Virus attack or not

[sggaunt]

An odd thing.
I check my email online (webmail) before downloading (to another machine) and I had a mail from a person I didn't know with the same heading and text
'What they don't show on TV'
There was an attached file Picture1234.zip

This looked extremely dodgy, but while I was deciding if I should download and scan the zip or just delete it, AVG popped up this message, From the log...

Resident shield reports Trojan horse generic2.FUA on windows/system32/stdvcl40.dll

(I am a Delphi programmer and this is a Delphi system file, but the 40 indicates Delphi version 4 with isn't installed on this machine)

A bit perplexing that this should happen without actually downloading anything.

I got AVG 7.5 to heal the file and ran a full scan with no results, Nothing else (Comodo, Defender), reported any problems, and all seems OK. HJT log is clear.

Also a search for this file produced no results (it should not be present anyway) and I haven't been able to find anything on Generic2.FUA, or any occurrences of this message text. Odd.




Steve: Delphi a feersum engin indeed.

 

[pechenegs]

Many viruses are named after legitimate files so as not to be detected!

if in doubt, copy and paste the full path into the browse button at virustotal and click send and it will scan any file for you and tell you the results!


online scanner which checks worms viruses.

http://virusscan.jotti.org/

http://www.virustotal.com/flash/index_en.html

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[sggaunt]

Could not get onto jotti but virustotal found nothing at all

But displayed this

File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

what does this mean?


Windows search dosnt find this file at all.


Steve: Delphi a feersum engin indeed.

 

[pechenegs]

That is a checksum, perhaps someone else cna elaborate on it!

If you deleted the file then it is gone nothing to worry about?


Try searching this way?


Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden
files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View
tab and make sure that "Show hidden files and folders" is checked. Also
uncheck "Hide protected operating system files" and "Hide extensions for
known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[sggaunt]

Interesingly AVG7.5 also found the same (Trojan horse generic2.FUA on windows/system32/stdvcl40.dll)
during a full scan on my 'home' machine that had never seen the mail.
So I am thinking this may be a false positive?
On my home machine it put it in the Vault so perhaps I could send it to AVG for checking.




Steve: Delphi a feersum engin indeed.

 

[pechenegs]

go here and report it to the ewido dudes and they should then ask you for a copy of it?

Just start a thread about he above named file and someonw from AVG/Ewido should get back to you!

http://www.wilderssecurity.com/forumdisplay.php?f=81

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars