WinSys2 Virus, nod didn't detect it

Discussion in 'NOD32 version 2 Forum' started by Arksun, Mar 15, 2007.

Thread Status:
Not open for further replies.
  1. Arksun

    Arksun Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    13
    Ok, this is worrying, I just restarted my computer, there's this 'WinSys2' running in background and showing on taskbar (though nothing happens when clicking on it)

    When i looked up 'Winsys2.exe' on internet it said its a virus

    I'm on Nod32 ver 2117 (latest)

    I have EVERYTHING set on max, detection is for all types, all those boxes checked.

    I'm doing a full system scan, its not picking it up in memory at all (even though its running!) and so far its not coming up with anything on the hard drive.

    HELP!
     
  2. extratime

    extratime Registered Member

    Joined:
    Oct 14, 2005
    Posts:
    100
    Upload the suspect file to virustotal.com and let us know the results.

    I assume you have already configured your NOD32 with Blackspear's extra settings and run a scan.
     
  3. ASpace

    ASpace Guest

    If the VirusTotal shows something , send the suspected files to support@eset.com with a link to this thread and further details .

    Also download HijackThis from here , extract it , run the exe file , choose "Do a system scan and save a log" . When the log pop-ups , attach it to your mail to ESET using copy/paste (no HJT logs allowed here)
     
  4. Arksun

    Arksun Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    13
    Signatures, Heuristics, Adware/Spyware/Riskware, Potentially Unwanted Applications and Potentially Unsafe Applications are all checked yup, for all the AMON, IMON etc etc

    i'll try and find the file on my hard drive and send it to that site you mentioned... watch this space!
     
  5. ASpace

    ASpace Guest

  6. Arksun

    Arksun Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    13
    Ok update.

    Sent the file to Virustotal.com

    All results came back clean.

    I'd like to think this would ease my mind, if it wasn't for the fact when i googled winsys2.exe , every website is telling me its very dangerous and to be deleted.

    I also notitced i have winsys.exe on my hard drive too (both in system32/ and in system32/reinstallbackup directories

    Tested that one too, came up clean on virustotal again *shrugs*

    Think its safe to remove those files anyways from the hard drive??, or could that prevent some programs running. I can't find any information online as to whether either could be legitimately tied to any other running software.

    *also wondering if i should still submit to eset for further analysis*
     
  7. ASpace

    ASpace Guest

    No , don't submit the file to ESET yet . It should be clean .However , it could be not a Windows one because don't have it on my XP computers . Find that file , right click it -> Properties and look at it . Is it digitally signed by a company ?If not , then send it to ESET just in case
     
  8. Arksun

    Arksun Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    13
    Winsys2.exe gave Version Company as TODO

    Winsys.exe gave nothing in 'other version information' but under Description on that Properties/Version tab it reads DOT MFC Application (c)2003

    ..hmmm

    is it possible this isn't virus but a low level trojan that nod considers harmless enough to not report?
     
  9. ASpace

    ASpace Guest

    Do you know this company ? Program ?
    Google results show this company and its programs (they are malware free)
    http://www.todo.se
     
  10. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    Winsys.exe is also listed as an MSI file (overclocking)
    And of course a trojan

    edit
    By MSI I am talking about your mobo?
     
    Last edited: Mar 15, 2007
  11. ASpace

    ASpace Guest

    Ok . I simply can't guess because I don't have the necessary information . Just perform the suggestions I gave you above , send any suspcted files to ESET Tech Support + a HJT log to them and they decide if the files are malicious . They'll let you know the results .

    Let us know the results ! :thumb:
     
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    MSI could be microstar international aka motherboard make
    or it could be MSI as in microsoft installer file
    lodore
     
  13. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
  14. extratime

    extratime Registered Member

    Joined:
    Oct 14, 2005
    Posts:
    100
    Based on my own googling, the virustotal results and what I have read in the thread I strongly suspect the file is benign.

    Still if you get a response from ESET support let us know what they say.
     
Thread Status:
Not open for further replies.