Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Alwayup [CLOSED]


  • This topic is locked This topic is locked

#1
eliuri

eliuri

    Member

  • Member
  • PipPip
  • 13 posts
Weedboy wrote:

<<<
Norton Anti-Virus posted the following report on PC with Windows XP service pack 2 with fire wall activated:
Date: 5/17/2005, Time: 22:59:58, andykeri on KERI
The file
C:\Documents and Settings\andykeri\Local Settings\Temporary Internet Files\Content.IE5\P6ZN2JBN\aun_0036[1].exe
is infected with the Trojan.Alwayup virus.
Unable to repair this file.
>>>>>



****************************
This is puzzzling as I had two such auto-protect alerts from Norton AntiVirus 2004 over the past several days.

From my NAV log:

<<<
Source: C:\WINDOWS\Temporary Internet Files\Content.IE5\GLIFSLAJ\aun_0036[1].exe
Click for more information about this threat : Trojan.Alwayup
>>>>


I note that the auto-protect alert also made reference to the aun_0036[1].exe Temp Inernet File that Weedboy posts.

On both occasions, I looked at the properties of that aun_0036[1].exe
file . It contained 0 Bytes. I also scanned it with the NAV 2004 and it showed: No Threats Found. although the Norton auto-protect alert claimed it couldn't delete the file, I was able to delete it manually in Normal Mode after a reboot.

I then did a full system scan using the NAV 2004 after disabling System Restore. Came out clean. I also ran an online GFI Trojan scan, an online Symantec antiVirus Scan, and an online MacCafee AntiVirus scan. All came out clean.

AdAware SE showed the usual group of a few tracking cookies. Same with Spybot.
1.3

I'm wondering why that aun_0036[1].exe file was 0 Bytes and why that NAV 2004 scan of that file and of the netire TIF folder showed "No Threars Found" even before I deleted anything.

Could this have been some False Positive alert by NAV auto-protect?

Are there further scans I ought to run to be sure my system is truly clean of this Alwayup trojan?

Thanks in advance:
-Eliuri

*******************

--Windows ME

--IE 6.0 SP1 with all critical updates

--Norton AntiVirus 2004

--Norton Personal Firewall 2003

--AdAware SE

--Spybot 1.3
  • 0

Advertisements


#2
prab

prab

    Member

  • Member
  • PipPip
  • 61 posts
Eliuri, Please make your own topic. This will be less confusing for everyone, and you will recieve support faster.

~Prab~
  • 0

#3
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi eliuri and welcome to the forums,
I split your topic off and created a new topic for you, Please reply to this topic with any further questions or post,

I will leave you in the trusting hands of prab

Thanks
Don
  • 0

#4
prab

prab

    Member

  • Member
  • PipPip
  • 61 posts
From your description I can't tell what the problem is.

I suggest that you clean the following directory contents (but not the directory folder). You may use CCleaner to assist with this process. Please download it from here. It should clean these location, but please check them yourself.

1. C:\Windows\Temp\
2. C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=this will delete all your cached internet content including cookies.
3. C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
4. C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
5. C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
6. Empty your " Recycle Bin ".

Now please, post a log file from a full ad-aware scan (make sure you update before you scan). Do not fix any items at this time. I will then review it and post the solution to any problems it shows.

~Prab~
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP