Security Risk- suspicious file

[Semi Head]

I just ran F-Prot
Results:

1 suspicious file

In Windows 98SE

windows\system\mstask32.exe

named

W32\Xcombot.D@bd

Hope you'll don't mind me asking:
"What is it & what should be done about it?"

S_H

 

[Jeroen [_]D]

:
: I just ran F-Prot
: Results:
:
: 1 suspicious file
:
: In Windows 98SE
:
: windows\system\mstask32.exe
:
: named
:
: W32\Xcombot.D@bd
:
: Hope you'll don't mind me asking:
: "What is it & what should be done about it?"
:

Well? Have f-prot remove it!

Read more on:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kol.html

 

[null]

I just ran F-Prot
Results:

1 suspicious file

In Windows 98SE

windows\system\mstask32.exe

named

W32\Xcombot.D@bd

Hope you'll don't mind me asking:
"What is it & what should be done about it?"

Try updating your defs and see if F-Prot still alerts.


Art
http://www.epix.net/~artnpeg

 

[Sir_George]

Semi,

Visit the following link for some information about the subject file.

http://tinyurl.com/2m5rk

 

[Semi Head]

From: Art

(e-mail address removed) (Semi Head)
wrote:
I just ran F-Prot
Results:
1 suspicious file
In Windows 98SE
windows\system\mstask32.exe
named
W32\Xcombot.D@bd
Hope you'll don't mind me asking:
"What is it & what should be done about
it?"

S_H

-------------------------------------------------------

Try updating your defs and see if F-Prot
still alerts.

Art
http://www.epix.net/~artnpeg

-------------------------------------------------------

OK Art, I updated defs & macs.
It Still Alerts

i've never removed a suspicious file(s) before.
Is it safe to remove using F-prot?
And

Do i remove both?

Mstask32.exe

and

W32\Xcombot.D@bd


S_H

 

[null]

From: Art

That's odd. Xcombot still doesn't appear in a up to date F-Prot
/virlist and it isn't listed as known malware at their web site
either. Recently, there was a similar incident with one or two of
these new weird malware names, and a discussion on alt.comp.virus, and
it seemed that FSI had withdrawn detection. Updating the defs got rid
of the false alert.

i've never removed a suspicious file(s) before.
Is it safe to remove using F-prot?
And

Do i remove both?

Mstask32.exe

and

W32\Xcombot.D@bd

I have no idea what's going on. Don't do anything until you contact
FSI about this. Let us know what you learn.

From where did you d/l your latest def updates?


Art
http://www.epix.net/~artnpeg

 

[FromTheRafters]

Do i remove both?

Mstask32.exe

and

W32\Xcombot.D@bd

In addition to what Art has told you, you should be aware that:

Mstask32.exe is the name of a "file" on your computer, and
W32\Xcombot.D@bd is the name of a malware item that the
malware detector thinks is contained within that file.

Deleting the file would also delete the malware within it.

 

[null]

OK Art, I updated defs & macs.
It Still Alerts

Mstask32.exe

I suggest also that you upload this file for scanning here:

http://www.kaspersky.com/remoteviruschk.html

and here:

http://www.dialognauka.ru/english/www_av/

That file name is associated with certain malware and it looks
suspicious.

Let us know what you find.


Art
http://www.epix.net/~artnpeg

 

[null]

In addition to what Art has told you, you should be aware that:

Mstask32.exe is the name of a "file" on your computer, and
W32\Xcombot.D@bd is the name of a malware item that the
malware detector thinks is contained within that file.

Deleting the file would also delete the malware within it.

But never delete files until you find out what's going on. In this
case, the name mstask32.exe has been used by malware, making it
particularly suspect. But any suspect file should be scanned by other
scanners for "second opinions".

..
Art
http://www.epix.net/~artnpeg

 

[Semi Head]

From: (e-mail address removed)

OK Art, I updated defs & macs.
It Still Alerts
Mstask32.exe

I suggest also that you upload this file for scanning
here:
http://www.kaspersky.com/remoteviruschk.html
and here:
http://www.dialognauka.ru/english/www_av/
That file name is associated with certain malware and it
looks suspicious.
Let us know what you find.

Art
http://www.epix.net/~artnpeg

Art
I updated from your F-Prot Updater program.
I think the Mstask32 came from The "Weatherbug" free download but not
sure.

At any rate, i backed my Win98 system & Reg. files & let F-Prot delete
it.
Nothing negative has occurred because i deleted it..

All seems ok now thanks for your help. Sorry i did not wait your your
last 2 responses before deleting it.
BTW your F-Prot Updater is invaluable!

AntiVir, Avast4, & a2 did not catch it.
Those were the only ones i tried after F-Prot caught the suspicious
file.

S_H

 

[null]

Art
I updated from your F-Prot Updater program.
I think the Mstask32 came from The "Weatherbug" free download but not
sure.

At any rate, i backed my Win98 system & Reg. files & let F-Prot delete
it.
Nothing negative has occurred because i deleted it..

All seems ok now thanks for your help. Sorry i did not wait your your
last 2 responses before deleting it.
BTW your F-Prot Updater is invaluable!

Glad you like it!

AntiVir, Avast4, & a2 did not catch it.
Those were the only ones i tried after F-Prot caught the suspicious
file.

Well, I'm happy that things worked out ok for you. Of course, I'm
still puzzled since I don't see that malware name on F-Prot's
/virlist. It would have been interesting to see what KAV and DRWEB had
to say about the suspect file.


Art
http://www.epix.net/~artnpeg