Jump to content

Palladium in "All Users\Local Settings", which doesnt exists ?

Recommended Posts

Hi there !

In our network we had a breakout of a trojan, this malware downloaded some keyloggers and fake virus programs, we were not amused :(

We cleaned this up with a combination of MBAM and Miscrosoft Security Essentials. All strange warnings are gone again.

However MBAM keeps reporting a infection on multiple computers, located in c:\documents and settings\all users\local settings\palladium.exe

MBAM tries to delete te file during the next reboot, but fails. These Are WinXP Pro clients and one Win2003 Terminal Server.

I tried the following to delete te file:

-Enabled hidden en system files, i cant find the folder "c:\documents and settings\all users\local settings"

-Tried to find the folder in safe mode, i cant find the folder "ac:\documents and settings\all users\local settings

-Started the computer with a Linux Live CD, mounted the local harddisk, still no folder "c:\documents and settings\all users\local settings"

-Created a folder named "local settings" in "c:\documents and settings\all users", worked fine no errors that it already existed.

So im thinking that this folder doesnt exist, But why is MBAM reporting this file ?

I scanned the pc's with AVG and Secury Essentials and they both say everythings is clean.

Is it possible that MBAM is wrong about the file location ?, or is this folder so secret i cant even open in if i boot in a different OS :S

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.