Results 1 to 12 of 12
  1. #1
    2 Star Lounger
    Join Date
    Jan 2011
    Posts
    192
    Thanks
    21
    Thanked 2 Times in 2 Posts

    What's Win32/Small.CA virus?

    I use Sophos End Point and Security Antivirus and have never once had an infection since I have used that - I think its awesome.

    Windows action centre has started to report that I need to remove the Win32/Small.CA virus. I have read up on it in several different forums, and some indicate it is a really nasty virus, and others say it's just a false positive.

    I have followed the normal virus removal procedures -
    1. Full scan with Sophos of all drives = nothing picked up.
    2. I then downloaded the Microsoft Safety and Security Centre, which is essentially a standalone AV and cleaner.
    3. Multiple re-starts = nothing found, but the Action Centre still pops up with the message.

    Any suggestions? Is this a false positive, or should I be concerned? How do I remove the virus?

    Thanks very much for your input!

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    9,954
    Thanks
    126
    Thanked 1,100 Times in 1,012 Posts
    Download Malwarebytes Antimalware and scan your system.
    Rui
    -------
    R4

  4. The Following User Says Thank You to ruirib For This Useful Post:

    Photorer (2013-11-07)

  5. #3
    2 Star Lounger
    Join Date
    Jan 2011
    Posts
    192
    Thanks
    21
    Thanked 2 Times in 2 Posts
    Same result....... nothing found!

  6. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    9,954
    Thanks
    126
    Thanked 1,100 Times in 1,012 Posts
    I suggest that you archive the current message and then see if it appears again.
    Rui
    -------
    R4

  7. #5
    2 Star Lounger
    Join Date
    Jan 2011
    Posts
    192
    Thanks
    21
    Thanked 2 Times in 2 Posts
    Done that, too.... still pops up the next restart of the computer.

    Malwarebytes did find something - There was something called OpenCandy that was installed. Malwarebytes removed it.

    When I went to find out about this, it is a small programme that is installed at the same time as you install something you want to install but gives the option of installing additional software (like Bing Bar or something else) It is supposed to remove itself straightaway, but it appears that it did not. This is not, however the problem....

    I still get the same Action Centre Warning! Win32/Small.CA found....

    Tried CCleaner, which did not find anything, either (although it is only there for cleaning up files and some registry cleanup..... cleaned up, but nothing changed....

  8. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    9,954
    Thanks
    126
    Thanked 1,100 Times in 1,012 Posts
    I can't say that I am a specialist at this, so I would suggest one further step. Download the Emsisoft's Free Emergency kit and run the scanner. Let me know if it finds anything.
    Rui
    -------
    R4

  9. The Following User Says Thank You to ruirib For This Useful Post:

    Photorer (2013-11-07)

  10. #7
    2 Star Lounger
    Join Date
    Jan 2011
    Posts
    192
    Thanks
    21
    Thanked 2 Times in 2 Posts
    Thanks for that link - it looks like a really handy tool!

    Downloaded, and ran....
    All it found was a registry entry as follows:
    Trace.Registry.Reg.Tidy (A)

    Removed it.... lets see if the message returns.

  11. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    9,954
    Thanks
    126
    Thanked 1,100 Times in 1,012 Posts
    Well if Sophos, Malwarebytes, Emsisoft, Microsoft's Safety scanner are all in agreement, it's likely a false positive. If you want to proceed with further investigation,I would probably recommended the bleepingcomputer.com forums, they deal with similar issues in a fairly exhaustive way and usually resort to a set of tools that may help finding the cause or fixing the system.

    Just one final question - are you up to date with Windows patches?
    Rui
    -------
    R4

  12. The Following User Says Thank You to ruirib For This Useful Post:

    Photorer (2013-11-07)

  13. #9
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,468
    Thanks
    62
    Thanked 500 Times in 450 Posts
    Sophos thinks it to be a false-positive in Microsoft's Windows Defender triggered by a crash of services.exe

    See http://www.sophos.com/en-us/support/...51/119716.aspx

    Jerry

  14. The Following 2 Users Say Thank You to jwitalka For This Useful Post:

    BruceR (2013-11-07),Photorer (2013-11-07)

  15. #10
    New Lounger
    Join Date
    Nov 2013
    Posts
    11
    Thanks
    0
    Thanked 1 Time in 1 Post
    Well, I would suggest using a Rescue Disc in this case.

  16. The Following User Says Thank You to JackChill420 For This Useful Post:

    Photorer (2013-11-07)

  17. #11
    2 Star Lounger
    Join Date
    Jan 2011
    Posts
    192
    Thanks
    21
    Thanked 2 Times in 2 Posts
    OK - here we are almost a week later, without another Message in the message centre. Not quite sure what stopped it, but it does seem to be behaving for now!
    Thanks all for the great advice!

  18. #12
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,239
    Thanks
    134
    Thanked 105 Times in 90 Posts
    For the record, here's the FAQ about OpenCandy:

    http://www.opencandy.com/faqs/

    The only way to rid yourself of OpenCandy is to uninstall or completely remove (Revo Uninstaller) the software whose installer and uninstaller (and any in-program updaters) still contain OpenCandy. The Registry Traces of OpenCandy are persistent and not worth removing, from a security standpoint. A lot of free software has resorted to supporting itself using this and similar other "push adware" in their installers. Sad but true, there is no such thing as a Free Lunch.

    But the alleged malware listed may or may not in fact belong to OpenCandy. In which case, given the concensus among antivirus scans, this seems to be a false-positive.
    -- Bob Primak --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •