Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has anyone dealt with win32/detplock?


  • Please log in to reply
6 replies to this topic

#1 GLaDOS

GLaDOS

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 02 August 2015 - 05:57 PM

 
Hi all,

I was running some scans on my PC using Malware-bytes and Windows Security Essentials. I generally try to run these at least once a week and everything normally comes up clean since I pretty much only visit the same handful of sites on this particular machine.

However, last night Microsoft Security Essentials turned up a hit for something called win32/detplock on one of my data drives. I immediately quarantined then removed it and deleted the directory it was in. I did some research and didn't see any specifics on this particular malware but every site seemed to state, in very general terms, that it was dangerous.

I was wondering if anyone had dealt with this malware before. My gut instict when dealing with viruses, malware, etc. is to do a complete reinstall of my system. But this machine has a number of different drives and a lot of data that would need to be restored if I were to format every drive, so I'm wondering if that may be overkill in this case - especially since I haven't seen any strange activity before or after and I've run numerous full scans since the discover.
 
I'm also curious as to how I got infected, but I'm betting that's a mystery that will not be solved...
 
Any advice or guidance you can provide would be most appreciated. I'm not sure what an appropriate response to this threat might be, so I wanted to turn to the community here. As always thank you for your help!

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:24 AM

Posted 03 August 2015 - 04:40 AM

I would question what was actually found as to whether it was malware or a false positive. You can have the file scanned by multiple security programs

at VirusTotal - Free Online Virus, Malware and URL Scanner


Edited by buddy215, 03 August 2015 - 04:40 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 GLaDOS

GLaDOS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 03 August 2015 - 08:16 PM

I would question what was actually found as to whether it was malware or a false positive. You can have the file scanned by multiple security programs

at VirusTotal - Free Online Virus, Malware and URL Scanner

 

Unfortunately, I let Windows Security Essentials remove the file. I had never seen VirusTotal, that's a great resource!

 

I also wonder if this was a hit now or a false positive. It was sitting in a directory I downloaded many months ago (as part of a mod for the old Star Wars X Wing Alliance lol. It was from moddb which I've had success with in the past). I've just been scanning every day looking for any trace or reapparance of hits and so far nothing. I'm also looking for a reputable manual remove guide for win32\detplock to see if the correpsonding registry files can be found there as proof of it's existence.



#4 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:24 AM

Posted 03 August 2015 - 08:39 PM

If it was quarantined...not deleted...you can remove it from quarantine and scan. If it was a malicious file you would of had other problems over those months.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 GLaDOS

GLaDOS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 03 August 2015 - 09:08 PM

If it was quarantined...not deleted...you can remove it from quarantine and scan. If it was a malicious file you would of had other problems over those months.

 

Unforunately, paranoia got the best of me and I deleted it from quarantine. I very much appreciate the suggestion though!

 

That's true, I really hadn't seen any odd behavior up to that point. I appreciate your reassurance on this issue buddy215. Thank you.



#6 Albuquerque

Albuquerque

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 04 October 2015 - 06:14 PM

Hi there,
I know it's been a couple of months since the initial question, but for anyone who may still be
curious about what Win32/Detplock is, Windows Defender just found one on my computer.  

I had let Defender scan my old drives.

When I quarantined the file and looked at it,
it turned out to be: keygen6300.exe
 



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 AM

Posted 05 October 2015 - 02:25 PM

To which I'll quote this post by our quietman7





The practice of using keygens, hacking tools, cracking tools, warez, torrents or any pirated software is not only considered illegal activity but it is a serious security risk.


Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning


...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV


...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study


...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware


...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites




When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.




I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so they need to be removed.




Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!




I recommend you do as GFK has instructed so he can check your system for other vulnerabilities.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users