Virus(s) Detected by Nod32

[cuckoo4]

Hi:

Never had a clue as to what to do about virus protection. Nod32 has detected the following four problems. There was no option to delete the infected files, so I don't know if that's my job to delete them, or IF I should even delete them.

If I delete them, will is chop & screw my system? Would restoring my settings back a couple of days via Windows XP restore fix the problem?

Any suggestions are greatly appreciated!!!

C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP3\A0000770.exe (nod32 color: red)
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP3\A0000770.exe (nod32 color: brown)
File D:\I386\Apps\APP12313\src\CompaqPresario_Spring06. exe
File D:\I386\Apps\APP12313\src\HPPavillion_Spring06.exe

...a variant of Win32/AdInstaller

MT

 

[erikhertzel]

I would also check it with some other virus scanners just to make sure.

http://housecall.trendmicro.com

http://www.pandasoftware.com/activescan

Webroot Spysweeper

Download it here:

http://www.sabethacomputing.com/downloads.html

Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Also check this out:

Ewido download:

http://www.ewido.net/en

Update it and run a complete scan.


Check out this nice product:

Super Antispyware

http://www.sabethacomputing.com/downloads/SUPERAntiSpyware.exe

Update it and run and run a complete scan.

 

[spy1]

The two relating to the SystemRestore folder can be cleared (more than likely) by simply turning off System Restore, re-starting the computer, turning SR back on and then re-starting the computer again and creating a new "restore" point.

The remaining two I would submit to Jotti's Online Scanner:

http://virusscan.jotti.org/

to see what that has to say about them.

I use NOD32, also, but I'm not getting those alerts (so it's not an update false-positive issue unless you're running seriously behind on either the engine or the definitions for NOD32).

Here's the info on my copy (WinXP Pro system):

NOD32 antivirus system information
Virus signature database version: 1.1591 (20060610)
Dated: Saturday, June 10, 2006
Virus signature database build: 7447

Information on other scanner support parts
Advanced heuristics module version: 1.031 (20060606)
Advanced heuristics module build: 1115
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.045 (20060524)
Archive support module build version: 1159

Information about installed components
NOD32 for Windows NT/2000/XP/2003/x64 - Base
Version: 2.51.26
NOD32 for Windows NT/2000/XP/2003/x64 - Internet support
Version: 2.51.26
NOD32 for Windows NT/2000/XP/2003/x64 - Standard component
Version: 2.51.26

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 1024 MB
Processor: AMD Athlon(tm) Processor (1325 MHz)


Does your info look similar to that? Pete

 

[jammer1221]

I am far from being anything to a security professional, but recently I had the same thing happen (for the first two files you listed). I was running NOD32 and it found the exact same thing in the exact same place with the same options that you said. Since I could not delete them through NOD32, I manually went in and deleted them but within a couple of minutes they were replaced. I finally renamed them and that worked, I have no idea why though.

I should tell you, although I can't remember if it was before or after I found the files you found, I had a huge system crash. I assume from some sort of virus or malware, but something messed with my registry hives, and a few of my system files. I couldn't login or do anything. Eventually I got to a place where I could get my data back, but I ended up re-installing the OS. So, I'm not sure what you have but I would make a back up of atleast your registry hives.

I don't want to worry you, because you may have a "false-positive", but its better safe than sorry.

Hope that helps you a little.

Matt