers@xxxxxxxxxxxxx
- Date: Mon, 26 Dec 2005 19:33:08 +0200
Hi Scott
>>>> PS: On the topic of strange and interesting problems, here's another
>>>> one. AVG's rescue disks found but didn't delete 3 trojans. I had to do
>>>> that manually in DOS.
>
> So you were running the AVG diskettes in DOS (without starting up
> Windows), and were unable to do what you could do manually?
Yes, the final screen showed a list of three trojans and their locations
but pressing Enter once the choice called Delete or whatever was
highlighted didn't seem to do anything, which doubt was confirmed by the
fact that the del command did not produce an error message.
> EGlnl> computer in DOS mode - which i guess is essentially the same as slaving
> EGlnl> the drive to another system - but AVG couldn't delete what it found.
> Too
> EGlnl> bad i didn't think about checking whether the trojans were write
> EGlnl> protected. In any case, it seems that the DOS del command was able to
> EGlnl> delete the trojans irrespective of whether or not they were write
> EGlnl> protected or not. It seems extremely strange that AVG's rescue program
> EGlnl> was not able to execute the same DOS command i could.
>
> There's a lot of strange mis-functionality out there, that's for sure.
> At least the problem with the "\System Volume Information" folder
> under Windows XP is understandable, since it has access permissions,
> etc. Your problem doesn't make sense, though, unless the files in
> question were open at the time (by the malware itself, presumably),
> and weren't available until after AVG had given up.
>
> Are these boot floppies? If not, might want to make a set of boot
> floppies, to help avoid this issue.
Yes, they're boot floppies. I agree that what i experienced doesn't make
sense, unless there is something about attrib and del and write
protection that i don't know yet. Maybe the AVG scan removed some
protection that then enabled the del command, and maybe a rerun of AVG
would have also been successful in deleting. Just speculating...
Maybe the whole thing was a UI problem. I remember there was something
illogical about how to choose which things to delete in the results list.
--
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.
- References:
- [pchelpers] unbranding IE, premature end of software trial
- From: Ekhart GEORGI (last name last)
- [pchelpers] Re: trojans
- From: John Durham
- [pchelpers] Re: trojans
- From: Ekhart GEORGI (last name last)
- [pchelpers] Re: trojans
- From: Scott McNay
Other related posts:
- » [pchelpers] Re: trojans
- » [pchelpers] Re: trojans
- » [pchelpers] Re: trojans
- » [pchelpers] Re: trojans
- [pchelpers] unbranding IE, premature end of software trial
- From: Ekhart GEORGI (last name last)
- [pchelpers] Re: trojans
- From: John Durham
- [pchelpers] Re: trojans
- From: Ekhart GEORGI (last name last)
- [pchelpers] Re: trojans
- From: Scott McNay