trojan.downloader.AdMSI

Discussion in 'malware problems & news' started by beethoven, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    One of my pc is running MS Antispyware and this program just detected Trojan.downloader.AdMSI in x\document and settings\account\localsetting\temp\is-hiubv.temp\-shfoldr.dll.

    As this particular pc is not yet on NOD, I am a bit worried. The resident AV did not show anything (NAV) and doing a jotti scan also was without any alert (incl. NOD). MS has quarantined the file. I did a google but could not find any relevant information. Does anybody know about this particular file and where is may come from or what it does?
     
  2. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    I would submit this particular file to ESET or Kaspersky for further analyse. ;)
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    Fosius, I think I can find the address for NOD but would you know the Kaperski submission address?

    edit: found it :)
     
    Last edited: Sep 26, 2005
  4. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi,

    i had the same file flagged by MSAS. I think it may be a FP, I have NOD32 and EWIDO on my pc and none of them finds anything, also a scan at Jotti and VirusTotal also returned nothing. Of course, it could be something nasty that only MSAS detects, just my feelings is that is not the case.

    thanks, lee
     
  5. HELP!

    HELP! Guest

    I have it too! Avast antivirus didnt see it either! What do I do to get rid of it PLEASE HELP! email me if necessary at chodat at shaw dot ca.... please!!!!!!!
    posted by stephanie.
     
  6. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    I submitted the file to NOD and Kaspersky and while I did not hear back from NOD, Kaspersky told me that my file was clean. I just deleted it within quarantine - seems to be just a FP.
     
Thread Status:
Not open for further replies.