I made a very interesting discovery, I wanted to share with you'all in case you encounter it.
I mentioned the trojan Spyzooka "SZ" was flagging and that is said to rerun sypzooka in safe mode to get rid of it. Well, every time I tried that, nothing was found.
I tried again this afternoon. Afer running in normal mode most of the day, I figured I'd go direct to safe mode and run SZ, figuring I could catch the bug if I didn't run it in regular mode first. Running SZ is a VERY long run to do a full scan. Last time, it was around 6 hours. So, while I was waiting, I decided to manually go clear some temporary files and such.
Low and behold, I found two folders with unusual folders in the local settings temp folder:
WERe998.dr00m and WEReb60.dr00
These two folders each contain these files (with different sizes):
iexplore.exe.hdmp
iexplore.exe.mdmp
What's incredible is right clicking on the filename in SAFE mode, and only in SAFE mode as I discovered, showed an application which appeared to show authorizations for users on the machine:
_ISW_RESTRICTED_GROUP_pcname\ISW_RESTRICTED GROUP
The permission list for this user had only READ checked. It said the owner was me.
The other users all had full permissions
SYSTEM
Mine
Administrator
This was the same when I right-clicked both files. Unfortunately, I didn't try it on a valid file in SAFE mode. Maybe it displays this stuff for everything. Next time I;m in SAFE mode, I'll look.
I found some references to this. This one was best
http://www.exterminate-it.com/malpedia/file/iexplore.exe.hdmp
I deleted them.
| 