We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Trojan on desktop computer
Options
General_Grant
Posts: 5,274 Forumite
in Techie Stuff
Over the last week I've just begun using my late husband's computer. He had a subscription to Kaspersky which is still licensed (I think autorenewed through one of my accounts).
So today it
Detected: Trojan.Win32.Scar.srqq
Location: E:\InstallFiles\OS\WinXP TinyXP various\TinyXP Rev09.iso//EXTRAS\Internet-Explorer-7-Silent-Install.exe
I selected for Kaspersky to remove this but it then gave message:
Cannot disinfect the detected object = write not supported.
Option is then to "Skip" or to "Delete archive".
I'm not sure why it cannot disinfect - perhaps it needs Administrator permission??
So, please, what do I do? Can I simply delete the .exe file (assuming I can see it)?
Also what would the "Delete archive" do?
I've switched off that computer but did want to begin using it.
So today it
Detected: Trojan.Win32.Scar.srqq
Location: E:\InstallFiles\OS\WinXP TinyXP various\TinyXP Rev09.iso//EXTRAS\Internet-Explorer-7-Silent-Install.exe
I selected for Kaspersky to remove this but it then gave message:
Cannot disinfect the detected object = write not supported.
Option is then to "Skip" or to "Delete archive".
I'm not sure why it cannot disinfect - perhaps it needs Administrator permission??
So, please, what do I do? Can I simply delete the .exe file (assuming I can see it)?
Also what would the "Delete archive" do?
I've switched off that computer but did want to begin using it.
0
Comments
-
Just looking at the location, it is mentioning the E drive which is not the normal letter for a hard drive ..
Is there a CD in the drive ? This would also explain the "cannot write" message0 -
TinyXP is a bootable windows image used for troubleshooting it's legality is up for debate and it wouldn't surprise me if there is a trojan in it's image.
Feel free to delete the entire E:\InstallFiles\OS\WinXP TinyXP various\TinyXP Rev09.iso
Your question suggest that you won't have the need, or technical skills to ever use it. Even if you do, you can download a new copy off the internet
Not familiar with Kaspersky specifically, but I assume "Delete archive" will delete the file from it's current location and place it into a quarantined area controlled by Kaspersky, so it can't cause trouble, but you can still restore it if needed.0 -
As above E is not usually the main drive (that is usually C)
It could be a external hdd or CD driveI’m a Forum Ambassador and I support the Forum Team on the Quick Grabbit, Freebies, Overseas Holidays & Travel Planning and the UK Holidays, Days Out & Entertainments boards.
If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.0 -
Thanks to you all.
My husband used to partition the hard drive but he may have installed another drive in the column or external. I'm having to use a torch to inspect what is there and it is very cramped and I don't want to dislodge anything vital.0 -
Just looking at the location, it is mentioning the E drive which is not the normal letter for a hard drive ..
Is there a CD in the drive ? This would also explain the "cannot write" message
Guys it's perfectly reasonable drive letter for a second HDD after C for the system drive and D for the optical drive. Note OP mentioned "Computer" not Laptop, second HDD is not far fetched.heatherw_01 wrote: »As above E is not usually the main drive (that is usually C)
It could be a external hdd or CD drive
"E:\InstallFiles\OS" suggests a software repository with OS sub-folder, containing TinyXP OS .ISO Further pointer towards E being a second "Data" drive. I have seen this a million times, including on my own PC/Laptops, only it's called "Source" or "ISO" or "Installs" through the years.
The infected file is within an .ISO file, which explains why the AV can't write/delete it. Under these circumstances it's extremely unlikely that E:\ is a disk in the optical drive.
Edit:
Absolutely no need to play detective, riffling inside the PC case. Just delete the E:\InstallFiles\OS\WinXP TinyXP various\TinyXP Rev09.iso and you are good. Even if you can't/don't want to delete that file, there is no risk unless you mount the .ISO and launch the .exe yourself. It can't be launched by some external process without your involvement.General_Grant wrote: »Thanks to you all.
My husband used to partition the hard drive but he may have installed another drive in the column or external. I'm having to use a torch to inspect what is there and it is very cramped and I don't want to dislodge anything vital.0 -
^^ Yep . Missed the iso bit skimming the post0
-
Guys it's perfectly reasonable drive letter for a second HDD after C for the system drive and D for the optical drive. Note OP mentioned "Computer" not Laptop, second HDD is not far fetched.
"E:\InstallFiles\OS" suggests a software repository with OS sub-folder, containing TinyXP OS .ISO Further pointer towards E being a second "Data" drive. I have seen this a million times, including on my own PC/Laptops, only it's called "Source" or "ISO" or "Installs" through the years.
The infected file is within an .ISO file, which explains why the AV can't write/delete it. Under these circumstances it's extremely unlikely that E:\ is a disk in the optical drive.
Edit:
Absolutely no need to play detective, riffling inside the PC case. Just delete the E:\InstallFiles\OS\WinXP TinyXP various\TinyXP Rev09.iso and you are good. Even if you can't/don't want to delete that file, there is no risk unless you mount the .ISO and launch the .exe yourself. It can't be launched by some external process without your involvement.
That is SO VERY GOOD to hear. I now feel confident in going back and using the desktop computer.
[I wasn't going to look inside the PC case, the reference to using a torch and it being cramped is because of its location under the desk and even seeing the On button wasn't easy!]
I think I love you!
ETA: I've also tried registering an account with Kasperky and have asked them to explain the meaning of the delete archive message.0 -
You should stop the auto-subscription. You can buy the product for a lot less via eBay. You won't need to install the product, but only apply the new product key that is supplied to you.
Typical price for 1 Year(3 Devices) is around £15. But can be found for as little as £10. Single licence for around £7 for a year.
So check how much it is that you are paying currently.0 -
Or better still than buying a key from ebay :-
Uninstall Kaspersky and use a free version of Bitdefender that will be perfectly adequate.
https://www.bitdefender.co.uk/solutions/free.html
This is a moneysaving site afterall0 -
Does the XP refer to the operating system? If so its probably time to update.Location: E:\InstallFiles\OS\WinXP TinyXP various\TinyXP Rev09.iso//EXTRAS\Internet-Explorer-7-Silent-Install.exe0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards