Norton Anti-Virus posted the following report on PC with Windows XP service pack 2 with fire wall activated:
Date: 5/17/2005, Time: 22:59:58, andykeri on KERI
C:\Documents and Settings\andykeri\Local Settings\Temporary Internet Files\Content.IE5\P6ZN2JBN\aun_0036.exe
is infected with the Trojan.Alwayup virus.
Unable to repair this file.
This is puzzzling as I had two such auto-protect alerts from Norton AntiVirus 2004 over the past several days.
From my NAV log:
Source: C:\WINDOWS\Temporary Internet Files\Content.IE5\GLIFSLAJ\aun_0036.exe
Click for more information about this threat : Trojan.Alwayup
I note that the auto-protect alert also made reference to the aun_0036.exe Temp Inernet File that Weedboy posts.
On both occasions, I looked at the properties of that aun_0036.exe
file . It contained 0 Bytes. I also scanned it with the NAV 2004 and it showed: No Threats Found. although the Norton auto-protect alert claimed it couldn't delete the file, I was able to delete it manually in Normal Mode after a reboot.
I then did a full system scan using the NAV 2004 after disabling System Restore. Came out clean. I also ran an online GFI Trojan scan, an online Symantec antiVirus Scan, and an online MacCafee AntiVirus scan. All came out clean.
AdAware SE showed the usual group of a few tracking cookies. Same with Spybot.
I'm wondering why that aun_0036.exe file was 0 Bytes and why that NAV 2004 scan of that file and of the netire TIF folder showed "No Threars Found" even before I deleted anything.
Could this have been some False Positive alert by NAV auto-protect?
Are there further scans I ought to run to be sure my system is truly clean of this Alwayup trojan?
Thanks in advance:
--IE 6.0 SP1 with all critical updates
--Norton AntiVirus 2004
--Norton Personal Firewall 2003