From: David H. Lipman on 25 Nov 2009 19:09 From: "Robin Bignall" <docrobin(a)ntlworld.com> < snip > | Thanks. I should say two other things: | I ran MRT.EXE /f:y this afternoon. Zero problems reported. | On reboot, sometimes all of these 'infection' messages are simply not | there. Then, on another reboot, they're back again, sometimes a few, | sometimes screens full. Normally I hibernate overnight and only | reboot when something, like critical updates, forces me to. | (alt.privacy.spyware added because this is being discussed there, | too.) | -- | Robin | (BrE) | Herts, England It is definitly a security tool set to delete the file index.dat at system Reboot and before the Winlogon process. However, at this time none of my peers have pinpointed exactly what security tool is generating the process. However at this point I can/will say "don't worry". We know have done numerous anti malware scans and the system can be deemed clean so don't get frazzled over this. I will keep researching this and hopefully we will find what security tool is generating the display you have seen. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: "FromTheRafters" erratic on 25 Nov 2009 20:24 "Robin Bignall" <docrobin(a)ntlworld.com> wrote in message news:bubrg555vcle0jo5kj0ioouhg90djmtlsg(a)4ax.com... The precise message is: INFECTION:DOCUMENTS AND SETTINGS\ROBIN BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER EXISTENT. *** It sounds to me like a conflict between two programs trying to do the same thing, and one doesn't check for the existence of the file prior to attempting the delete action. ***
From: Andy Walker on 25 Nov 2009 23:34 David H. Lipman wrote: >I will keep researching this and hopefully we will find what security tool is generating >the display you have seen. It occurred to me that she may be able to find the text of the error in a log file for the program generating the error. Assuming the program keeps a log, and the log has a formatted text element, she should be able to use the search function in Windows to search for the string "INFECTION: DOCUMENTS AND SETTINGS\ROBIN BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER EXISTENT." or some portion of that. If she can find the log file, she should be able to identify the program.
From: David H. Lipman on 26 Nov 2009 08:50 From: "Andy Walker" <awalker(a)nspank.invalid> | David H. Lipman wrote: >>I will keep researching this and hopefully we will find what security tool is >>generating >>the display you have seen. | It occurred to me that she may be able to find the text of the error | in a log file for the program generating the error. Assuming the | program keeps a log, and the log has a formatted text element, she | should be able to use the search function in Windows to search for the | string "INFECTION: DOCUMENTS AND SETTINGS\ROBIN | BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER | EXISTENT." or some portion of that. If she can find the log file, she | should be able to identify the program. A good approach ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Robin Bignall on 26 Nov 2009 16:10
On Wed, 25 Nov 2009 23:34:09 -0500, Andy Walker <awalker(a)nspank.invalid> wrote: >David H. Lipman wrote: > >>I will keep researching this and hopefully we will find what security tool is generating >>the display you have seen. > >It occurred to me that she may be able to find the text of the error >in a log file for the program generating the error. Assuming the >program keeps a log, and the log has a formatted text element, she >should be able to use the search function in Windows to search for the >string "INFECTION: DOCUMENTS AND SETTINGS\ROBIN >BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER >EXISTENT." or some portion of that. If she can find the log file, she >should be able to identify the program. Excellent idea, Andy. I'll try now and report back. Thanks also David. -- Robin (who is a he!) (BrE) Herts, England |