My virus checker, AVG 7.5 pro, is uptodate and so is SpyBot.

Whist browsing MyComputer AVG finds that two games executable files are infected with Win32/Heur. I have the offending files in the virus vault but the heal process is unavailable. After a complete scan one other executable is now reporting infection and is an application not run for 6 months or more.

Since these files are executables will this render them unusable and require me to reinstall the apps again?

I would grateful for any assistance.

See the discussion in the link below on "possible" false positives and how to confirm whether a file is actually infected.
"Heur" is short for heuristic which means a malware signature wasn't detected but something about the files was suspect enough that AVG reported it to you.
http://forum.grisoft.cz/freeforum/read.php?4,100014,100026

Thanks buddy215.

I already read that post earlier but will use the information to see if it is as it suggests a false/posistive.

Greetings all,

I managed to download this malware myself - in a file with suffix '.nfo.exe' (is there anyone dumb enough these days to _still_ be obfuscating their filetypes?)

Anyhoo, I went to Jotti's malware scanner & upped it for analysis - here's what I got (v. funny ) :

File: bleurgh.nfo.exe
Status: INFECTED/MALWARE
MD5: afc222f034bade5041cbee93dfd4fbae7
Packers detected: -

Scanner results
------------------
Scan taken on 31 May 2008 04:34:27 (GMT)

A-Squared...........................Found.........Backdoor.Win32.Kbot.by
AntiVir.................................Found.........TR/Crypt.XDR.Gen
ArcaVir.................................Found.........Adware.Searchit.J
Avast...................................Found.........Win32:Zbot-VQ
AVG Antivirus.......................Found.........nothing
BitDefender..........................Found.........nothing
ClamAV................................Found.........Trojan.Kbot-34
CPsecure.............................Found.........BackDoor.W32.Kbot.by
Dr.Web................................Found.........nothing
F-Prot Antivirus.....................Found.........nothing
F-Secure Anti-Virus...............Found.........Backdoor.Win32.Kbot.by
Fortinet................................Found.........nothing
Ikarus...................................Found.........Backdoor.Win32.Kbot.by
Kaspersky Anti-Virus.............Found.........Backdoor.Win32.Kbot.by
NOD32..................................Found.........probably a variant of Win32/Agent (probable variant)
Norman Virus Control............Found.........W32/Kbot.X
Panda Antivirus.....................Found.........nothing
Sophos Antivirus...................Found.........nothing
VirusBuster...........................Found.........nothing
VBA32...................................Found.........Backdoor.Win32.Kbot.by

Kinda says it all really, eh?

Oddly though, although Jotti's version of AVG reported 'nothing', it was exactly _that_ (AVG - my version, anyway) that flagged the file as 'Win32/Heur'...

Well, I just _had_ to get that little nuggette off my chest - & that's that.

Cheers all,

zarathustra

This is the topic that led me to Bleeping Computer. I've been working on a small work station in a church open-all-hours computer setting that has a Network, but without file sharing.

One of the work stations keeps getting a message from AVG Free 8 saying "Threat removed" - giving the file name as C/windows/system32/iegaieg.dll. Looking in the folder there are two files with this name, but one has .bak extension.

The message continues "Threat name: Virus found Win32/Heur - Detected on open."

Despite running a scan and looking at the history and opting to remove all threats, the message keeps coming up.

The file concerned is one that by Googling on brings up one page in Japanese; at least one other computer on the Network doesn't have this particular file in its system32 folder. The folders will not delete, which is probably a good thing.

Any ideas whether this is important, and if it isn't, is there a way of getting rid of either the virus and/or the message?

Dave Burrin

to delete a file that seems unable to be deleted, write down the complete path name ( you will need it) Being familiar with DOS is helpful
2. open your command prompt window
3. open task manager
4. close all applications
5. in task manager close explorer.exe
6. type del c:\windows\system32\iegaieg.dll

if that doesn't delete the file repeate the 1-5 and do the following until you get yourself into the correct root directory in
the command prompt window.
you may have to try a few variations to get to the correct directory but if you don't know DOS cd means change directory in the command prompt window type cd:(path)


you may have to change to c first
cd\c:\
or cd c:\
then continue to change directories until you get to the one the file is in you want to delete
In other words only chainging one branch of the directory tree at a time
such as cd c:\windows
cd \system32
or cd\windows\system32 whichever works for you
anyway once the command prompt confirms you managed to change to the correct directory
type del iegaieg.dll

the trick is to do it without the windows being loaded. If you have bootable software to give you a base dos shell, great you can skip all this and do it directly from there. But it is the only way to delete a file imbedded in explorer

I hope this helps or maybe someone can explain how to use DOS a little better then I can. It has been many years since I used DOS ona regular basis.

Good luck