Today I ran fixit utilities virus scan & it found troj_killcmos.m in a file, using the latest virus id info. I am wondering if this is a real virus though, since the file in question is located in the Gateway (the pc's maker) directory which controls the recovery cd info (specifically, c:\program files\gateway\SRCD\restart.dll). As I understand it, this virus basically resets the cmos, so you lose custom settings, date, time, etc, but these functions seem like possibly valid tasks for system restore. I'm wondering if the virus scan hit on some segment of code directing a legitimate resetting of cmos as part of the restore function, and has incorrectly determined it to be malicious (do these virus scanners scan the CODE in a file, or just the FILE NAME? Seems like it would have to be the former... ) I also have the latest Norton, and it says the file in question is OK. I have "isolated" the file in a separate directory for the time being. PC is 1 year old athlon 1100, OS is ME. Comments?

Here's some info on the virus from fixit: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KILLCMOS.M

Thanks,

BA

[This message has been edited by BonedAgain (edited 05-03-2002).]

That is a trojan I got the same thing when I ran a different AV program does it list like this

Trojan Killcmos.m non-cleanable
file:C:\Programfiles\Gateway\SRCD\restart.dll

and... C:\_Restore\Temp\Aoo25301.cpy

To tell you the truth I have never even noticed it before untill I ran a different AV Other than Norton and have had no problems with it I think it is a lagit file and the free AV programs tell you this so you will buy there product? But don't quote me on that. As long as I am not haveing problems I will ignore it and keep fingers crossed. Hopefully someone will know what these file are associated with?

------------------
YODA74@windows-sucks.com
CCMR (http://www.dreamwater.net/tech/yoda74/index.html)

Yoda-According to the fixit web site, the virus was added to their list fairly recently, 4/23/02, so I guess it's conceivable Norton hasn't added it yet. It did not hit on the other file you mentioned, or any other in the c:\_restore\temp in my case. BTW, this isn't a free program so even though I'm generally pretty cynical about such th8ings I don't think in this case they're trying to sell anything. I do think it's a legitimate file, especially given you have it in the exact same location. I may have a copy of McAfee around here to try on it for a 3rd opinion. Guess I could drop a note to Gateway.

BA

Go to search files and folderstype in for that file what you will come up with is this
biosid.exe 39kb application
Biosinfo.exe 237kb application
Brcdset.es 1kb ES file
brcdset.exe 643kb application
brcdset.ini 1kb configuration file
brcdset.txt 2kb text file
connect.htm 1kb HTML doc
connect.isp 1kb internet communication
GWDL.exe 386kb application
And it goes on I'm not going to sit here a type the whole thing check it out this is why I say I believe this is a lagit file I also have a Gateway computer and say if it has not changed the CMOS as of YET then it is not what you think it is?

------------------
YODA74@windows-sucks.com
CCMR (http://www.dreamwater.net/tech/yoda74/index.html)