Win32/HLLW.Stepaik.C virus

Discussion in 'malware problems & news' started by Proteus, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. Proteus

    Proteus Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    7
    Hello. I just did a scan with ravantivirus and found that a file is infected with a virus: C:\WINDOWS\I386\DPVSETUP.EX_->dpvsetup.exe
    Virus name: Win32/HLLW.Stepaik.C :mad:
    Would it be safe to delete this infected file and is there a backup for it?
     
  2. v_e_chicago

    v_e_chicago Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    3
    Hi,

    I just got the same reading with RAV; I'm investigating further. For the time being I suggest NOT deleting this file; quarantine it.

    I suspect this is a false reading of some sort. I have two hard drives; the second is strictly a backup, with a parallel installation of Windows XP Home. RAV is showing the same infection on the F-drive as on the C-drive, which is next to impossible, as I have not booted from/run with F-drive in several weeks.

    I have also scanned with Grisoft AVG anti-virus (both drives, both files).... reading is "negative" (no virus present).

    The solution to this will probably be to find the original DPVSetup.exe file on the Windows XP installation disc (may be easy, may not). If RAV *again* indicates it is infected, then they have an error in their latest definitions.

    Were you able to buy a copy of RAV before they stopped selling it? I missed it by a few days. I keep re-installing the trial copy at the end of each 30-day period. So far, no problems doing this -- they continue to support the freebie with the usual virus definition updates.

    I am 99% satisfied with RAV; however, this exact same thing happened once before, several months ago.... after retrieving their latest update, it identified a file as being infected, but it actually was not.

    Tom, Chicago
    v_e_chicago@yahoo.com
     
    Last edited: Jul 12, 2004
  3. v_e_chicago

    v_e_chicago Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    3
    Re: Win32/HLLW.Stepaik.C virus PART II

    PART II

    I looked at the actual installation CD for Windows XP home (which, in my case, is a pair of "recovery discs" for the PowerSpec brand computer, purchased from MicroCenter.

    RAV indicates the same file on the CD itself is infected--which, to the best of my knowledge, is impossible, barring some sort of extraordinary "sleeper" virus which would have had to sit dormant for over a year (I purchased the computer in June of 03).

    RAV has just goofed up somewhere.

    THIS is the "enemy file" -- zaika-dropper.exe

    Check your Task Manager to see if this process is running; also, do a search of all files on the computer. If this file is not present anywhere, then the machine is not infected with the HLLW.Stepaik.C virus.

    Considering that thanks to the buyout by Microsoft (damn it), RAV will soon be discontinuing its anti-virus operation, and considering that this is the second time I've received a false reading, I guess the product has outlived its usefulness.

    Check out this product as an alternative -- I have always considered it my "close second favorite" after RAV, and they offer a completely FREE version:

    http://free.grisoft.com/freeweb.php

    Tom
    email v_e_chicago@yahoo.com
     
    Last edited: Jul 12, 2004
  4. v_e_chicago

    v_e_chicago Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    3
    Proteus, get the new RAV update. :D

    I contacted them, and sent them the file which was giving the false negative. It was indeed their problem, as I suspected. Their new definition has been corrected.

    Tom
    v_e_chicago@yahoo.com
     
Loading...
Thread Status:
Not open for further replies.