Results 1 to 9 of 9

Thread: Infected File

  1. #1
    Silver Lounger Duchess843's Avatar
    Join Date
    Apr 2002
    Location
    Sicklerville, NJ
    Posts
    2,488
    Thanks
    36
    Thanked 0 Times in 0 Posts

    Infected File

    Has anyone heard of Adware.WBugA? I installed an AntiVirus Program named NOD32 (free trial). It found what it said was an infected file on my D drive. I searched Google, no results were found. The file that was infected was found in System Volume Information.. NOD32 said the file was safe to delete, which I did.
    <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Infected File

    I don't know Gloria.
    I never heard of it but a search of the Symantec site didn't turn up anything nor did the Google search that you also tried.
    What was the file that it supposedly infected?
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Infected File

    It's <code>Adware.WBug.A</code>, I think. Did you install WeatherBug? Older versions of it seem to be detected because it contained adware. Also, AIM (America Online Instant Messaging) may install WeatherBug

  4. #4
    Silver Lounger Duchess843's Avatar
    Join Date
    Apr 2002
    Location
    Sicklerville, NJ
    Posts
    2,488
    Thanks
    36
    Thanked 0 Times in 0 Posts

    Re: Infected File

    NOD32 didn't infect anything, it found an infection when I ran it, or so it says. After it ran a message appeared that said in it's entirety:

    THREAT FOUND! File infected. D:System Volumn Information _restore{959C02E7-0415-46EF-8A3D-1BOE7848BB193RP131A0025063.dll is infected with application Win32/Adware.WBugA.
    This file can be deleted. ( Leave Rename Delete Clean Replace ) buttons.

    That it .
    <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>

  5. #5
    Silver Lounger Duchess843's Avatar
    Join Date
    Apr 2002
    Location
    Sicklerville, NJ
    Posts
    2,488
    Thanks
    36
    Thanked 0 Times in 0 Posts

    Re: Infected File

    No Hans, I don't use Weather Bug. I searched My Computer and Regedit, no files found.
    <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Infected File

    That's a system restore point. Perhaps you had something on there and then removed it? Check how old that folders is. Unless you plan to roll back to that restore point, I suggest ignoring it.

    If the restore point was just created recently, perhaps it is a "false positive"? If NOD32 is the program from Eset, it uses a more advanced and speculative method of identifying malware that results in a slightly higher rate of false positives. It's a trade-off you have to accept for the program identifying more "new" viruses than other programs. If other spyware/adware scanners don't find anything wrong, I would ignore it. Also, some spyware/adware shares components or registry settings with legitimate software, and the scanners identify it anyway until enough people complain.

  7. #7
    Silver Lounger Duchess843's Avatar
    Join Date
    Apr 2002
    Location
    Sicklerville, NJ
    Posts
    2,488
    Thanks
    36
    Thanked 0 Times in 0 Posts

    Re: Infected File

    I had no idea that things on System Restore could be removed individually. Check out what folder? I did a search for System Restore and found only two shortcuts.

    I did more than ignore it, the antivirus program gave me a choice and I chose to delete the file. When I went to the NOD32 web page, there was no information on what viruses or malware they had discovered. In fact, there was no mention of that particular one or any other.
    Thanks for the information, I will consider the infected file notice as a false positive.
    <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Infected File

    Your earlier post contained a full path to the detected file. I was referring to that folder, the one containing that file. (It may well be hidden, so in order to browse to it manually in Windows Explorer, you might need to change your settings to view hidden files and folders.) Of course, now that the file is gone, there isn't much point in checking how long ago it was "stored" in the restore point.

  9. #9
    Silver Lounger Duchess843's Avatar
    Join Date
    Apr 2002
    Location
    Sicklerville, NJ
    Posts
    2,488
    Thanks
    36
    Thanked 0 Times in 0 Posts

    Re: Infected File

    You're so right, that would be like looking for the horse after the stall gate had been left open.
    <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •