an unknown file discovered by NAV

Discussion in 'other anti-virus software' started by hankach, Sep 20, 2005.

Thread Status:
Not open for further replies.
  1. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    Hi all ,

    After a total scan by NAV,it found a file C:\x.cab which has a virus or a trojan and couldnt be quarantined, knowing that it is created since November 2004 .
    Is there any possibilty to know the function of this file or if it is necessary before deleting it manually ? or shall i use another program ?

    Thank you very much .
     
  2. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Hi Hankach !
    Submit it to Jotti please.
    This could be a false-positive.
    What is the name of this malware ?

    Regards,
    M.J.
     
    Last edited: Sep 20, 2005
  3. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    Hi Mack,

    It is just like this C:\x.cab

    who is Jotti and how to proceed pls .

    Thank you much
     
  4. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
  5. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    i did a scan and i got the following :
    File: x.cab
    Status: INFECTED/MALWARE
    MD5 fce065dcafae56397c12355184638a3e
    Packers detected: -
    Scanner results
    AntiVir Found Trojan/Spam.AvaFX
    ArcaVir Found Trojan.Clicker.Agent.Ac
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    It's a Trojan Clicker:-

    http://www.viruslist.com/en/virusesdescribed?chapter=152540521#clickers

    http://securityresponse.symantec.com/avcenter/venc/data/trojan.a.d.clicker.html

    Were no other scanners finding it?

    You could try uploading the file here for confirmation:-

    http://www.kaspersky.com/remoteviruschk.html

    You could also do an online trojan scan with ewido:-
    http://www.ewido.net/en/onlinescan/run/

    However you haven't given the file path, so we don't know whereabouts it is on your computer. Since it is in a .CAB archive file, a scanner is unlikely to deal with it, you would have to delete the whole archive. Unless you fancy opening it in Notepad an editing out the bad bit!
     
  7. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    it is in C:\x.cab
     
  8. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    NAV is finding it as a virus but cant quarantine it how to do shall i simply delete it?
     
  9. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    That was quick I hadn't even finished!

    If it is confirmed bad, I would just delete the whole file. I believe AVs will only quarantine files under a certain size - how big is this one?

    Edit - Maybe it won't quarantine it 'cos it is in an archive? Malware in an archive is totally safe; it can only cause a problem if it is extracted from the archive.
     
    Last edited: Sep 21, 2005
  10. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    it has 21,5 Kb and it is a zip archive indeed.when clicking on properties it shows type of file Cab archive and opens with quick zip .
    How to delete such a file simply by deleting it manually ? i am afraid not to have other roots somewhere?
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    the malware is likely compressed inside and hasnt spread so id just delete the archive then rerun a scan with ur antivirus and maybe another online scanner too.
     
  12. hankach

    hankach Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    61
    I have deleted it manaually and did a scan . it disappeared .thank you all .
     
Loading...
Thread Status:
Not open for further replies.