W32/Horst.gen - What now?

Discussion in 'other anti-virus software' started by tepe2, Oct 1, 2006.

Thread Status:
Not open for further replies.
  1. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    What shall I do? Is this a false positive?

    Norman found trojan in two locations, and put it in quarantine:

    C:\Programfiles\Buypass\Smartcard (filename:SendMail.exe) and

    C:\system volume information\_restore{---- license key cencored----f128d8b0df89}\rp404 (filename:a0058193.exe)

    Date and size: aug 14 14:47 2003 48kb

    Diagnoze: W32/Horst.gen

    Can someone please help? Do I need to do anything at all?
     
  2. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
  3. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    No. Is it possible to scan the files while in quarantine? How?
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The second finding is in your System Restore points, so don't worry about that yet.

    I don't know where Norman keeps Quarantined files, but it could be something like:-

    C:/Program Files/Norman/Quarantine

    In which case it should be easy to find the encrypted file and submit it here:-

    http://virusscan.jotti.org/

    If you suspect a fp then it should also be safe to restore the file from Quarantine and then submit it, if need be. You can always re-quarantine it again should it be bad.
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    tepe2 you could go to your quarantine in Norman GUI and then choose restore the file to your desktop. (I hope you have this feature)
    Then go to VirusTotal and scan it there. :)
     
  6. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    I already tried to find the files in C:\program files\Norman etc.. but did not find them. I also asked for "show hidden files".

    I restored the files last night, but Norman put them back to quarantine after a few seconds. There was no option to where I could restore them to, but there is a choice like: save file as...

    Anyway, today Norman updated as soon as i turned my pc on. I restored the files from quarantine, but this time Norman was quiet. I then tried to scan one of the files with Norman, but nothing found. Also tried jotti and virustotal, but server too busy there. I will try again later.

    I believe this was a false positive, but I will try jotti and different online-scanners.

    Thanks to all of you for answering!

    (I posted in Norman forum first. At this point of time 17 people have read my post, and no answers. I love Wilders Security Forums)
     
  7. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    In these situations you would need to temporarily disable the realtime scanning of your AV Guard. Of course you would only do that where it is safe to do so - ie the file will not be run, or is in an archive, and is likely to be a fp etc.

    This one looks to be a definite fp.
     
  8. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I think they wehere FPs. ;)
     
Loading...
Thread Status:
Not open for further replies.