a virus or not...very curious

[lee]

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

 

[What's in a Name?]

After much thought,lee aka (e-mail address removed) came up with this jewel:

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

Submit the dodgy exe to VirusTotal and see what they come up with.

max
--
My Pages:
Virus Removal Instructions:
http://maxpro4u.freehostingnow.com/removal.html
Keeping Windows Clean:
http://maxpro4u.freehostingnow.com/keepingclean.html
Tools: http://maxpro4u.freehostingnow.com/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.

 

[joe black]

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

No telling from your description of the effect as to what it was. Further,
who cares? So, you learned from the experience, right?

 

[Jeanette Russo]

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

Your not providing enough information. Perhaps a sample or name of the file?

 

[kurt wismer]

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

scanners are really very good at identifying *known* malware...
unfortunately new/unknown malware doesn't really fall into that category...

my suggestion would be to send a sample of the file (if you still have
it somewhere) to your anti-virus developer for analysis, but beyond that
there's really no way to tell what it was or if there's anything left
over on your drive...

 

[Char Jackson]

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

Go to My Computer, Properties. In the dialog box that pops up, select
the Advanced tab, then click on Settings in the "Startup and Recovery"
section. In the new dialog box that pops up, find the System Failure
section and remove the check mark from the "Automatically Restart"
item. Press OK twice to close everything and accept the change.

The next time you have this kind of error that normally causes your
system to automatically reboot, you'll instead be presented with a
blue screen that will contain clues as to what went wrong.

 

[Bullseye]

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

Sounds like some kind of malware possibly infected the boot sector of your
hard drive and threw your system into a continuous loopback, somewhat like
a 'land attack,' causing your computer to attempt to connect to itself. If
you deleted the file but then afterward did system restore, it could be
possible for it to be on your system, since it would most likely have been
in the system volume information. I would highly suggest doing an online
scan with Kaspersky AV at their site. I used NOD32 for a long time, but
its detection capabilities have gone somewhat downhill. I have found that
Kaspersky detects a lot of crap that the others don't. I would run the
Kaspersky online scan along with downloading the free version of
Superantispyware or a trial version of Sunbelt Counterspy. I think a combo
of those three would be much more effective than the apps you've mentioned.
Also, another option would be to uninstall NOD32 and install a trial
version of Kaspersky AV or Kaspersky Internet Security (which use and
love). You could always reinstall NOD if you didn't like it. Once you
determine your system is clean, disable system restore, which will get rid
of any crapware that is in your system volume info, then reinable it again.
No need to reboot if using XP. Anyway, hope that gives you some ideas at
least.

 

[Dustin Cook]

Last night I was stupid enough to click on a unknown exe....though I
had scanned it with NOD32 first, which is running on my XP system, and
it said it was fine. Then my PC just shuts down and reboots and
continues this cycle, shutting down and restarting.

I managed to go into Safemode and scanned my system for a virus and
nothing. So I treid Panda, Trend Micro...every on-line scanner I could
think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
(from safemode) I simply deleted the dodgy exe from the folder it had
been downloaded to and did a system restore. Then everything was fine.
Can anybody explain what happened here? Is there somethign still on my
system? Why didn't any of the scanners find it. Any thoughts on this
would be much appreciated. Thanks.

Hi Lee.

Do you still by chance have the original exe you clicked on? I'd be happy
to analyse it for you and report back the results. If BugHunter doesn't
already detect it or it's potential offspring, it will.

Sadly, No scanner will detect everything out there. Even if you use
multiple ones, if the malware is new enough, it's probably going to evade
them. It may not get far due to various other security software, but
it'll get a start.

The exe file might have changed files, added additional files, and/or
modified certain registry keys incorrectly resulting in the system
failing to restart in normal mode. Not all malware seems to be well
tested before they release it.

You can find the program I wrote to scan for this junk here:
http://bughunter.it-mate.co.uk


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: (e-mail address removed)
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

 

[lee]

Thanks for the all the advice. I finally just reinstalled everything;
I was due anyway and and a plus side everything's a lot faster now. I
did run the file through VirusTotal as a post advised and it found a
lot of nasty stuff in there, generic graybird, dropper.small.awa,
win32.delf.dnr, etc...could all of these be in there are are they just
nakenames? Anyway, thanks again and will take of the advice for
alternated scanners as advised also.

 

[Dustin Cook]

Thanks for the all the advice. I finally just reinstalled everything;
I was due anyway and and a plus side everything's a lot faster now. I
did run the file through VirusTotal as a post advised and it found a
lot of nasty stuff in there, generic graybird, dropper.small.awa,
win32.delf.dnr, etc...could all of these be in there are are they just
nakenames? Anyway, thanks again and will take of the advice for
alternated scanners as advised also.

They could all be names for the same item. No standard naming convention,
same problem with viruses and worms. I don't help the problem, as
BugHunter tends to call things whatever BitDefender calls them. If
BitDefender doesn't know it at the time, it's named something other than
what BitDefender would eventually call it.

If there was some form of standards, I would make BugHunter conform to
it.

I'm glad you got your machine back up and running, thats the most
important part.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: (e-mail address removed)
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

 

[kurt wismer]

Dustin Cook wrote:
[snip]

They could all be names for the same item. No standard naming convention,
same problem with viruses and worms. I don't help the problem, as
BugHunter tends to call things whatever BitDefender calls them. If
BitDefender doesn't know it at the time, it's named something other than
what BitDefender would eventually call it.

If there was some form of standards, I would make BugHunter conform to
it.

as was demonstrated by the caro naming convention's failure to harmonize
malware naming, a naming standard does not solve the naming problem... a
naming standard can only define the format of the name, it can't
reasonably be expected to tell you what the final name should be... for
that you need a central naming authority or a naming effort that is
coordinated across all vendors... unfortunately the deconfliction stage
(to ensure that 2 companies don't get different names for what turns out
to be the same thing) would invariably introduce delays in the issuing
of updates... that's not a easy trade off to justify...