I'm using Kaspersky AV, version 7.0.0.125, database updated every
couple of days or so. My regular rootkit scan has detected and
neutralised a Trojan, clicker.html.iFrame.ail, located in
D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
another one of the same type in the same location and with a similar
name. 

Kaspersky has neutralised them, and I can't see either using Explorer
so they're probably deleted, but is there any further action I should
take?

-- 
 
Chris

E-mail: christopher[dot]hogg[at]virgin[dot]net

In article , Chris Hogg 
says...
> 
> I'm using Kaspersky AV, version 7.0.0.125, database updated every
> couple of days or so. My regular rootkit scan has detected and
> neutralised a Trojan, clicker.html.iFrame.ail, located in
> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
> another one of the same type in the same location and with a similar
> name. 
> 
> Kaspersky has neutralised them, and I can't see either using Explorer
> so they're probably deleted, but is there any further action I should
> take?

Download, install and run Malwarebytes Antimalware scanner.


-- 
Conor

I only please one person per day. Today is not your day. Tomorrow isn't 
looking good either. - Scott Adams

On 2009-07-06, Conor  wrote:
> In article , Chris Hogg 
> says...
>> 
>> I'm using Kaspersky AV, version 7.0.0.125, database updated every
>> couple of days or so. My regular rootkit scan has detected and
>> neutralised a Trojan, clicker.html.iFrame.ail, located in
>> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
>> another one of the same type in the same location and with a similar
>> name. 
>> 
>> Kaspersky has neutralised them, and I can't see either using Explorer
>> so they're probably deleted, but is there any further action I should
>> take?
>
> Download, install and run ...

... a decent operating system.

-- 
                    http://hyperangry.blogspot.com/
       [email me, if you must, at huge {at} huge (dot) org <dot> uk]

Conor wrote:
> In article , Chris Hogg 
> says...
>> I'm using Kaspersky AV, version 7.0.0.125, database updated every
>> couple of days or so. My regular rootkit scan has detected and
>> neutralised a Trojan, clicker.html.iFrame.ail, located in
>> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
>> another one of the same type in the same location and with a similar
>> name. 
>>
>> Kaspersky has neutralised them, and I can't see either using Explorer
>> so they're probably deleted, but is there any further action I should
>> take?
> 
> Download, install and run Malwarebytes Antimalware scanner.

I've downloaded that and opted to save it. It has been saved in 
'downloads' but where does this folder exist?

Dave

In article , Dave says...
> 
> Conor wrote:
> > In article , Chris Hogg 
> > says...
> >> I'm using Kaspersky AV, version 7.0.0.125, database updated every
> >> couple of days or so. My regular rootkit scan has detected and
> >> neutralised a Trojan, clicker.html.iFrame.ail, located in
> >> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
> >> another one of the same type in the same location and with a similar
> >> name. 
> >>
> >> Kaspersky has neutralised them, and I can't see either using Explorer
> >> so they're probably deleted, but is there any further action I should
> >> take?
> > 
> > Download, install and run Malwarebytes Antimalware scanner.
> 
> I've downloaded that and opted to save it. It has been saved in 
> 'downloads' but where does this folder exist?
> 
I don't know, it's not my computer. If its Vista, it'll be in the 
Downloads Folder under your name. If its XP and you're using Firefox, 
it'll have saved it to your desktop if you've not altered where it 
saves it.



-- 
Conor

I only please one person per day. Today is not your day. Tomorrow isn't 
looking good either. - Scott Adams

Conor wrote:
> In article , Dave says...
>> Conor wrote:
>>> In article , Chris Hogg 
>>> says...
>>>> I'm using Kaspersky AV, version 7.0.0.125, database updated every
>>>> couple of days or so. My regular rootkit scan has detected and
>>>> neutralised a Trojan, clicker.html.iFrame.ail, located in
>>>> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
>>>> another one of the same type in the same location and with a similar
>>>> name. 
>>>>
>>>> Kaspersky has neutralised them, and I can't see either using Explorer
>>>> so they're probably deleted, but is there any further action I should
>>>> take?
>>> Download, install and run Malwarebytes Antimalware scanner.
>> I've downloaded that and opted to save it. It has been saved in 
>> 'downloads' but where does this folder exist?
>>
> I don't know, it's not my computer. If its Vista, it'll be in the 
> Downloads Folder under your name. If its XP and you're using Firefox, 
> it'll have saved it to your desktop if you've not altered where it 
> saves it.

Thanks, I'll take a look

Dave

Conor wrote:
> In article , Dave says...
>> Conor wrote:
>>> In article , Chris Hogg 
>>> says...
>>>> I'm using Kaspersky AV, version 7.0.0.125, database updated every
>>>> couple of days or so. My regular rootkit scan has detected and
>>>> neutralised a Trojan, clicker.html.iFrame.ail, located in
>>>> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
>>>> another one of the same type in the same location and with a similar
>>>> name. 
>>>>
>>>> Kaspersky has neutralised them, and I can't see either using Explorer
>>>> so they're probably deleted, but is there any further action I should
>>>> take?
>>> Download, install and run Malwarebytes Antimalware scanner.
>> I've downloaded that and opted to save it. It has been saved in 
>> 'downloads' but where does this folder exist?
>>
> I don't know, it's not my computer. If its Vista, it'll be in the 
> Downloads Folder under your name. If its XP and you're using Firefox, 
> it'll have saved it to your desktop if you've not altered where it 
> saves it.

