PDA

View Full Version : install.xat "virus"



Ext User(Fruit2O)
04-06-2007, 12:43 AM
My Bit Defender caught an infection in Docs and Settings/my
name/Application Data/install.xat. I'd like to get it off my system -
but Bit Defender says it can't move it, delete it or quarantine it.
I've tried Unlocker - but that didn't work either. Any suggestions?

Also, since I use the latest version of Zone Alarm and Bit Defender is
updated every day, how can an infection like this get in? Bit Defender
is real time and is supposed to check each file as it is accessed.

Thank you.

Ext User(nass)
04-06-2007, 04:47 AM
"Fruit2O" wrote:

>
> My Bit Defender caught an infection in Docs and Settings/my
> name/Application Data/install.xat. I'd like to get it off my system -
> but Bit Defender says it can't move it, delete it or quarantine it.
> I've tried Unlocker - but that didn't work either. Any suggestions?
>
> Also, since I use the latest version of Zone Alarm and Bit Defender is
> updated every day, how can an infection like this get in? Bit Defender
> is real time and is supposed to check each file as it is accessed.
>
> Thank you.

Hi,
Try the deletion in Safe Mode, as in Normal Mode the Virus Process is
running in the background and blocking you from deleting or the file write
protected, so try in Safe Mode either by the unlocker or the AutoRun from
below.
"AutoRuns for Windows v8.61 By Mark Russinovich and Bryce Cogswell"
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
The tool above will show in real time the running processes and can show
what in the registry, DLLs on your machine and you can use it to
remove/Delete a file or edit the startup programs.
HTH.
nass
-----
www.nasstec.co.uk

Ext User(Elmo)
04-06-2007, 07:03 AM
Fruit2O wrote:
> My Bit Defender caught an infection in Docs and Settings/my
> name/Application Data/install.xat. I'd like to get it off my system -
> but Bit Defender says it can't move it, delete it or quarantine it.
> I've tried Unlocker - but that didn't work either. Any suggestions?
>
> Also, since I use the latest version of Zone Alarm and Bit Defender is
> updated every day, how can an infection like this get in? Bit Defender
> is real time and is supposed to check each file as it is accessed.

How? One possible scenario:

Day 1. New malware is created and distributed

Day 2. It reaches a few thousand machines.

Day 3. Someone reports it.

Day 4. Your a/v software gets the virus definitions update.

Day 5. You're alerted to the infection you got on Day 2.

--
Joe =o)

Hosted by: Eyo Technologies Pty Ltd. Sponsored by: Actiontec Pty Ltd