Advice Needed on threat found by Ewido

Hi Everyone,

Hope somebody can advise me on this threat identified today by Ewido. It is named as:

"C:\WINDOWS\OEBackup.CAB/OEBackup.exe -> Heuristic.Win32.Hijacker1"

Ewido cannot clean the file and returns the error message below:

"The file 'C:\WINDOWS\OEBackup.exe' cannot be removed because it is embedded in the archive 'C:\WINDOWS\OEBackup.CAB'. Do you want to remove the whole archive?"

I don't know whether it would be safe to remove the whole archive out of CAB files and hope somebody on the forum can help me with this.

TIA,
Elray

 

Maybe these guys can help.

http://www.geekstogo.com/forum/Antivirus_gold_Trojan_and_oneclicksearch escom-t41416.html

Appears you been hit by.

http://www,tonowhere.com

~Mod note....edited clickable hyperlink. We have enough users machines infected....Bubba~

 

Thanks for your reply, Controler. I have posted at the site you referred me to and will see what they say.

I don't have any evidence of infection in my system. No hijacking or system slowdown and no other application finds a problem with the file Ewido objects to. When I track it down it is really only a file archived in Winzip and which has been there since September 2003 so I think it is a false positive!

Thanks for taking the time to redirect me. I don't like to find ANY malware on my system so I'll follow it up.

Cheers,

Elray

 

Elray

you are welcome and if the file is only in a archive and has not been executed,
you should be ok. I would still wonder where you picked up the archive.

You should tell right away after your Hijackthis log has been posted at that site.
You, yourself would see some of the same lines in your log as listed on that page.

I am suspicious about that site , since I went there, it gave me an alert my PC was infected LOL. I don't think Spysweeper would alow an infection.
Still a naughty site.

controler

 

FYI Controler,

I've double checked the file Ewido dislikes. It is definitely a file archived in WinZip from a "Backup Outlook Express" program I intended to try - this was back in 2003! That file has been sitting in the WinZip archive since then with no problems arising.

I've now scanned that file with several other apps. and get no alerts at all. As I said, my computer is not experiencing any slowdowns at all and no hijacking or other disturbances and everything is running very well. No strange processes in evidence and no firewall breaches.

I've now deleted the archive (and quarantined it) and will send it to Ewido once I can get it away. Last night I couldn't connect to their servers. Too many people downloading the new version I suppose. I'll try again later.
Thanks for your response and advice.

Elray.

 

Hi there Elray

I am on the HJT staff at GTG (UKBiker) so i had a look to see if your post had been responded to. Unfortunately, you posted in the wrong section of the forums. If you go to

http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

read the instructions as to how to post a HJT log, then post one. I will pick it up and deal with it for you. Send me a PM at GTG to let me know when you have made the post.

HDRider UK

 

Thank you. I've posted as requested.

Elray

 

Hi Elray, just to let you know that the log was clean.

HDRiderUK