Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Mystery 'ias' folder

Reply
Thread Tools

Mystery 'ias' folder

 
 
MiniEmma
Guest
Posts: n/a
 
      03-23-2005
Running windows xp prof

Yesterday norton antivirus popped up a few virus warnings for IRC Trojan and
a few others. The infected files were in 'c:/windows/fonts/ias' folder

When I browse through My Computer (hidden folders made viewable), the Fonts
directory does not have any folders in, but if I go to 'Start>Search>Files
and Folders>Browse' I can then see the folder called 'ias' in the fonts
folder

When I first managed to get to the folder there were a few MIRC icons and
other IRC related things and I tried to delete the folder but loads of it
said I could not access it and could not delete it. I did a system restore
and the folder is still there but without the MIRC items.

Does anyone know what it is and why I can't see it through My Computer?

I've done a full system scan with Norton and have no viruses. I have also
run the stinger and an online virus scan all showing clear. Also 3
different spyware searches - also all clear.


 
Reply With Quote
 
 
 
 
carson
Guest
Posts: n/a
 
      03-23-2005

"MiniEmma" <(E-Mail Removed)> wrote in message
news:d1rtid$2kb$(E-Mail Removed)...
> Running windows xp prof
>
> Yesterday norton antivirus popped up a few virus warnings for IRC Trojan

and
> a few others. The infected files were in 'c:/windows/fonts/ias' folder
>
> When I browse through My Computer (hidden folders made viewable), the

Fonts
> directory does not have any folders in, but if I go to 'Start>Search>Files
> and Folders>Browse' I can then see the folder called 'ias' in the fonts
> folder
>
> When I first managed to get to the folder there were a few MIRC icons and
> other IRC related things and I tried to delete the folder but loads of it
> said I could not access it and could not delete it. I did a system

restore
> and the folder is still there but without the MIRC items.
>
> Does anyone know what it is and why I can't see it through My Computer?
>
> I've done a full system scan with Norton and have no viruses. I have also
> run the stinger and an online virus scan all showing clear. Also 3
> different spyware searches - also all clear.
>
>



How do I delete an "undeletable" file?

Sometimes you want to delete a file but when you do so an error message pops
and tells you it cannot be done. Do successfully delete such a file do the
following:

1.. Open a Command Prompt window and leave it open.

2.. Close all open programs.

3.. You now need to close EXPLORER.EXE. The proper way to shutdown
Explorer is to raise the "Shut Down Windows" dialog (select "Shut Down..."
from the start menu), hold down CTRL+SHIFT+ALT and press the CANCEL button.
Explorer will exit cleanly.

Note: The <CTRL+SHIFT+ALT> at the 'Shut Down Windows' dialog method of
closing Explorer is built into Explorer. (It was specifically designed so
that developers writing Shell Extensions could get Explorer to release their
Shell Extension DLLs while debugging them).

4.. Go back to the Command Prompt window and change to the directory where
the undeletable file is located in. At the command prompt type DEL
<filename> where <filename> is the file you wish to delete.

5.. Go back to Task Manager, click File, New Task and enter EXPLORER.EXE
to restart the GUI shell.

6.. Close Task Manager.

(Tip modification submitted by James R. Twine who has a great utility called
Delete FXP Files that can help you delete files and folders that simply
won't go away).



 
Reply With Quote
 
 
 
 
EricP
Guest
Posts: n/a
 
      03-23-2005
On Wed, 23 Mar 2005 14:13:33 +0000 (UTC), "MiniEmma"
<(E-Mail Removed)> babbled like a waterfall and said:

>Running windows xp prof
>
>Yesterday norton antivirus popped up a few virus warnings for IRC Trojan and
>a few others. The infected files were in 'c:/windows/fonts/ias' folder
>
>When I browse through My Computer (hidden folders made viewable), the Fonts
>directory does not have any folders in, but if I go to 'Start>Search>Files
>and Folders>Browse' I can then see the folder called 'ias' in the fonts
>folder
>
>When I first managed to get to the folder there were a few MIRC icons and
>other IRC related things and I tried to delete the folder but loads of it
>said I could not access it and could not delete it. I did a system restore
>and the folder is still there but without the MIRC items.
>
>Does anyone know what it is and why I can't see it through My Computer?
>
>I've done a full system scan with Norton and have no viruses. I have also
>run the stinger and an online virus scan all showing clear. Also 3
>different spyware searches - also all clear.
>

You have to turn off the Hidden file attribute. This should reveal
several files there. If you have one named "shares.bat", stick it in
notepad and post the text here so we can see what it was activating.

