Hello All,
was working on a sys for a local company. Ca EZ trust starts throwing up virus alerts for thnall1ac.exe / win32.Bettinet.AW. Appears to be related to something called "a better internet". It was spawning 1 process running at boot from win\system32\. When i try to kill the process it re=spawns with a different jumble of letters .exe
The virus alert shows it residing at "user"\localsettings\temp and temp internet files
CA EZ trustAV ( latest version and updates) was run and although it alerted to the problem it didn't not find the worm/virus/trojan. Also ran pest patrol, adawarese/spybot/ewido. Ewido "found" it in memory and on the HD and removes it then on reboot there it is again. I have search all over the net and found no info on it. Is it new?
No virus def yet?
Ran sysinternals process explorer, see that the process is running in sys32 again, then booted to linux live cd and volkav commander/ntfs. Looked in the temp folders and system32, for the numerous names that this item called itself and there is nothing there to delete? It is there running but i can't find the thing anwhere.
For an obsessive person this kind of thing drives my insane. I usually am very good at cleaning systems from this sort of thing but this one has got me!
I would appreciate any ideas. I do not have the system here with me right now. But i will go get it again and conquer this dirty son of a gun, with your help!!!
thanks so much,
Boutros
was working on a sys for a local company. Ca EZ trust starts throwing up virus alerts for thnall1ac.exe / win32.Bettinet.AW. Appears to be related to something called "a better internet". It was spawning 1 process running at boot from win\system32\. When i try to kill the process it re=spawns with a different jumble of letters .exe
The virus alert shows it residing at "user"\localsettings\temp and temp internet files
CA EZ trustAV ( latest version and updates) was run and although it alerted to the problem it didn't not find the worm/virus/trojan. Also ran pest patrol, adawarese/spybot/ewido. Ewido "found" it in memory and on the HD and removes it then on reboot there it is again. I have search all over the net and found no info on it. Is it new?
No virus def yet?
Ran sysinternals process explorer, see that the process is running in sys32 again, then booted to linux live cd and volkav commander/ntfs. Looked in the temp folders and system32, for the numerous names that this item called itself and there is nothing there to delete? It is there running but i can't find the thing anwhere.
For an obsessive person this kind of thing drives my insane. I usually am very good at cleaning systems from this sort of thing but this one has got me!
I would appreciate any ideas. I do not have the system here with me right now. But i will go get it again and conquer this dirty son of a gun, with your help!!!
thanks so much,
Boutros
