Do you have this folder?

[ChrisK2972]

Will anyone with W2K Pro check your WINNT folder for me and see if you have a folder listed named: autoupd

I scanned with House call last night and it identified a trojan in that folder called Small.J I allowed House call to delete the file and now I am wondering what it was. I have another machine here that is running W2K and that folder is not on that machine at all. The file that was deleted was named: upd.exe

thanks

[Martoch]

No such folder on ANY of our 2K Pro systems here...over 30 total too. Bye bye folder!


Mike

http://www.trendmicro.com/vinfo/viru...e=TROJ_SMALL.J thats the description of the virus. maybe its makes the folder itself?

[ChrisK2972]

Groundzero3, I think you are right. House call probablly got rid of the trojan itself, but, left the folder behind. I have scanned with several other virus scanners as well as several dedicated trojan scanners and nothing. So, I am going to delete the folder and see what happens. It is not empty; has some ocx and dll files and such. But, the machine has a very small program configuration right now and I know it was not deposited by any legit program that I have. So, wish me luck....

Thanxs, Martoch, for checking. I really appreciate it.

[vass0922]

may want to check the registry for those files

.ocx is an activex control that can be called from other applications.

make sure there's nothing in the RUN key of the registry

[ChrisK2972]

yeah, I just checked it. The registry is clear. Just in case, I have not removed the folder from the recycle bin. Want to make sure all is ok. However, it stands to reason that if the folder was created by the trojan itself, then anything within would be related. Is that logical?

I am pretty sure where I picked it up. When I grabbed the Omega Drivers for my nVidia card, there was a warning about a mirror site that installed a "dialer.exe" file. I think I must have clicked the wrong site and boom, it got me. I went there today and they must have deleted the mirror because the warning is gone. Oh well, it appears to be ok. Luckily it had not been fully executed. I am concerned, however, that my Panda Titanium AV did not catch it. This is the first thing that I know of that has gotten past it. I usually do house call once a week in conjunction with Panda. So, I guess I cannot complain. But, it is not listed in their virus file, so I emailed them.

Thanxs again for the quick responses and help!!!