Malware Scan Results :Fact or Fiction?

  jimmyflood 17:28 06 Jan 2008
Locked

I have just run an online malware scan which was connected to a program I use called "Advanced WindowsCare V2 Personal".The Scanner Program was called "Prevx CSI". It came up with a Trojan and this explination:
This object has a file size of 160,955 bytes, it is called ISDRV118.SYS and is located in the %windir%\system32\drivers\ folder.
This file is considered unsafe and is part of the malware group, TROJAN.ALMANAHE.A. It was first seen on Sunday, May 27 2007. It has been seen frequently by 38 users in this section of the community.
ISDRV118.SYS has yet to be seen running in this section of the community.
ISDRV118.SYS has been the subject of the following behavior:
- Created as a new Background Service on the machine
- Created as a process on disk
- Loaded and Executed as a System Driver File
- Deleted as a process from disk.
As this free scan program won't allow me to deal with the trojan unless I purchase a liscence Key, I am a bit sceptical that this may be a marketing ploy to get me to buy the program.None of my other scanner programs (Spybot S&D, Ad-Aware 2007, Windows Defender, Windows OneCare Online Scanner, Bitdefender online Scanner)have found this problem.
Has anyone come across this "Trojan" before?

  VoG II 17:31 06 Jan 2008

Try a-squared click here which is one of the best trojan finders. If that doesn't find it you probably aren't infected.

  Gongoozler 17:35 06 Jan 2008

I have always found A-Squared free click here to be reliable - and it doesn't ask for money before it deals with any trojans it finds.

  skidzy 17:36 06 Jan 2008

Prevx is legit and a very good program.

What prevx has found,is part of a rootkit.

click here
click here
click here

  DieSse 17:43 06 Jan 2008

Worse than a trojan, this is a rootkit and can potentially badly infect your system.

Read this from f-secure, a very respectable anti-virus company, amongst others.

click here

Many security programs do not adequately uncover rootkits. Good anti-virus programs with good rootkit detection should find it OK.

Try the NOD32 free on-line scan.

  DieSse 17:45 06 Jan 2008

click here - forgot the link - sorry.

  mfletch 17:50 06 Jan 2008

Download this free Antirootkit remover and run it to see what it finds,

click here

Be careful on what you delete {ALMANAHE.A}

mfletch

  birdface 18:09 06 Jan 2008
  birdface 18:12 06 Jan 2008

Oops sorry same one.

  jimmyflood 22:13 11 Jan 2008

I tried various recommended scans and F-Secure picked up some spyware and also A-Squared.
However I ran the Prevx scan again and none had removed the "Problem File".
As Prevx gave me the full file name,I manually deleted the file and on running the Prevx scan for a third time, I no longer get the warning.
Many thanks to all of you that helped,It is a great help and reassurance when things go wrong.
Jimmyflood.

  Technotiger 22:15 11 Jan 2008

Prevx is worth buying - a good program.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best phone camera 2017

Stunning new film posters by Hattie Stewart, Joe Cruz & more

iPad Pro 10.5in (2017) review

28 astuces pour profiter au mieux de votre iPhone