ewido came back with a hit on an infected file with a path of
[956] VM_0015000
where the hell is that?
Not part of a normal file path.
Doesent look like a registry entry.
Any insight would be helpful, last holdout on a machine with 22,150 infected files
7 of the 8 that ewido, AVG, MS antispy, and spybot missed i dug out manually by their identified registry key.
Where the hell is this file?
Not sure if this helps, but VM is a commonly-used abbreviation for Virtual Machine, so it could be that Ewido has encountered something it considers suspicious within some Java webpage element that is currently in your browser cache (or something); try clearing the cache and re-running Ewido.
Java is supposed to be pretty secure, actually because of the way it runs stuff in a virtual machine, but that has never stopped people trying to exploit it.