Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NewHeur_PE


  • Please log in to reply
1 reply to this topic

#1 jugmar

jugmar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 09 May 2009 - 04:24 AM

Hi,

Yesterday I opened a torrent and NOD32 promptly say how this is a virus. I deleted and quaranteened eveything. But, now whenever I start my computer, I get New NOD32 Warnings. "something" on my comp want to go to 174.139.9.42/winsvc.exe and want to install some files... NOD32 don't let it do, so I think nothing happened yet and my comp don't seem infected with nothing. I scanned with a NOD32 and several spyware and malware programs, but nothing was finded. What should I do? Bytheway, 174.139.9.42 is the IP of a http://store.steampowered.com/...

Thamks

Marko

Edited by boopme, 09 May 2009 - 04:59 PM.
Link is Safe~~boopme


BC AdBot (Login to Remove)

 


#2 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:04:50 PM

Posted 09 May 2009 - 05:42 PM

A couple of points to bring up about your post/problem.

Yesterday I opened a torrent and NOD32 promptly say how this is a virus.


Did NOD cry on the .torrent file, or its contents? If it balked on the .torrent, chances are it's a false positive, but that could be easily verified by submitting the .torrent file to a service like http://www.virustotal.com/ or http://www.jotti.org/ where the file will be scanned by many anti-virus/trojan/malware programs. This will give you a better overview of the file.

If it balked at the content of the torrent, or the actual downloaded files, then the chances of it being infected are higher. You have to be aware that many torrents are infected, that's part of the risk you take when you download them. Carefully look at the AV warnings, and if you want to be sure, upload the file(s) to VT or Jotti.

Since the IP is to a Steam server, I am assuming you have a Valve game installed? If that's the case, perhaps it's an update to the Steam engine. Again, look at the prompts carefully and see what files are trying to connect. This will help give you direction to investigate.

Without more info as to what files are doing what, any advice beyond that is a shot in the dark.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users