tpe 0 Posted October 8, 2001 Hi guys i was checking a network pc this evening and turned up a trojan. the report is pasted in at bottom of the post... Great its renamed. so i go in to the directory g:\documents and settings\administrator\local settings\temporary internet files\ and look for the subdirectory that should contain the file. But, there is nothing but files, no directories at all. O.K change my view settings so as none of the files are hidden and then try again you say. well all hidden files are visable. just to check i made a new one. So then i select all and hit the shift delete button just to make sure. then i rescan the drive and guess what, the virus checker finds all the files and the virus still there in the same place they were before even though i cant see them and none of the files are hidden. (to make sure i changed the attributes of the folder g:\documents and settings\administrator\local settings\ all its contents and sub directories, and still no luck. I am pretty sure that its not the virus that is dooing this but win2k that has made some kind of virtual file structure or something, but wtf is it? Help please tpe Scanned at: 10/08/2001 11:59 PM Virus Alert! Scanned by: fb at Hiccup F-Secure Anti-Virus for Windows version 4.03 Scan engines used: F-PROT version 3.04.812 (signatures database date 2001-09-20) AVP version 3.00.129 (signatures database date 2001-09-19) Search: Drive G: Action: Disinfect Targets: File viruses Boot sector viruses Files: All Results of virus scanning: Scanned: 1 drive(s), 12319 file(s) Time: 16 min 10 sec Found: 1 infection(s), 0 suspected infection(s) in 1 file(s) Disinfected 0 file(s) g:\documents and settings\administrator\local settings\temporary internet files\content.ie5\s1yvcden\fst[1].0s Infection: 'JS.Trojan.Seeker-based' [AVP] Share this post Link to post
tpe 0 Posted October 9, 2001 Many thanks AlecStaar, it wasnt the virus checker stoping me it was win2k making some virtual directories. I managed to delete it by clearing the temp internet files. Anyone know how win2k puts these virtual directories with files in on the disk, it could well be useful to be able to edit them. tpe Share this post Link to post
Xiven 0 Posted October 10, 2001 If you're asking what I think youo're asking then you want the program "linkd" from the Win2k Resource Kit. Share this post Link to post
DrPizza 0 Posted October 10, 2001 No, Win2K uses namespace extensions so that it can display useful information within the Temporary Internet Files directory from Explorer -- that's how its "details" listing is special (it shows what site a cached file came from, and so on). If you use a shell that doesn't use the namespace extensions (e.g. File Manager, cmd, 4NT, bash) then you can see inside the TIF directory. Share this post Link to post
