My PC is infected?

Discussion in 'NOD32 version 2 Forum' started by POS, Dec 15, 2005.

Thread Status:
Not open for further replies.
  1. POS

    POS Guest

    I´ve downloaded a file and I think it is a virus or trojan. No antivirus program have detected it, but I´m shure this is a virus.

    http://tinypic.com/insbb8.jpg

    I´ve just downloaded it, zipped using 7zip and sent it to Happy Bytes. The problem is that I can´t delete the file anymore. Alert mensege appears saying that the file is running and can not be deleted... I think i´m infected, but I didn´t open the file. I possible to be infected without running the file? Please, add fast a signature for this file!
     
  2. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    What makes you think that this is a virus and not spywre/malware. Why not also try running a spyware/malware remover and see what results you get.

    Also have you tried deleting it in Safe Mode ?
     
  3. POS

    POS Guest

    how can I enter the safe mode?
     
  4. POS

    POS Guest

    Ok, I´ve enter in safe mode and deleted the file. Thanks. Hope Eset adds a signature for this file.
     
  5. POS

    POS Guest

    I´ve sent the file to KAV labs too:

    "Hello.
    No malicious software was found in the attached file.
    -----------------
    Regards, Alexey Malanov
    Virus Analyst, Kaspersky Lab."

    So what this file is? Maybe a corrupted virus? So why I wasn´t able to delete the file? The spam I´ve reicived with this file has all the characteristics of an infected e-mail... any opinions?
     
  6. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    Now I got a problem.. I can´t delete the file in safe mode too..

    I have Process Guard. When I try to execute the file, PG says the file is launched by explorer.exe, and the command line is: "c:\Windows\System32\ntvdm.exe" -f -i7
     
  7. Happy Bytes

    Happy Bytes Guest

    That's the 16Bit Virtual Machine
     
  8. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    May you translate this? :rolleyes: :) Is it a virus? Why I can´t delete it, even in safe mode?
     
  9. Happy Bytes

    Happy Bytes Guest

    That is a system part. It's the support for 16Bit Dos Apps etc...

    And by the way you're submitting "This Page could not be found" HTML Error Files from AOL as virus. Of course everybody will reply it's clean :D

    As i told you before - That Firefox offers something to save doesn't mean it's able to download this executable. It only saves the html error page.
     
  10. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    So what is this file doing on my desktop? And why I can´t delete it? Its not an HTML file, and I´ve downloaded it from the link i´ve sent to you..

    hxxp://tinypic.com/inv9g8.jpg
     

    Attached Files:

    Last edited by a moderator: Dec 16, 2005
  11. Happy Bytes

    Happy Bytes Guest

    :D :D :D

    Are you trying to educate me about file types and malicous code? :D
    You have already the gurantee that you will fail :D

    Open Notepad. Drag this vercartao.exe from your desktop into notepad - make screenshot and post here...
     
  12. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi!

    download unlocker from the web and "unlock" it from explorer
    if u get an empty screen - press ctrl+alt+del to get into taskmanager
    in taskmanager goto "run" and type explorer.exe
    after that delete that file from desktop
    hope that helps...
     
  13. Happy Bytes

    Happy Bytes Guest

    This file isn't infected. It's a normal HTML file. There is some "valid" opcode (from a 16 bit dos app view) that's why it starts the 16-bit vm system on his system, because he tried to start this executable (which isn't a executable at all even if it has .exe file suffix)
    You can also start some GIF files in the command window as .COM - that doesnt automatically mean that a GIF file is malicious...
     
  14. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    WoW, new avatar! An eset employee? :rolleyes: :rolleyes:
     
  15. Happy Bytes

    Happy Bytes Guest

  16. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
  17. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    Happy Bytes,

    I´m not trying to educate you. I know you are one of the best AV specialist on the world.

    I just don´t understand what is happening with this file on my computer.

    Tryed unlocker, but still can´t delete this file.
     
    Last edited: Dec 16, 2005
  18. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
  19. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Go to www.excessive-software.eu.tt and download my avast! External Control (don't worry if it says that you don't have avast! installed).
    Use "Advanced File Remover" feature, select the file and say goodbye to it :)
     
  20. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    Thanks RejZoR, the file was removed!

    I´ve reicived this file in some kind of Love letter... like "click here and see who sent this letter to you". I was shure it was a virus... but Eset and KAV labs said this is not a virus. What is the intention of this e-mail and this file? Just annoying the user?
     
  21. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    maybe juast a spam mail. If eset and kaspersky labs said that its not a virus then you are safe :D dont be so paranoid
     
  22. ragnarok

    ragnarok Registered Member

    Joined:
    Jul 14, 2005
    Posts:
    36
    you also could have dragged the file itself into "system symbol" (u know, the old DOS), just before you add "del" + one space to the command line.
     
Thread Status:
Not open for further replies.