I am using xp pro and this has not been a problem until very recently. 
When I have downloded things in the past, I have been given the option 
to name the destination folder. These days, no!

Dave

Dave wrote:
> Conor wrote:
>> In article , Dave says...
>>> Conor wrote:
>>>> In article , Chris Hogg
>>>> says...
>>>>> I'm using Kaspersky AV, version 7.0.0.125, database updated every
>>>>> couple of days or so. My regular rootkit scan has detected and
>>>>> neutralised a Trojan, clicker.html.iFrame.ail, located in
>>>>> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
>>>>> another one of the same type in the same location and with a
>>>>> similar name.
>>>>> 
>>>>> Kaspersky has neutralised them, and I can't see either using
>>>>> Explorer so they're probably deleted, but is there any further
>>>>> action I should take?
>>>> Download, install and run Malwarebytes Antimalware scanner.
>>> I've downloaded that and opted to save it. It has been saved in
>>> 'downloads' but where does this folder exist?
>>> 
>> I don't know, it's not my computer. If its Vista, it'll be in the
>> Downloads Folder under your name. If its XP and you're using Firefox,
>> it'll have saved it to your desktop if you've not altered where it
>> saves it.
> 
> I am using xp pro and this has not been a problem until very recently.
> When I have downloded things in the past, I have been given the option
> to name the destination folder. These days, no!
> 
> Dave

Are you using Firefox if so hit Ctrl  J Or Tools > Downloads

Trev wrote:

> 
> Are you using Firefox if so hit Ctrl + J Or Tools > Downloads

That was so obvious and simple, I don't know why I didn't think of doing 
it that way.

Thanks Trev.

Dave

On Mon, 6 Jul 2009 13:21:27 +0100, Conor  wrote:

>In article , Chris Hogg 
>says...
>> 
>> I'm using Kaspersky AV, version 7.0.0.125, database updated every
>> couple of days or so. My regular rootkit scan has detected and
>> neutralised a Trojan, clicker.html.iFrame.ail, located in
>> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
>> another one of the same type in the same location and with a similar
>> name. 
>> 
>> Kaspersky has neutralised them, and I can't see either using Explorer
>> so they're probably deleted, but is there any further action I should
>> take?
>
>Download, install and run Malwarebytes Antimalware scanner.


Ooo-Err! Actually, although it detected some 280 files, most were very
low level stuff, and a fair number were connected with Ashampoo's
Magical Defrag programme which refused to run when quarantined, so
they were re-instated (it told me my trial period had expired). But it
did pick up Zlob and three occurrences of its fellow traveller,
SecureExpertCleaner. Why didn't Kaspersky see this, I wonder?. 
Thanks!

-- 
 
Chris

E-mail: christopher[dot]hogg[at]virgin[dot]net

In article , Chris Hogg 
says...
> 
> On Mon, 6 Jul 2009 13:21:27 +0100, Conor  wrote:
> 
> >In article , Chris Hogg 
> >says...
> >> 
> >> I'm using Kaspersky AV, version 7.0.0.125, database updated every
> >> couple of days or so. My regular rootkit scan has detected and
> >> neutralised a Trojan, clicker.html.iFrame.ail, located in
> >> D:\RECYCLER\S-[long string of numbers and hyphens]\Dd483.html, and
> >> another one of the same type in the same location and with a similar
> >> name. 
> >> 
> >> Kaspersky has neutralised them, and I can't see either using Explorer
> >> so they're probably deleted, but is there any further action I should
> >> take?
> >
> >Download, install and run Malwarebytes Antimalware scanner.
> 
> 
> Ooo-Err! Actually, although it detected some 280 files, most were very
> low level stuff, and a fair number were connected with Ashampoo's
> Magical Defrag programme which refused to run when quarantined, so
> they were re-instated (it told me my trial period had expired). But it
> did pick up Zlob and three occurrences of its fellow traveller,
> SecureExpertCleaner. Why didn't Kaspersky see this, I wonder?. 
> Thanks!

You're welcome. It is particularly good at finding stuff that many AV 
solutions miss.


-- 
Conor

I only please one person per day. Today is not your day. Tomorrow isn't 
looking good either. - Scott Adams

Dave wrote:
> Trev wrote:
> 
>> 
>> Are you using Firefox if so hit Ctrl  J Or Tools > Downloads
> 
> That was so obvious and simple, I don't know why I didn't think of
> doing it that way.
> 
> Thanks Trev.
> 
> Dave

FireFox has its own download folder Which is why you don't see the window asking where you want to save that you get with IE

Trev wrote:
> Dave wrote:
>> Trev wrote:
>>
>>> Are you using Firefox if so hit Ctrl + J Or Tools > Downloads
>> That was so obvious and simple, I don't know why I didn't think of
>> doing it that way.
>>
>> Thanks Trev.
>>
>> Dave
> 
> FireFox has its own download folder Which is why you don't see the window 
 > asking where you want to save that you get with IE

That became obvious when you posted the way to the downloads. I have 
until recently used Netscape, so that explained why I couldn't find the 
downloads.

Dave