[mjd420nova]

While doing a weekly MacAfee scan of my daughters hard disk, the scan completed but had two unresolved issues, both with the same file. DESKTOP.INI. I'm at a loss on how to correct this. It's a Lenovo laptop with WIN7 installed. There are no other issues and all appears to be normal with that exception. Any ideas??

[ElfBane]

Check McAfee's website and see if they are the reporting the desktop.ini as a false positive.

[Flashorn]

Hey mjd !

I had that problem in a post some time ago and I know it's not a big issue.

Do you have the the option "Hidden Files" opened (Unhide) in Folder Options?
If yes, I would close (Hide) those files in the same Folder Options in Control Panel.

Desktop.ini is a file used to either customize or alter certain settings. It's like a memory
for the settings you input on some program or if you change the icon on a folder.

You can delete that file but, the settings you changed will revert back to Default settings.

Do you have the path of that .ini file.

Did you try another scanner and did they report any other issues? This is usually not
a target of malware but, you never know these days.



FLASHORN.

[mjd420nova]

A new development has now cropped up. It has MacAfee installed and it is saying that the firewall is turned off. I use MacAfee toturn it back on and it turns itself right back off again. Very strange. Malware bytes found five files and was able to delete them. It seems MWB always finds something or other and always in the temporary files. These were just thumbnails from a KBB site.

[Flashorn]

In McAfee, go to the History tab and write down the Path to those files and copy here pls.

Run CCleaner (Broom Only)
in Advanced menu (bottom) make sure you have these
two check marked
Old Prefetch Data
IIS Log Files

Run SUPERAntiSpyware in safe mode.

Then,

Type in the Start menu search box "MRT" (without the quotes).
This is the Malware Removal Tool from MS. give it a quick scan.
Right Click to Run as Administrator.

Then,

Download and run this utility pls. ADWCleaner
http://general-changelog-team.fr/images/jdownloads/downloadimages/bouton-telecharger.png
This is the site but, it's in French. I thought you might just want the download button.

http://general-chang...de/2-adwcleaner

Could you post the logs from all of them pls.



FLASHORN.

This post has been edited by Flashorn: 09 August 2012 - 03:02 PM

[johhny]

Try scanning the hard disk with Avira, surely will help you out.

[mjd420nova]

It's been a while to get access to the machine. The path for the file is Windows\assembly\GAC_32\desktop.ini It resisted malwarebytes, superantispyware. Macafee was able to identify but was unable to purge the file. I have to look into the specs to see if it has a flash bios. Some rootkits I've seen exhibited the same flakyness.

[Flashorn]

Hey mjd !

OK, well, that's what an .ini file does. It keeps your settings meaning, in this case the infection is keeping you from
either deleting it or has other instructions. And yes, it does seem like it's an infected file.

Try TDSSKiller from Kaspersky TDSSKiller.exe to see if a rootkit has installed itself.

http://support.kaspe.../?qid=208283363

If nothing is found then run ComboFix. Make absolutely sure to follow these instructions to the letter though.

http://www.bleepstatic.com/download/dl-buttons/download.png




http://www.bleepingc...to-use-combofix



FLASHORN.