bluefire.exe

Hello
I have the problem that NOD32 V2.7 is not deleting bluefire.exe. When i scan the File i says that there is no VIRUS.

When i use AVG it says that there is a Virus and it is cleaning it.

 

Hi,

where is the file located?

 

its on every partition but is is hidden. Its activation when you click dubble on the drive. When you open it with the explorer than nothing happens.
The main part is under C:/Windows also as a hidden file but it is called svhost.EXE. You also find it in the taskmanager. the EXE is in big letters writen

Sample

From other users:

Bluefire.exe - how do I ger rid of this Help!
It all started when somebody used their USB flash disk on my PC. I obviously scanned it first, and my NOD32 AntiVirus indicated there was no virus. But when I opened his flash, this error message appeared:
"Bluefire.exe
The application failed to initiate properly (0xc0000005). Click OK to terminate the application"
It's been appearing ever since! And my PC is slowing down, Flash discs can't be stopped... HELP!

 

Yes, you have got malware on pc. I recommend you visit some forum, where you can send logs from miscellaneous utilities. Don't forget to send all infected files to samples[at]eset[dot]sk Into subject give the name of this thread.

Thanks

 

i was sending all the files to Eset. but nothing happens. It was 1 month before

 

Were files packed in archive with password "infected"? From which address did you send them? Then they can find them more early.

Thanks

 

can you send me the adress then i send the files again

 

Thanks


If you want to show them in your system, use Total Commander. Type this when you will in folder, where are located that files:

attrib -S -H -R "name of file.extension"

You can delete them, but I think that they are written on Registry. Run regedit and find issues with name "svchovst.exe".

 

i know how to delete it but normaly NOD32 schould do it

i will send you also another file to your adress.

 

After update 2788 your samples are detected as INF/Autorun and Win32/Hupigon.NEH

Thanks

 

thank you

Very good support

If i have still a problem then i will send the file sample to you.

Greetings Christoph

 

No problems, thanks.

 

i have now a new type of bluefire.exe

i was sending it to samples[at]eset[dot]sk

 

Hi!

After quarter of file are only zeros => I think file is damaged. Only at the beginning can be some threat. But when threat isn't complete, analysts can't add it.