|
Posted by =?Utf-8?B?QVM=?= on December 14, 2005, 5:41 pm
If you were Registered and logged in, you could reply and use other advanced thread options
"David H. Lipman" wrote:
>
> | After runnning scan at:
> |
> | http://safety.live.com/site/en-US/default.htm
> |
> | I was told that 6 files containing VBS/Petik-V virus were deleted. (without
> | asking)
> |
> | All of these files were Firefox related. (<user-dir>\Applicaton Data\...)
> |
> | Google-ing "VBS/Petik-V" lead to:
> |
> | http://www.sophos.com/virusinfo/analyses/vbspetikv.html
> |
> | Now, aside from the fact that this doesn't seem to have to ANYTHING to do
> | with Firefox and I couldn't find any of the keys in the registry, I was
> | wondering about this line from the "Recovery" tab:
> |
> | "and delete 'c:\boot.ini'."
> |
> | Wouldn't THAT really screw things up?!
>
> Realize that it is still a Beta.
>
> Having said that, you didn't post the fully qualified path
(<user-dir>\Applicaton Data\...)
> is insufficient.
>
> If it is something to the effect of...
> %HOMEPATH%\Applicaton Data\Mozilla\Firefox\Profiles\< variable>\default\Cache
>
> The the VBS source code of this Trojan was found in the Browser cache and
could very well be
> a valid detection.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
| 
XML site map