Not much on this anywhere.


 
Reply With Quote
 
MiniEmma
Guest
Posts: n/a
 
      03-23-2005

"carson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "MiniEmma" <(E-Mail Removed)> wrote in message
> news:d1rtid$2kb$(E-Mail Removed)...
>> Running windows xp prof
>>
>> Yesterday norton antivirus popped up a few virus warnings for IRC Trojan

> and
>> a few others. The infected files were in 'c:/windows/fonts/ias' folder
>>
>> When I browse through My Computer (hidden folders made viewable), the

> Fonts
>> directory does not have any folders in, but if I go to
>> 'Start>Search>Files
>> and Folders>Browse' I can then see the folder called 'ias' in the fonts
>> folder
>>
>> When I first managed to get to the folder there were a few MIRC icons and
>> other IRC related things and I tried to delete the folder but loads of it
>> said I could not access it and could not delete it. I did a system

> restore
>> and the folder is still there but without the MIRC items.
>>
>> Does anyone know what it is and why I can't see it through My Computer?
>>
>> I've done a full system scan with Norton and have no viruses. I have
>> also
>> run the stinger and an online virus scan all showing clear. Also 3
>> different spyware searches - also all clear.
>>
>>

>
>
> How do I delete an "undeletable" file?
>
> Sometimes you want to delete a file but when you do so an error message
> pops
> and tells you it cannot be done. Do successfully delete such a file do the
> following:
>
> 1.. Open a Command Prompt window and leave it open.
>
> 2.. Close all open programs.
>
> 3.. You now need to close EXPLORER.EXE. The proper way to shutdown
> Explorer is to raise the "Shut Down Windows" dialog (select "Shut Down..."
> from the start menu), hold down CTRL+SHIFT+ALT and press the CANCEL
> button.
> Explorer will exit cleanly.
>
> Note: The <CTRL+SHIFT+ALT> at the 'Shut Down Windows' dialog method of
> closing Explorer is built into Explorer. (It was specifically designed so
> that developers writing Shell Extensions could get Explorer to release
> their
> Shell Extension DLLs while debugging them).
>
> 4.. Go back to the Command Prompt window and change to the directory
> where
> the undeletable file is located in. At the command prompt type DEL
> <filename> where <filename> is the file you wish to delete.
>
> 5.. Go back to Task Manager, click File, New Task and enter EXPLORER.EXE
> to restart the GUI shell.
>
> 6.. Close Task Manager.
>
> (Tip modification submitted by James R. Twine who has a great utility
> called
> Delete FXP Files that can help you delete files and folders that simply
> won't go away).
>


Thank you, that is very interesting to know.

But I won't be deleting this until I know what it is.


 
Reply With Quote
 
MiniEmma
Guest
Posts: n/a
 
      03-23-2005

"EricP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 23 Mar 2005 14:13:33 +0000 (UTC), "MiniEmma"
> <(E-Mail Removed)> babbled like a waterfall and said:
>
>>Running windows xp prof
>>
>>Yesterday norton antivirus popped up a few virus warnings for IRC Trojan
>>and
>>a few others. The infected files were in 'c:/windows/fonts/ias' folder
>>
>>When I browse through My Computer (hidden folders made viewable), the
>>Fonts
>>directory does not have any folders in, but if I go to 'Start>Search>Files
>>and Folders>Browse' I can then see the folder called 'ias' in the fonts
>>folder
>>
>>When I first managed to get to the folder there were a few MIRC icons and
>>other IRC related things and I tried to delete the folder but loads of it
>>said I could not access it and could not delete it. I did a system
>>restore
>>and the folder is still there but without the MIRC items.
>>
>>Does anyone know what it is and why I can't see it through My Computer?
>>
>>I've done a full system scan with Norton and have no viruses. I have also
>>run the stinger and an online virus scan all showing clear. Also 3
>>different spyware searches - also all clear.
>>

> You have to turn off the Hidden file attribute. This should reveal
> several files there. If you have one named "shares.bat", stick it in
> notepad and post the text here so we can see what it was activating.
>
> Not much on this anywhere.
>


I already have hidden files showing.

