3 replies to this topic

[jasper]

Last night I did an on-line scan with McAffee and it came up with the "Exploit-URLSpoof.gen" trojan, it is located in C:\Documents and Settings\.....\index[7].htm. The question is this.
I performed a search for index[7].htm. and found nothing. I run a Norton scan daily - nothing, following this I ran scans by Trend Micro, Bit Defender, Panda Active Scan, and TDS they all came up clear.
The point is how can I be sure it is a false alarm if I cannot find the file and delete it? and what is next? I am open to any suggestions.

[cnm]

Possibility 1: MacAfee removed it.

Possibility 2: It's a hidden file. See HERE for how to show hidden files.

Possibility 3: It has changed its name after a reboot, malware does that quite often.

Possibility 4: It was a false positive and the file was never there.

[Trilobite]

I have recently run several tests of antivirus software on how well they detect viruses/Trojans. The results can be found here.

From my experience and from these tests, I would say that McAfee is a little on the sensitive side when it comes to detection.

As for deleting the file, I agree with cnm. Either McAfee removed it or it is still hidden from explorer. If you still can’t find the file using explorer and cnm’s suggestion of showing hidden files, try to obtain the full path to the file from McAfee and attempt to delete it from a command prompt.

-OR-

You could also try the command-line version of McAfee antivirus to remove the file, which I believe is still freeware/shareware. Download the Windows superdat file (ie: sdat4370.exe or similar filename) from here.

Save this file to a permanent location on your hard disk, such as c:\mcafeeav.
Next go to the start menu and click on run.
Type (you may need to change this to suit the filename) c:\mcafeeav\sdat4370.exe /e
Wait a few minutes for McAfee to unpack.
Then go to the start menu and click on run.
Type or cut and paste (with the quotation marks) c:\mcafeeav\scan.exe “C:\Documents and Settings" /sub /all /clean /report c:\mcafeeav\results.txt

The results of this scan should now be in c:\mcafeeav\results.txt
If the file could not be cleaned, add /del to the run command.

Edited by Trilobite, 28 June 2004 - 09:23 PM.

[jasper]

I have done it!!!
I tried, Etrust, TrojanHunter, and Ewido to no avail. So I went back to Mcafee's and downloaded their free trial version, and removed it fom their. I had to remove Norton though to do it, temporary though. The annoying thing is that the offensive file was in Temp internet folders. I cleaned them out on Saturday, but I think I remember a suspect E-mail on Sunday but I did not open it. just deleted it.
Thank you for the input.