HIDDEN FILES

Moderators: Divesh, Gurdip Singh

HIDDEN FILES

Postby wabenzi » Fri Oct 03, 2008 10:29 pm

We have recently come to the notice that, the real time scanning doesn’t seems so work properly, especially the virus monitor. This major options of escan doesn’t see hidden file(s) on a specific drive(s).

After scanning the pendrive, it never detected any virus/threat. At the command prompt (DOS cmd), I located the pendrive and I typed attrib it detected some hidden files on the pendrive, and when I tried to execute the files one after the other, escan detected and deleted them as virus. How come the real time scanner and the anti virus monitor couldn’t see this viruses in the first place until I tried to execute the files before and also how come MWAV(10.0.8) couldn’t detect them when I scanned the drive.

Looking forward to hearing from you, it is very urgent. Thank you
THE LOG BELOW IS WHAT I COPIED AT THE DOS CMD PROMPT.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.


E:\>attrib
A SHR E:\39lpji.com
SHR E:\1t6yxlxx.cmd
A E:\esupdate.exe
SHR E:\fe.bat
SHR E:\kk3.bat
SHR E:\x10u6iuj.bat
A SHR E:\SCVVHSOT.exe
SHR E:\n.com
A SHR E:\0u.cmd
A E:\CLIENTS.doc
SHR E:\vxl.exe
A E:\espatch1.exe
SHR E:\ph.com
A E:\DEMONSTRATION LETTER.doc
A E:\NILP.pdf
SHR E:\nfdmg.com
A E:\proxy server.txt
A E:\Single_Sheet_English.pdf
A E:\PLANING KUJA.doc
SHR E:\p.cmd
A E:\eScan INSTALLATION PROCEDURES.doc
SHR E:\dpu1.exe

E:\>dpu1.e

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\MR DARKO>cd \

C:\>attrib
A C:\23990098.$$$
C:\AUTOEXEC.BAT
A SHR C:\boot.ini
A C:\bootini.ins
A C:\CONFIG.SYS
A C:\Copy of cash flow for Tadi 2.xls
A C:\Copy of OUTSTANDING 2.xls
A HR C:\dell.sdr
A C:\DOLPHINS CLUB DIRECTORY.doc
A SH C:\hiberfil.sys
A C:\INFCACHE.1
A H C:\IO.SYS
A H C:\MSDOS.SYS
A SHR C:\NTDETECT.COM
A SHR C:\ntldr
A C:\OUTSTANDING 2.xls
A SH C:\pagefile.sys

C:\>f:

F:\>attrib
SHR F:\autorun.inf
A F:\Doc1.doc
A F:\error-content admin.doc
A F:\~WRL0257.tmp
A F:\eScan INSTALLATION PROCEDURES.doc
A F:\~WRL2592.tmp
A F:\MEMO(clean-up).doc
A F:\Memory Improvement [from www.metacafe.com].pdf
A F:\~WRL2572.tmp
A F:\~WRL3685.tmp
A F:\~WRL2510.tmp
A F:\~WRL0362.tmp
A F:\~WRL0059.tmp
A F:\~WRL0668.tmp
A F:\~WRL0602.tmp
A F:\~WRL0443.tmp
A F:\Backup of eScan INSTALLATION PROCEDURES.wbk
A F:\spearhead-LOGO with ....PNG
A F:\office2003.exe
A F:\officexp-KB947866-FullFile-ENU.exe
A F:\spearhead cd.cdr
A F:\spearhead cards.cdr
A SHR F:\0.com
H F:\Setup.pif
H F:\~WRL0291.tmp

F:\>o.com
'o.com' is not recognized as an internal or external command,
operable program or batch file.

F:\>0.com
Program too big to fit in memory

F:\>


These are hidden files on pendrives not detected by escan real time scanner and the virus monitor
wabenzi
 
Posts: 52
Joined: Thu Jun 19, 2008 5:16 pm
Location: Tema-Ghana

Postby Varghese » Mon Oct 13, 2008 11:42 am

Hello,

eScan Real Time monitor detects and deletes the viruses as and when is is accessed or on account of any related activity. An probably that is the reason it got deleted when you tried to execute it.

MWAV could not delete it probably because it might not have had the latest signature at the time of scanning. If not please send us the mwav.log or post it here for us to analyze it.
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai


Return to Virus-related Issues

Who is online

Users browsing this forum: No registered users and 8 guests

cron