I have checked for a 'shares.bat' file and there does not appear to be one
but there is a file called 'sample.cpp' that contains the following text at
the top:

/************************************************** ***************
Filename : sample.cpp
Description : check xxxxxx vulnerable
Author : glacier
Update : 2002-07-09

Copyright (C) 2002 http://www.xfocus.org All Rights Reserved
************************************************** ***************/
<snipped>

I followed the link but did not really understand what i was seeing





'Config.bak' says this at the start:

# PORT-LIST: Customizing scanning port list

# SCAN-MODE: You can set this value to "TCP" or "SYN"
# TCP: TCP connect() port scan (default)
# SYN: SYN stealth port scan

[PORT-SCAN-OPTIONS]
PORT-LIST=1-139,443,445,1080,1433,2049,3128,3389,5000,7000-7010,8010,8080,8181
SCAN-MODE=TCP
<snipped>



there were not really any other files that had anything to say.

you are right there is not much info about this around, i did a good google
before i posted.

regards
MiniEmma


 
Reply With Quote
 
Bigbri
Guest
Posts: n/a
 
      03-23-2005
I have ias folder in windows used by m/s access programme files but it is
not in the fonts section

--
Bigbri


 
Reply With Quote
 
MiniEmma
Guest
Posts: n/a
 
      03-23-2005

"EricP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 23 Mar 2005 14:13:33 +0000 (UTC), "MiniEmma"
> <(E-Mail Removed)> babbled like a waterfall and said:
>
>>Running windows xp prof
>>
>>Yesterday norton antivirus popped up a few virus warnings for IRC Trojan
>>and
>>a few others. The infected files were in 'c:/windows/fonts/ias' folder
>>
>>When I browse through My Computer (hidden folders made viewable), the
>>Fonts
>>directory does not have any folders in, but if I go to 'Start>Search>Files
>>and Folders>Browse' I can then see the folder called 'ias' in the fonts
>>folder
>>
>>When I first managed to get to the folder there were a few MIRC icons and
>>other IRC related things and I tried to delete the folder but loads of it
>>said I could not access it and could not delete it. I did a system
>>restore
>>and the folder is still there but without the MIRC items.
>>
>>Does anyone know what it is and why I can't see it through My Computer?
>>
>>I've done a full system scan with Norton and have no viruses. I have also
>>run the stinger and an online virus scan all showing clear. Also 3
>>different spyware searches - also all clear.
>>

> You have to turn off the Hidden file attribute. This should reveal
> several files there. If you have one named "shares.bat", stick it in
> notepad and post the text here so we can see what it was activating.
>
> Not much on this anywhere.


Hi

Reposting because it's been an hour and I can't see the first one.

I already have hidden files showing.

I have checked for a 'shares.bat' file and there does not appear to be one
but there is a file called 'sample.cpp' that contains the following text at
the top:

/************************************************** ***************
Filename : sample.cpp
Description : check xxxxxx vulnerable
Author : glacier
Update : 2002-07-09

Copyright (C) 2002 http://www.xfocus.org All Rights Reserved
************************************************** ***************/
<snipped>

I followed the link but did not really understand what i was seeing





'Config.bak' says this at the start:

# PORT-LIST: Customizing scanning port list

# SCAN-MODE: You can set this value to "TCP" or "SYN"
# TCP: TCP connect() port scan (default)
# SYN: SYN stealth port scan

[PORT-SCAN-OPTIONS]
PORT-LIST=1-139,443,445,1080,1433,2049,3128,3389,5000,7000-7010,8010,8080,8181
SCAN-MODE=TCP
<snipped>



there were not really any other files that had anything to say.

you are right there is not much info about this around, i did a good google
before i posted.

regards
MiniEmma



 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      03-23-2005
On Wed, 23 Mar 2005 17:26:18 +0000 (UTC), in
<d1s8rq$cni$(E-Mail Removed)>
MiniEmma scrawled:

<snip>

>I have checked for a 'shares.bat' file and there does not appear to be one
>but there is a file called 'sample.cpp' that contains the following text at
>the top:
>
>/************************************************** ***************
> Filename : sample.cpp
> Description : check xxxxxx vulnerable
> Author : glacier
> Update : 2002-07-09
>
> Copyright (C) 2002 http://www.xfocus.org All Rights Reserved
> ************************************************** ***************/
><snipped>
>
>I followed the link but did not really understand what i was seeing


Kaspersky tags several of the programs from that web site
as backdoor trojans. For example, "Wolf" is advertised as
Extended Telnet Services but KAV says it is Backdoor.Win32.Wolf.

