F-Secure Anti Trojan

**gorgan** · 26th January 2003

Hi All

I have F-Secure on my pc and as was experiencing some problems I ran this s/w. It detected 3 Trojans as follows:

� C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\8HYRGTY3\ViewConfirm[1].0tm Infection: Trojan.JS.Seeker
� C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\I7BJPNF3\z22[1].0ml Infection: Trojan.VBS.Seeker
C:\WINDOWS\SP.0LL Infection: Trojan.WinREG.StartPage

When I tried to disinfect these it just didn't do anything and left them untouched. However F-Secure can also selete file as another option. I selected this and it deleted these files. My question is:

1- since I checked recycled bin these files where not there. Am I right to say that these files have been deleted and F-Secure deletes and bypasses recycle bin altogether?

2-What is the difference between disinfection and deketing option? My guess is a file might be innocent, however it may contain some virus in which case disinfection is the right option. There can also be a case when a file is purly a harmful file in which case has to be deleted. Am I right? If this is the case why F-Secure calling these files Trojan? I always thought Torjan was a harmful file inside a innocent file.

gorgan

**cronus71** · 26th January 2003

The way I see these two are
disinfection A file that contains something suspicious and the AV software tries to clean it up, by removing the issue (trojan/virus) and spareing the file itself.

deleting The file can not be disinfected/cleaned and has to be removed from the system. Many AV softwares puts the file in the recycle bin to a quarantine, and it will be removed during the next reboot.

Either way, if we are only talking about one file that has an issue, typically you can point the finger at that file, and you do not need it.

All the best

**tef89** · 26th January 2003

I recognise the first two files / trojans as being the type f-secure flags up on my Pc when I visit warez / crack sites etc. I believe they are VB script files (or similar) that have the potential to change Internet Explorer settings. I just have F-secure delete them automatically or delete the file as and when they are dropped into my temporary interenet files folder.

I think the third one is a trojan downloader file but I may be mistaken.

F-Secure probably calls them a trojan because they don't actually damage any existing files on your pc, they just change existing settings.

**gorgan** · 27th January 2003

Thank you for your replies.

------------------------------------------------------------------------------
I just have F-secure delete them automatically or delete the file as and when they are dropped into my temporary interenet files folder.
------------------------------------------------------------------------------

@tef89

Do you actually mean that F-Secure does this in real time? If so plz let me know how this is done. I have a zone alarm pro as well (Thanks to you) and when I turn the pc on it does ask whether I want F-Secure backweb to act as server which I always say yes.

Regards
gorgan

**tef89** · 27th January 2003

Backweb is unrelated - Backweb is simply a system for f-secure to update it's anti-virus definitions automatically.

To get F-Secure to remove problem files automatically just select Delete Automatically from the drop down menu in the Real-Time Protection section of F-Secures settings (obtained by double clicking the system tray icon). When f-secure deletes a file it will give you a notification pop-up to let you know.

If you're nervous about allowing F-secure to delete stuff automatically it's just as practicable to use the method you're using now and get it to ask you what you want to do first of all, either way they it does the same thing in the end