WinSys2 Virus, nod didn't detect it

Ok, this is worrying, I just restarted my computer, there's this 'WinSys2' running in background and showing on taskbar (though nothing happens when clicking on it)

When i looked up 'Winsys2.exe' on internet it said its a virus

I'm on Nod32 ver 2117 (latest)

I have EVERYTHING set on max, detection is for all types, all those boxes checked.

I'm doing a full system scan, its not picking it up in memory at all (even though its running!) and so far its not coming up with anything on the hard drive.

HELP!

 

Upload the suspect file to virustotal.com and let us know the results.

I assume you have already configured your NOD32 with Blackspear's extra settings and run a scan.

 

If the VirusTotal shows something , send the suspected files to support@eset.com with a link to this thread and further details .

Also download HijackThis from here , extract it , run the exe file , choose "Do a system scan and save a log" . When the log pop-ups , attach it to your mail to ESET using copy/paste (no HJT logs allowed here)

 

Signatures, Heuristics, Adware/Spyware/Riskware, Potentially Unwanted Applications and Potentially Unsafe Applications are all checked yup, for all the AMON, IMON etc etc

i'll try and find the file on my hard drive and send it to that site you mentioned... watch this space!

 

https://www.wilderssecurity.com/showthread.php?t=37509

... but only after you perform the suggestions in the above posts

 

Ok update.

Sent the file to Virustotal.com

All results came back clean.

I'd like to think this would ease my mind, if it wasn't for the fact when i googled winsys2.exe , every website is telling me its very dangerous and to be deleted.

I also notitced i have winsys.exe on my hard drive too (both in system32/ and in system32/reinstallbackup directories

Tested that one too, came up clean on virustotal again *shrugs*

Think its safe to remove those files anyways from the hard drive??, or could that prevent some programs running. I can't find any information online as to whether either could be legitimately tied to any other running software.

*also wondering if i should still submit to eset for further analysis*

 

No , don't submit the file to ESET yet . It should be clean .However , it could be not a Windows one because don't have it on my XP computers . Find that file , right click it -> Properties and look at it . Is it digitally signed by a company ?If not , then send it to ESET just in case

 

Winsys2.exe gave Version Company as TODO

Winsys.exe gave nothing in 'other version information' but under Description on that Properties/Version tab it reads DOT MFC Application (c)2003

..hmmm

is it possible this isn't virus but a low level trojan that nod considers harmless enough to not report?

 

Do you know this company ? Program ?
Google results show this company and its programs (they are malware free)
http://www.todo.se

 

Winsys.exe is also listed as an MSI file (overclocking)
And of course a trojan

edit
By MSI I am talking about your mobo?

 

Ok . I simply can't guess because I don't have the necessary information . Just perform the suggestions I gave you above , send any suspcted files to ESET Tech Support + a HJT log to them and they decide if the files are malicious . They'll let you know the results .

Let us know the results !

 

MSI could be microstar international aka motherboard make
or it could be MSI as in microsoft installer file
lodore

 

MSI Dynamic Overclocking Technology
http://www.fileresearchcenter.com/?tag=BLOG

 

Based on my own googling, the virustotal results and what I have read in the thread I strongly suspect the file is benign.

Still if you get a response from ESET support let us know what they say.