I have exactly this problem too. The file lies in Documents and Settings\{User}\Local Settings\Temp\clclean.0001.dir.000 I believe this directory is generated by a Creative Labs application - either some sort of sound driver / settings application or the Licensing software. You can't just delete it because the file is in use. I have deleted the file for a limited user from the Admin account, but it just gets recreated. After this, it still trips the PC-Cillan anti-virus detection as a low-threat Trojan. PC-Cillan fails to clean the file. This is very annoying. The anti virus pop-up window keeps calling attention to the file.
I actually called Trend Micro and one of their technicians helped walk me through taking it off. I had to start up in safe mode and delete it that way. The tech also told me that many many people were having problems with this same trojan/virus/whatever it is yesterday. Trend Micro is currently working on a fix for it.
bec9681, it appears that your issue has been resolved. Thank you for letting us know.
Your Java is outdated, though.
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run.
Please follow these steps to remove older version Java components and update.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps: 1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update:
http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed AVG Anti-Spyware, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update it using the *update* button
8. If you have not already done so, you might want to install
CCleaner and run it in each user's profile:
http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
9. If you use
Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8. It would be best to remove prior versions before updating to a new version.
Info here: http://www.adobe.com/support/security/bulletins/apsb06-20.html
If you need additional assistance, the Adobe forums are here:
http://www.adobe.com/support/forums/main.html
10.
Make sure you are using the most updated version of Java. The current version is Java Runtime Environment (JRE)1.6.0
You can go here to download the latest version of
Java Runtime Environment (JRE) 6.
Scroll down to where it says "
The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the link to download the
Windows (Offline Installation) package: Save it, do
not run it. When the download is complete, close the browser.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on
jre-6-windows-i586.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.
11. Practice Safe Surfing with with
SiteAdvisor by McAfee. SiteAdvisor is a browser plugin that assigns a safety rating to domains listed in your search engine.
The following color codes are used by SiteAdvisor to indicate the safety of each site.
Red for Warning Yellow for Use Caution Green for Safe Grey for Unknown
13. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies (Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
Thanks. :) We'll consider this thread closed.
All other users with the same problem please post your HijackThis log as a New Message or add your discussion on the Virus and Spyware forum.
(Edited to fix forum formatting bug.)
Message Edited by Bugbatter on 03-08-2007 01:49 PM
rleduc
14 Posts
0
March 6th, 2007 11:00
bec9681
2 Posts
0
March 6th, 2007 13:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 6th, 2007 14:00
Your Java is outdated, though.
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.
Updating Java:
Official JAVA Installation Instructions if needed.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
3. Download and install the following free programs:
a. SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.
4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html
5. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. Ad-aware: http://www.lavasoft.de/software/adaware/
b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed AVG Anti-Spyware, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update it using the *update* button
7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8. It would be best to remove prior versions before updating to a new version.
Info here: http://www.adobe.com/support/security/bulletins/apsb06-20.html
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html
10. Make sure you are using the most updated version of Java.
The current version is Java Runtime Environment (JRE)1.6.0
You can go here to download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says " The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.
11. Practice Safe Surfing with with SiteAdvisor by McAfee. SiteAdvisor is a browser plugin that assigns a safety rating to domains listed in your search engine.
The following color codes are used by SiteAdvisor to indicate the safety of each site.
Red for Warning
Yellow for Use Caution
Green for Safe
Grey for Unknown
12. Here are some helpful articles:
"So how did I get infected in the first place?"
by TonyKlein
http://computercops.biz/postlite7736-.html
"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx
13. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies
(Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 8th, 2007 00:00
More here:
http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&thread.id=57574">http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&thread.id=57574">http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&thread.id=57574
rleduc
14 Posts
0
March 8th, 2007 13:00
Users may wish to adopt this solution as a temporary fix until PCCillan has come up with a fix, or, like myself, adopt it as a permanent fix.
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 8th, 2007 16:00
All other users with the same problem please post your HijackThis log as a New Message or add your discussion on the Virus and Spyware forum.
(Edited to fix forum formatting bug.)
Message Edited by Bugbatter on 03-08-2007 01:49 PM