I suggest that if you know nothing of this "service", and it
is residing in your Fonts folder, boot into Safe Mode and
delete the entire "IAS" folder.

I suggest that you temporarily disable Norton AV and install
the trial version of Kaspersky. UPDATE IT, and perform a
COMPLETE system scan.

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
MiniEmma
Guest
Posts: n/a
 
      03-23-2005

"°Mike°" <(E-Mail Removed)> wrote in message
news:4245c026.3738453@localhost...
> On Wed, 23 Mar 2005 17:26:18 +0000 (UTC), in
> <d1s8rq$cni$(E-Mail Removed)>
> MiniEmma scrawled:
>
> <snip>
>
>>I have checked for a 'shares.bat' file and there does not appear to be one
>>but there is a file called 'sample.cpp' that contains the following text
>>at
>>the top:
>>
>>/************************************************** ***************
>> Filename : sample.cpp
>> Description : check xxxxxx vulnerable
>> Author : glacier
>> Update : 2002-07-09
>>
>> Copyright (C) 2002 http://www.xfocus.org All Rights Reserved
>> ************************************************** ***************/
>><snipped>
>>
>>I followed the link but did not really understand what i was seeing

>
> Kaspersky tags several of the programs from that web site
> as backdoor trojans. For example, "Wolf" is advertised as
> Extended Telnet Services but KAV says it is Backdoor.Win32.Wolf.
>
> I suggest that if you know nothing of this "service", and it
> is residing in your Fonts folder, boot into Safe Mode and
> delete the entire "IAS" folder.
>
> I suggest that you temporarily disable Norton AV and install
> the trial version of Kaspersky. UPDATE IT, and perform a
> COMPLETE system scan.
>
> <snip>


Well I have followed your instructions and now I want to know WHY norton
didn't find the 16 files that Kaspersky found???

Thank you mike, I have deleted all files Kaspersky threw up and deleted the
'ias' folder as well

Unfortuantely I obviously did not set up Kaspersky very well and ended up
not being able to browse so I have uninstalled and gone back to Norton - for
now !!

point of interest - 'ias.exe' throws up far more on google than just 'ias'


 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      03-24-2005
On Wed, 23 Mar 2005 23:12:05 +0000 (UTC), in
<d1st45$k0t$(E-Mail Removed)>
MiniEmma scrawled:

>
>"°Mike°" <(E-Mail Removed)> wrote in message
>news:4245c026.3738453@localhost...


<snip>

>> I suggest that you temporarily disable Norton AV and install
>> the trial version of Kaspersky. UPDATE IT, and perform a
>> COMPLETE system scan.
>>
>> <snip>

>
>Well I have followed your instructions and now I want to know WHY norton
>didn't find the 16 files that Kaspersky found???


Because Kaspersky if far better, and lighter, than Norton.

>Thank you mike, I have deleted all files Kaspersky threw up and deleted the
>'ias' folder as well
>
>Unfortuantely I obviously did not set up Kaspersky very well and ended up
>not being able to browse so I have uninstalled and gone back to Norton - for
>now !!


Kaspersky has a forum, if you want to ask questions of
people in the know:
http://www.kaspersky.com/forum

>point of interest - 'ias.exe' throws up far more on google than just 'ias'


Yes, but it may not have anything to do with the "ias" folder
that you found.

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
EZStickyNotes Folder mystery Spiderd Computer Support 1 02-17-2007 06:06 PM
mystery folder... know what this is? Patty Cake Computer Information 23 11-11-2005 02:59 AM
For share a folder in the network , but the folder only allow by password holder MCSE 55 04-14-2004 11:56 PM
_vti_cnf folder in the bin folder-- a problem? William LaMartin ASP .Net 1 11-10-2003 03:41 AM
help: setting web folder as application folder in server THY ASP .Net 3 10-16-2003 01:18 AM



Advertisments