My McAfee VirusScan Enterprise 8.7.0i has found a file: (C:\WINDOWS\system32\zaduzuhe.dll) but cannot clean or delete this file. When I go to the folder the file does not appear. I have also ran HiJackThis but does not show a reference to this file.
When the VSE detects that file, What alert does it give ?
Does it call it an Artemis detection or does it have aname for the detection ? Also, Have you tried viewing Hidden files and then searching for that file ?
detections starting as "New Malware" or "Artemis" denote heuristics detections, the file of which could mostly be deleted. A copy of the deleted file is placed in the VirusScan quarantine folder (C:\quarantine, by default) and kept there for a limited time (see your VirusScan configurations for exact value).
When a detection is not deleted, it is likely because the file is kept open (i.e. for exclusive write access) by some process, which should be terminated so the file gets free.
Sometimes, when you can identify what file is that, and where it is, you can move (not copy) the file to a different folder, so next time the process wants to load the file, it won't find it, so won't load. Thus VirusScan will be able to delete it when next time it scans.
Check out vil.nai.com for detections like that and read if there are any description to find out more.
AttilaMessage was edited by: Attila Polinger on 4/27/10 3:00:22 PM CEST