3 Replies Latest reply on Apr 27, 2010 8:00 AM by Attila Polinger

    Removal of threat?

      My McAfee VirusScan Enterprise 8.7.0i has found a file: (C:\WINDOWS\system32\zaduzuhe.dll) but cannot clean or delete this file. When I go to the folder the file does not appear. I have also ran HiJackThis but does not show a reference to this file.

        • 1. Re: Removal of threat?

          Whitey,

           

           

          When the VSE detects that file, What alert does it give  ?

           

          Does it call it an Artemis detection or does it have aname for the detection ?  Also, Have you tried viewing Hidden files and then searching for that file ?

           

           

          Sameer

          • 2. Re: Removal of threat?

            I have made sure that I have checked: View Folder Options, View hidded files.

            McAfee shows file identified as "New Malware.ks" but is unable to delete or clean the file.

            • 3. Re: Removal of threat?
              Attila Polinger

              Hello,

               

              detections starting as "New Malware" or "Artemis" denote heuristics detections, the file of which could mostly be deleted. A copy of the deleted file is placed in the VirusScan quarantine folder (C:\quarantine, by default) and kept there for a limited time (see your VirusScan configurations for exact value).

               

              When a detection is not deleted, it is likely because the file is kept open (i.e. for exclusive write access) by some process, which should be terminated so the file gets free.

               

              Sometimes, when you can identify what file is that, and where it is, you can move (not copy) the file to a different folder, so next time the process wants to load the file, it won't find it, so won't load. Thus VirusScan will be able to delete it when next time it scans.

               

              Check out vil.nai.com for detections like that and read if there are any description to find out more.

               

              Attila

               

               

              Message was edited by: Attila Polinger on 4/27/10 3:00:22 PM CEST
              1 of 1 people found this helpful