February 23rd, 2003, 06:26 PM
Whilst running a routine scan on my pc the scanner picked up that i had winbomb on my pc, i was just wondering if i can just delete the file that it is in, or if i have to do anything special, the scanner said it can't clean it and it wouldn't give me any info on the virus itself. Cheers for any help you can give.
February 23rd, 2003, 06:31 PM
What scanner are you using? The Cleaner by Moosoft is a good trojan scanner and can typically remove most trojans. If it (or any other cleaner, for that matter) can't clean the file and won't delete it, do some research to find out what the file is. Sometimes, they are simply files created by the trojan itself. Other times, they infect files which are critical to Windows operations. If you want more help, give us more information (what scanner you're using, what file was infected, etc.)
February 23rd, 2003, 07:38 PM
You asked: "Can I just delete the file its in"... well if you did something really bad like opening the file then 9-10 you'll need to check for reg-keys and other crap that could be in your startup. You should probably dissconnect from everything and write the name of the file anyways.... you should have something called (search) in windows that can find winbomb.exe, check the programs that are running in the startup, then you should delete the virus's files or use a trojan-cleaner or something.
BTW: You should make sure it doesn't have any read-only or if it came from a .zip if it does then alot of times AV will have trouble deleteing it, after that make sure its not in your trash-bin because AV will often scan stuff after you've deleted and go crazy with warnings and stuff, reboot and scan agian to make sure everything is ok.
If you didn't open it then you probably don't need to take nearly as many paraniod steps shown above ^ but safety is a good thing...
!Hey im a AO addict now!
YAY 4 me
February 23rd, 2003, 08:08 PM
Plus one other thing, what is the file that is "infected"? Because we can better help you if we know the file, and can let you know if the file is part of the system or what not.
[shadow]There is no right and wrong, only fun and boring...
Formatting my server because someone hacked into it sounds pretty boring to me...
That\'s why it\'s all about AntiOnline.com![/shadow]
February 23rd, 2003, 08:15 PM
Well my AV automaticly scans and names things by catagory such as trojan/worm/virii when it doesn't know exactly what type or varient it is. But when it gives a exact name such as 'the sannaspy.w' then that usually means its very common and can be easly looked up in some AV library. You should check it out and make sure that thing isn't rapeing your comp like avdven and aciDrive said.
February 24th, 2003, 02:09 AM
I'm using f-secure as the scanner cause my uni gives it to us for free. The file that has been infected is not a system file. It is a file in a program called 1st page by evrsoft and i have never accessed the file to my knowledge, i don't even know what the file is, i think it is a template of some sort for the program, but i never use templates.
Cheers for the help, i'm gonna keep looking for a bit but i think that i can probably just delete the file. The only thing that i was wondering is how it got on my pc in the first place, i'm assuming through an e-mail as i get a lot of unsolicited mail, but i never open that stuff, just delete it as soon as i see it. oh well if anyone has any insights i'd be glad to here them.