 Avg Report Win32/heur |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Jun 21 2007, 05:21 PM
Post
#1
|
|
|
Member  Group: Members Posts: 36 Joined: 15-June 07 From: NW England Member No.: 136,745  |
Whist browsing MyComputer AVG finds that two games executable files are infected with Win32/Heur. I have the offending files in the virus vault but the heal process is unavailable. After a complete scan one other executable is now reporting infection and is an application not run for 6 months or more. Since these files are executables will this render them unusable and require me to reinstall the apps again? I would grateful for any assistance. |
 |
 
|
|
Jun 21 2007, 05:54 PM
Post
#2
|
|
|
Forum Addict Group: Members Posts: 3,840 Joined: 14-April 06 Member No.: 64,042 |
See the discussion in the link below on "possible" false positives and how to confirm whether a file is actually infected.
"Heur" is short for heuristic which means a malware signature wasn't detected but something about the files was suspect enough that AVG reported it to you. http://forum.grisoft.cz/freeforum/read.php?4,100014,100026 This post has been edited by buddy215: Jun 21 2007, 06:15 PM |
|
|
|
|
Jun 21 2007, 07:49 PM
Post
#3
|
|
|
Member Group: Members Posts: 36 Joined: 15-June 07 From: NW England Member No.: 136,745 |
Thanks buddy215.
I already read that post earlier but will use the information to see if it is as it suggests a false/posistive. 
|
|
|
|
 May 31 2008, 12:03 AM
Post
#4
|
|
|
New Member Group: Members Posts: 2 Joined: 26-January 08 Member No.: 186,344 |
Greetings all,
I managed to download this malware myself - in a file with suffix '.nfo.exe' (is there anyone dumb enough these days to _still_ be obfuscating their filetypes?) Anyhoo, I went to Jotti's malware scanner CODE http://virusscan.jotti.org/ & upped it for analysis - here's what I got (v. funny  ) :File: bleurgh.nfo.exe Status: INFECTED/MALWARE MD5: afc222f034bade5041cbee93dfd4fbae7 Packers detected: - Scanner results ------------------ Scan taken on 31 May 2008 04:34:27 (GMT) A-Squared...........................Found.........Backdoor.Win32.Kbot.by AntiVir.................................Found.........TR/Crypt.XDR.Gen ArcaVir.................................Found.........Adware.Searchit.J Avast...................................Found.........Win32:Zbot-VQ AVG Antivirus.......................Found.........nothing BitDefender..........................Found.........nothing ClamAV................................Found.........Trojan.Kbot-34 CPsecure.............................Found.........BackDoor.W32.Kbot.by Dr.Web................................Found.........nothing F-Prot Antivirus.....................Found.........nothing F-Secure Anti-Virus...............Found.........Backdoor.Win32.Kbot.by Fortinet................................Found.........nothing Ikarus...................................Found.........Backdoor.Win32.Kbot.by Kaspersky Anti-Virus.............Found.........Backdoor.Win32.Kbot.by NOD32..................................Found.........probably a variant of Win32/Agent (probable variant) Norman Virus Control............Found.........W32/Kbot.X Panda Antivirus.....................Found.........nothing Sophos Antivirus...................Found.........nothing VirusBuster...........................Found.........nothing VBA32...................................Found.........Backdoor.Win32.Kbot.by Kinda says it all really, eh? Oddly though, although Jotti's version of AVG reported 'nothing', it was exactly _that_ (AVG - my version, anyway) that flagged the file as 'Win32/Heur'... Well, I just _had_ to get that little nuggette off my chest - & that's that. Cheers all, zarathustra
|
|
|
|
|
Jul 22 2008, 04:56 PM
Post
#5
|
|
|
New Member Group: Members Posts: 4 Joined: 22-July 08 Member No.: 224,448 |
This is the topic that led me to Bleeping Computer. I've been working on a small work station in a church open-all-hours computer setting that has a Network, but without file sharing.
One of the work stations keeps getting a message from AVG Free 8 saying "Threat removed" - giving the file name as C/windows/system32/iegaieg.dll. Looking in the folder there are two files with this name, but one has .bak extension. The message continues "Threat name: Virus found Win32/Heur - Detected on open." Despite running a scan and looking at the history and opting to remove all threats, the message keeps coming up. The file concerned is one that by Googling on brings up one page in Japanese; at least one other computer on the Network doesn't have this particular file in its system32 folder. The folders will not delete, which is probably a good thing. Any ideas whether this is important, and if it isn't, is there a way of getting rid of either the virus and/or the message? Dave Burrin |
|
|
|
|
Oct 9 2008, 02:32 PM
Post
#6
|
|
|
New Member Group: Members Posts: 3 Joined: 15-February 08 Member No.: 190,306 |
QUOTE(Dave Burrin @ Jul 22 2008, 05:56 PM)  This is the topic that led me to Bleeping Computer. I've been working on a small work station in a church open-all-hours computer setting that has a Network, but without file sharing. One of the work stations keeps getting a message from AVG Free 8 saying "Threat removed" - giving the file name as C/windows/system32/iegaieg.dll. Looking in the folder there are two files with this name, but one has .bak extension. The message continues "Threat name: Virus found Win32/Heur - Detected on open." Despite running a scan and looking at the history and opting to remove all threats, the message keeps coming up. The file concerned is one that by Googling on brings up one page in Japanese; at least one other computer on the Network doesn't have this particular file in its system32 folder. The folders will not delete, which is probably a good thing. Any ideas whether this is important, and if it isn't, is there a way of getting rid of either the virus and/or the message? Dave Burrin to delete a file that seems unable to be deleted, write down the complete path name ( you will need it) Being familiar with DOS is helpful 2. open your command prompt window 3. open task manager 4. close all applications 5. in task manager close explorer.exe 6. type del c:\windows\system32\iegaieg.dll if that doesn't delete the file repeate the 1-5 and do the following until you get yourself into the correct root directory in the command prompt window. you may have to try a few variations to get to the correct directory but if you don't know DOS cd means change directory in the command prompt window type cd:(path) you may have to change to c first cd\c:\ or cd c:\ then continue to change directories until you get to the one the file is in you want to delete In other words only chainging one branch of the directory tree at a time such as cd c:\windows cd \system32 or cd\windows\system32 whichever works for you anyway once the command prompt confirms you managed to change to the correct directory type del iegaieg.dll the trick is to do it without the windows being loaded. If you have bootable software to give you a base dos shell, great you can skip all this and do it directly from there. But it is the only way to delete a file imbedded in explorer I hope this helps or maybe someone can explain how to use DOS a little better then I can. It has been many years since I used DOS ona regular basis. Good luck This post has been edited by beanniebaby: Oct 9 2008, 03:50 PM |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th July 2009 - 06:58 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.