Possible perfiler.a.exe Help needed

The war between wetware and hardware.
Guest

Possible perfiler.a.exe Help needed

Post by Guest »

My Anti-virus (AVG) says I have a trojan called pertiler.A.exe in C system Volume information restore.(loads of letters after it)

I ran AVG it says nothing wrong. But the little announcement box up pops again saying it is there. I went to an online virus scanner and it says I'm clean too?

Please how do I get rid of the thing if I have a thing that is?
mooseypops
Posts: 219
Joined: Thu Jun 10, 2004 2:04 pm
Location: Canada

Post by mooseypops »

Usually I check www.snopes.com for virus information - they had nothing on the virus you describe.
So then I checked http://securityresponse.symantec.com/ which is Norton's big list of viruses (or virii). They also had nothing.
I even did a general search on Yahoo and nothing happened.
Since you have AVG, I would suggest you go to the Grisoft website (alt+w) and contact them about the virus. They should be able to explain why AVG came up as showing nothing wrong too.

Good luck
Guest

Post by Guest »

Sorry I mi-spelt it. It is perfiler.A.exe /down-loader perfiler.b trojan horse.

I found some help after going through miles of definitions that made no sense to me.

Finally I found this to cure it. Except I did that and AVG still didn't find anything?????????

WindowsXP
Disabling the System Restore Utility (Windows XP Users)
1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.
Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'
Find a Restore Point
click start, programs, accessories, system tools, system restore, choose restore my computer to an earlier date.
You will get a box with dates! Choose the date you wish to restore too!!
Once you have turn of s\r run anti virus and delete what it finds then turn restore back on and run anti virus again to check that they have gone.


Anyway it might help somebody else.

Can I leave restore off safely?
mooseypops
Posts: 219
Joined: Thu Jun 10, 2004 2:04 pm
Location: Canada

Post by mooseypops »

Dude, talk to Grisoft and tell them all this. It's their product, so they should have some kind of clue why AVG still isn't finding anything. Email them and see what they say. They'll have a much better idea (I would hope) than just somebody you met on a forum of why their product isn't detecting a virus (GET NORTON GET ADAWARE)

System restore 'snapshots' your hard drive and it's contents, so that if you have any problems, you can go back to a previous snapshot. The only problem is that it snapshots viruses as well, which is why you've been told to turn the system restore off AFAIK. So it should be safe enough to leave system resotre off. I'm told it will also free up more hard drive space for you.

Hope this helps?
Pyrrho
Posts: 33304
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6

Post by Pyrrho »

My company got hit by a worm last week. They have everyone on Windows 2000 Professional -- everybody's profile is getting wiped. We who were on the road were told not to log into the network when we get back to the office with our laptops. Can't remember the name of the worm.
Guest

Post by Guest »

ok
De_Bunk
Posts: 4332
Joined: Sat Jun 05, 2004 5:16 pm
Location: If you find that you have trouble..Just have a little drink..It is your friend.

Post by De_Bunk »

Go Google...

Enter "Housecall" virus checker...

select "Auto clean"

Its free but you have to accept a small download...

Ive used it for ages..to double check all is well on my PC...

Its found stuff that my NAV has missed...

Try it...

DB
bignickel
Posts: 96
Joined: Tue Jun 15, 2004 9:15 pm
Location: Tokyo, Japan

Post by bignickel »

If I'm not mistaken, the reason that your A/V can't find it is because it's not a virus.

It's ad/malware.

The program you named is the installer; after installation it's a.exe, with a few settings pointing to it so it's run everytime the computer is rebooted.

Other versions are b.exe, c.exe, etc.

Due to the dumbass nature of the google search engine, you can't actually find 'a.exe' because it insists on not considering the period.

I suggest getting ad-aware from www.lavasoft.de , getting the newest definition file, and let it scan your box.

I spent 3 hours cleaning this crap off of a friend's mom's computer, so I know how tenacious this stuff can me.

After you run ad-aware, run 'hijack this' and post the results you see here on the forum.

(also check your wininit.* file, to see if there's any loaders in it)

Most of the links for perfiler on yahoo are in spanish; here's one in english:
http://www.ispcops.com/postlite49390-perfiler.html
Guest

Post by Guest »

De_Bunk wrote:Go Google...

Enter "Housecall" virus checker...

select "Auto clean"

Its free but you have to accept a small download...

Ive used it for ages..to double check all is well on my PC...

Its found stuff that my NAV has missed...

Try it...

DB
Did that and it found nothing.
Guest

Post by Guest »

bignickel wrote:If I'm not mistaken, the reason that your A/V can't find it is because it's not a virus.

It's ad/malware.

The program you named is the installer; after installation it's a.exe, with a few settings pointing to it so it's run everytime the computer is rebooted.

Other versions are b.exe, c.exe, etc.

Due to the dumbass nature of the google search engine, you can't actually find 'a.exe' because it insists on not considering the period.

I suggest getting ad-aware from www.lavasoft.de , getting the newest definition file, and let it scan your box.

I spent 3 hours cleaning this crap off of a friend's mom's computer, so I know how tenacious this stuff can me.

After you run ad-aware, run 'hijack this' and post the results you see here on the forum.

(also check your wininit.* file, to see if there's any loaders in it)

Most of the links for perfiler on yahoo are in spanish; here's one in english:
http://www.ispcops.com/postlite49390-perfiler.html
I ran ad-ware and it found nothing also. I saw nothing that said run hijack this?
bignickel
Posts: 96
Joined: Tue Jun 15, 2004 9:15 pm
Location: Tokyo, Japan

Post by bignickel »

Fluffy wrote: I ran ad-ware and it found nothing also. I saw nothing that said run hijack this?
http://www.spywareinfo.com/~merijn/downloads.html

Download it and run a scan. Post the results of the scan.

DON'T delete anything. You might remove something important.