Virus or not Virus?

E

Eric

When I scan my PC using F-Secure, I find no virus, but when I use the online
Norton anti-Virus, I find following infected files.

our computer is infected with at least one known virus or Trojan horse.

Search for the name of the threat(s) listed below on the Symantec Security
Response site for removal information

C:\WINDOWS\Downloaded Program Files\UERSR_0001_N91M2407NetInstaller.ex... is
infected with WinFixer
C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe is
infected with ErrorSafe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSR_0001_N91M2407NetI... is
infected with WinFixer
C:\backup_carman\Radmin\r_server.exe is infected with Remacc.Radmin
 
P

PA Bear [MS MVP]

The machine is infected.

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Eric wrote:
> When I scan my PC using F-Secure, I find no virus, but when I use the
> online
> Norton anti-Virus, I find following infected files.
>
> our computer is infected with at least one known virus or Trojan horse.
>
> Search for the name of the threat(s) listed below on the Symantec Security
> Response site for removal information
>
> C:\WINDOWS\Downloaded Program Files\UERSR_0001_N91M2407NetInstaller.ex...
> is
> infected with WinFixer
> C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe is
> infected with ErrorSafe
> C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSR_0001_N91M2407NetI...
> is
> infected with WinFixer
> C:\backup_carman\Radmin\r_server.exe is infected with Remacc.Radmin
 
M

Malke

Eric wrote:

> When I scan my PC using F-Secure, I find no virus, but when I use the
> online Norton anti-Virus, I find following infected files.
>
> our computer is infected with at least one known virus or Trojan horse.
>
> Search for the name of the threat(s) listed below on the Symantec Security
> Response site for removal information
>
> C:\WINDOWS\Downloaded Program Files\UERSR_0001_N91M2407NetInstaller.ex...
> is infected with WinFixer
> C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe is
> infected with ErrorSafe
> C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSR_0001_N91M2407NetI...
> is infected with WinFixer
> C:\backup_carman\Radmin\r_server.exe is infected with Remacc.Radmin

I'm not a big fan of online scanning tools in general but this could be for
a couple of reasons:

1. Those files are connected with non-viral malware so it isn't surprising
that an antivirus program doesn't flag them. Perhaps F-Secure doesn't look
for non-viral malware.

2. It could be a false-positive.

I would certainly go through other malware scanning per the information
here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
M

Milo

It is not a virus to be exact it is a malware - a trojan that system has
been visiting site that prompts a preload of those rouge security
applications. Its just trying to go in your system.

Those that are in downloaded directory it means your system had made an
acquaintance with those file already someone or somehow they agreed to it
previously.

If you are using Internet Explorer 7 reset it on
on the internet option>Advance tab>reset it just to dump all possible
attached ( unauthorized apps ), you can just reinstall those that you use ex
for office or for your gaming. It's much safer than take chances.

"Eric" <Eric@discussions.microsoft.com> wrote in message
news:AC72A055-FE58-448F-8615-31109D114363@microsoft.com...
> When I scan my PC using F-Secure, I find no virus, but when I use the
> online
> Norton anti-Virus, I find following infected files.
>
> our computer is infected with at least one known virus or Trojan horse.
>
> Search for the name of the threat(s) listed below on the Symantec Security
> Response site for removal information
>
> C:\WINDOWS\Downloaded Program Files\UERSR_0001_N91M2407NetInstaller.ex...
> is
> infected with WinFixer
> C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe is
> infected with ErrorSafe
> C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSR_0001_N91M2407NetI...
> is
> infected with WinFixer
> C:\backup_carman\Radmin\r_server.exe is infected with Remacc.Radmin
 
P

PA Bear [MS MVP]

Milo, these are symptoms of a ZLOB infection, which is usually accompanied
by Vundo and SDBot, all of which are being protected by a rootkit. No
anti-virus or anti-spyware applications or online scans will detect and
remove all of it.
--
~PA Bear

Milo wrote:
> It is not a virus to be exact it is a malware - a trojan that system has
> been visiting site that prompts a preload of those rouge security
> applications. Its just trying to go in your system.
>
> Those that are in downloaded directory it means your system had made an
> acquaintance with those file already someone or somehow they agreed to it
> previously.
>
> If you are using Internet Explorer 7 reset it on
> on the internet option>Advance tab>reset it just to dump all possible
> attached ( unauthorized apps ), you can just reinstall those that you use
> ex
> for office or for your gaming. It's much safer than take chances.
>
> "Eric" <Eric@discussions.microsoft.com> wrote in message
> news:AC72A055-FE58-448F-8615-31109D114363@microsoft.com...
>> When I scan my PC using F-Secure, I find no virus, but when I use the
>> online
>> Norton anti-Virus, I find following infected files.
>>
>> our computer is infected with at least one known virus or Trojan horse.
>>
>> Search for the name of the threat(s) listed below on the Symantec
>> Security
>> Response site for removal information
>>
>> C:\WINDOWS\Downloaded Program Files\UERSR_0001_N91M2407NetInstaller.ex...
>> is
>> infected with WinFixer
>> C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe is
>> infected with ErrorSafe
>> C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSR_0001_N91M2407NetI...
>> is
>> infected with WinFixer
>> C:\backup_carman\Radmin\r_server.exe is infected with Remacc.Radmin
 
You must log in or register to reply here.

Similar threads

S
Microsoft Scanners
Replies
0
Views
60
steelersjourney
S
J
Is The Virus Gone?
Replies
0
Views
75
Jalal Shahin
J
R
Microsoft Defender Anti Virus Issue, Trojan Virus (Severe) not being quarantined or removed.
Replies
0
Views
156
[Rocky M]
R
S
I don't have a virus or threat protection program on my computer anymore.
Replies
0
Views
92
Skip Skoop
S
N
i been having a problem with a virus
Replies
0
Views
65
nicolas borensteinn gutierrez
N
Back
Top Bottom