Strange message by antivirus (Am I infected or not?)

D

Darkghost

Hello everybody,
this morning I updated my F-Prot and scanned my drives obtaining this
result:

"sysmon.exe C:\WINDOWS\system32\ --> Status : Suspicious File
--> Infected by : Is a destructive program "

I don't understand if I'm infected or not; I searched Google about
sysmon.exe AND virus and I obtained that it could be part of a Trojan Horse
(can't remember the name right now), but I haven't found in my system the
other details it gives to check if you are infected (registries keys added
by the virus/trojan and a new folder in C:\Windows) .
So my problem is to understand if I have caught a virus or not And what
should I do ?

(i've WinXP pro updated)

Thanks in advance
Darkghost
 
N

null

Hello everybody,
this morning I updated my F-Prot and scanned my drives obtaining this
result:

"sysmon.exe C:\WINDOWS\system32\ --> Status : Suspicious File
--> Infected by : Is a destructive program "

I don't understand if I'm infected or not; I searched Google about
sysmon.exe AND virus and I obtained that it could be part of a Trojan Horse
(can't remember the name right now), but I haven't found in my system the
other details it gives to check if you are infected (registries keys added
by the virus/trojan and a new folder in C:\Windows) .
So my problem is to understand if I have caught a virus or not And what
should I do ?

(i've WinXP pro updated)
Click to expand...

Since you have a suspect file, you can upload it for av scanning by
KAV, etc. to get "second opinions". See the urls for file upload sites
listed here:

http://www.claymania.com/anti-virus.html

If it seems F-Prot is false alerting, send them a zipped copy for
analysis.


Art
http://www.epix.net/~artnpeg
 
D

Darkghost

Since you have a suspect file, you can upload it for av scanning by
KAV, etc. to get "second opinions". See the urls for file upload sites
listed here:

http://www.claymania.com/anti-virus.html

If it seems F-Prot is false alerting, send them a zipped copy for
analysis.


Art
http://www.epix.net/~artnpeg
Click to expand...

Hi,
thanks for your suggestions. I checked the suspected file with KAV online
and it resulted infected with :
Trojan.Win32.VB.ac ; it was there but it wasn't active .
In order to get rid of this I had to boot in safemode and remove manually
SYSMON.exe and SYSMON.ini.
Then search with regedit keys related to these files and remove them (there
was only one).

Again thanks for the good tip.
Darkghost
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Antivirus xp 2008 system defender PCPrivacyCleaner 7
Symantec provided by Yahoo 4
Virus Infected..plz help 1
Was my notebook infected ? 1
Why can't I see infected file in Explorer? 3
Ckrokad Trojan Question 1
Spam Emails Send From My Account 11
Computer Infected: 20

Top