virus detected - help!

[Guest]

I recently was alerted by eTrust realtime that bat.282 was discovered in a
change.log.2 file. eTrust could not delete it so the file was restored.
After doing some quick research I found that bat.282 creates virus.bat and
edits autoexec.bat. I manually deleted the infected file, searched for
virus.bat which does not exist, looked at autoexec.bat which exists but is
empty. My questions are: Does bat.282 do anything else or did eTrust catch
it before it could do any damage? What is the change.log.2 file for? It is
in the 'system volume information\_restore(xxxx)\R640' folder as well as
other folders in that directory.

Help.

 

[Harry Johnston]

I recently was alerted by eTrust realtime that bat.282 was discovered in a
change.log.2 file.

This was probably a false positive. Infection in a log file seems unlikely.

Based on the descriptions on the web, I suspect that bat.282 cannot affect
Windows XP in any case.

After doing some quick research I found that bat.282 creates virus.bat and
edits autoexec.bat. I manually deleted the infected file, searched for
virus.bat which does not exist, looked at autoexec.bat which exists but is
empty.

You're fine.

Harry.

 

[Guest]

Cheers Harry, thanks for getting back to me so quickly. And thanks for the
info, being a one man show it is hard to keep all of the plates spinning and
balls in the air and still to a proper job researching things that need to be.

peace and all good things to you.

 

[David H. Lipman]

From: "r. wales" <[email protected]>

| Cheers Harry, thanks for getting back to me so quickly. And thanks for the
| info, being a one man show it is hard to keep all of the plates spinning and
| balls in the air and still to a proper job researching things that need to be.
|
| peace and all good things to you.
|

Good research also means posting in the *best* place. There are anti virus News Group for
this kind of subject matter.
In the Microsoft hierarchy there is; microsoft.public.security.virus

Chances are Harry Johnston is correct as these *may* be False Positives.

Let's be sure...

Please submit a sample of "change.log.2" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

 

[Guest]

Thanks Dave,

I was unaware of how many and how specific the news groups were. Now I have
seen the entire list, not just the few links provided up front. That will be
a big help in the future. And thanks for the advice regarding the file and
Virus Total. Unfortunately the file has been deleted (rookie mistake), but
future questionable files will definitely be properly checked out. Thanks
again.

Peace and all good things to you.