Is this a virus?

  techhelp 19:06 26 Apr 2005

Can anyone tell me if this is a virus? If I delete it will that make the system safe? How can I tell what type of virus it is and get the corresponding virus killer to remove it?

C:\Prgoram Files\ehc\hc2\Printers\Troubleshooting\images\ep1.bmp.shs


  VoG II 19:11 26 Apr 2005

Seems to be a false positive by AVG click here

  pauldonovan 19:35 26 Apr 2005

... I'd be interested to know what else is in your:

C:\Program Files\ehc\hc2
directory? Searches on google return nothing about that path which surprises me. I wonder if anything else in there suggests what that file is for. If the contents shed any light on the file then great.

AVG is right to be concerned as why should a file have a dual extension and it looks like it could be a shell file masquerading as an image....

  VoG II 19:44 26 Apr 2005

Try an online scan click here

  Technotiger 19:50 26 Apr 2005

Hi, Trojan according to this -

CastleCops :: View topic - Hijack Log
...and failed to clean the following 2: 1: Trojan horse Downloader.Skoob.D 2: looks like and infected .bmp - ep1.bmp.shs. AVG lists it as a...
click here

  techhelp 17:54 29 Apr 2005


Did a 'files and folder' search for the '...ep1.bmp.shs' file and found two. I tried renaming them without any success, I was able to delete both files although there seems an awful lot to delete.

Next I turned System Restore off and ran PC-cillin 2002(Results were o.k) and AVG 7.0 gave 'Virus detected' alarm but returned (Results were OK).

What I do not understand is why AVG says during the scan 'Virus Detected', gives me options but the only active option is Continue:-

CONTINUE - closes the Virus detected box.
INFO - there is no further information about this infection
HEAL - required action is not avaialable for this object.
DELETE FILE - required action is not avaialable for this object.
MOVE TO FAULT - required action is not avaialable for this object.

but the test reults at the end of the scan say results were OK?

And as if by a miracle, although I had deleted both ...ep1.bmp.shs files and took all the above actions, guess what has just appeared during a further AVG scan, yes, Virus Detected, but yet again the Test Results:OK.



While opening file C:\Documents and Settings\ j \Local Settings\Temporary Directory 1 for EHC.ZIP\ehc\ehc2\Printers\Troubleshooting\images\ep1.bmp.shs

Warning: Hidden extension shs.

(Strangely, even though I deleted the two .shs files in Program Files, this has appeared in Documents and Settings as a temporary file with the same extension.) What is going on here?

Does anyone know why AVG will not activate it's own options to - HEAL, MOVE TO VAULT OR DELETE THIS FILE or return Test Results of OK? Have I got a problem and what is the problem? How can I resolve it?

Can anyone explain what is happening here, answer any of the above questions or provide a clear set of instructions I can follow to get rid of this trojan / virus or whatever it is please.

  VCR97 18:48 29 Apr 2005

Try the AVG forum at click here

  techhelp 12:10 30 Apr 2005

Thanks for that Keith S. will try them for assistance.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

The art of 'British' pulp fiction

Best password managers for Mac

TV & streaming : comment regarder le Tournoi des Six Nations 2018 ?