Big hit or false positive

Discussion in 'NOD32 version 2 Forum' started by cliff, Apr 29, 2005.

Thread Status:
Not open for further replies.
  1. cliff

    cliff Registered Member

    Joined:
    Dec 4, 2004
    Posts:
    42
    Having not had any virus detected since installation last November, Nod32 detected this lot today on my sons pc. Have deleted the viruses and sent the
    files to Eset. Can MP3 downloads be a risk of virus attacks, also the binbatdoes folder is empty. Have not seen my son to ask what he was doing i think he's gone the pub and left me to clear the mess up as usual...
    The files in the Eset infected folder, can they be deleted by sending them to the windows bin?
    Copy of the log below.
    Scan performed at: 29/04/2005 10:49:13
    Scanning Log
    NOD32 version 1.1083 (20050429) NT
    Operating memory - probably unknown NewHeur_PE virus [7]

    date: 29.4.2005 time: 10:50:07
    Scanned disks, directories and files: C:
    C:\pagefile.sys - error opening (file locked) [4]
    C:\Documents and Settings\All Users\Application Data\mp3intrahelpsupport\bibblue.exe - probably unknown NewHeur_PE virus [7]
    C:\Documents and Settings\All Users\Application Data\mp3intrahelpsupport\Glue Web.exe - probably unknown NewHeur_PE virus [7]

    C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\axsdoqdk.exe - probably unknown NewHeur_PE virus [7]
    C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\ewwnqxzy.exe - probably unknown NewHeur_PE virus [7]
    C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\Global Wipe Base.exe - probably unknown NewHeur_PE virus [7]
    C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\jcoxyzjq.exe - probably unknown NewHeur_PE virus [7]
    C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\qqdqjohm.exe - probably unknown NewHeur_PE virus [7]
    C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\saaqaawy.exe - probably unknown NewHeur_PE virus [7]

    number of scanned files: 3827
    number of viruses found: 103
    time of completion: 10:51:34 total scanning time: 87 sec (00:01:27)

    Notes:
    [4] File cannot be open. It is being exclusively used by another application or operating system.
    [7] File is probably infected with an unknown virus. Please send it to sample@nod32.com

    Nod32 1, virus 0

    Cliff :'(
     
  2. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Try right-clicking on those folders you mentioned and go to Properties. In the General tab, take a look at the creation dates. It is quite possible that this unknown virus is what created these files and folders, especially if they were created very recently.

    In other words, I suspect that "mp3intrahelpsupport" and "BinBatDoes" are bogus folder names created by the virus, and they have nothing to do with downloading mp3s.
     
  3. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Just a reminder to submit these files as suggested, if you haven't already. Thanks in advance.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    It is likely that the beta 2.50 will identify them as variants of already known threats.
     
  5. Gauthreau

    Gauthreau Guest


    They sure can. P2P networks contain many viruses that are eager to be downloaded to others machines and spread. Also, new viruses have been created and reported as they attempt to combat "illegal" downloads whist not discriminating against legal mp3 downloads.


    http://www.theregister.co.uk/2005/04/22/nopiracy_worm/

    "The Nopir-B worm targets people it believes may be involved in piracy, but fails to discriminate between the true criminals and those who may have legally obtained MP3 files. Whichever side of the fence you come down on in regards to internet piracy, there's no debate about the criminal nature of this worm," said Graham Cluley, senior technology consultant for Sophos."

    It's a problem of vigilantes and their efforts "to save the world"

    Neil
     
  6. swoop

    swoop Registered Member

    Joined:
    Feb 5, 2004
    Posts:
    44
    Location:
    The Netherlands
    You mean, they'd be identified using the new generic detection? That migt be more usefull as to see "probably unknown NewHeur_PE virus" all the time...

    Cheers
     
Thread Status:
Not open for further replies.