Hi guys,
I have spent the last two weeks trying to remove a trojan horse and thought someone might have some insight. My system includes:
-VMWare 2.0.6
-Windows XP
-Snow Leopard
-Apple time capsule
Anyways I ran Avast Anti Virus on the Windows XP side on the "Z:" virtual drive shared between Windows XP and Snow Leopard and it detected two win32:fraudload-p trojan horses.
After deleting the trojan horses no problems. . . until I quit fusion and tried to reopen an XP session and received the dreaded "file not found," making it impossible to open XP. Fortunately I have several copies of the virtual machine saved on the time capsule. I have reinstalled the virtual machine at least ten times but it ceases to work after I remove the trojan horses.
Reinstalling XP does not seem to be a solution as the infected files reside on the virtual shared drive.
Any suggestions? Should I try to remove the trojan horses by installing Avast on OSX?
Thanks!
S
OK, then I righteously bellive that there is no any virus AT ALL.
I 've mentioned that in all cases with similar issues to yours, people were using Avast.
Here are some of them:
http://communities.vmware.com/thread/260656
Best Regards
iSCSI Software Support Department
Actually Avast identifies the trojan horse but fails to remove it properly. After "removing" the malware, the client will not relaunch and I need to reinstall again and again.
Will look at NOD32 now.
S
NOD32 did not find the trojan horse either - only found by Avast, but not effectively removed
Any additional suggestions welcomed!
Thanks,
S
Ok,
I searched around a bit more and saw on the Avast site that Windows Defender was causing some people to register false positives. I removed windows defender and got different warnings after running avast:
Z:\S On My Mac\Documents\Virtual Machines\Windows XP Home Edition.vmwarevm\564d0187-28be-d17f-9252-cf7f7d5508fa.vmem
Fanthomas-1443
Virus/Worm
vps version - 100322-0, 03/22/2010
Z:\S On My Mac\Documents\Virtual Machines\Windows XP Home Edition.vmwarevm\Windows XP Home Edition.vmdk
Trojan Horse
vps version - 100322-0, 03/22/2010
Then avast crashed with a memory buffer issue.These are fusion files that I suspect have not been hit with a trojan horse or virus. A useful forum discussion:
http://forum.avast.com/index.php?topic=44145.0
Any other thoughts?
Hi Anatoly,
Not using ThinApp. Install is pretty barebones.
Thanks,
S
OK, then I righteously bellive that there is no any virus AT ALL.
I 've mentioned that in all cases with similar issues to yours, people were using Avast.
Here are some of them:
http://communities.vmware.com/thread/260656
Best Regards
iSCSI Software Support Department
Thanks Anatoly for taking the time to help me work through this; after spending a few weeks on the issue I concur with your conclusion. Please keep up the good work.
Best regards,
S