a virus or not...very curious

"lee" <pepplewick RemoveThis @gmail.com> wrote in message
news:1179169520.149598.63310@l77g2000hsb.googlegroups.com...
> Last night I was stupid enough to click on a unknown exe....though I
> had scanned it with NOD32 first, which is running on my XP system, and
> it said it was fine. Then my PC just shuts down and reboots and
> continues this cycle, shutting down and restarting.
>
> I managed to go into Safemode and scanned my system for a virus and
> nothing. So I treid Panda, Trend Micro...every on-line scanner I could
> think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
> (from safemode) I simply deleted the dodgy exe from the folder it had
> been downloaded to and did a system restore. Then everything was fine.
> Can anybody explain what happened here? Is there somethign still on my
> system? Why didn't any of the scanners find it. Any thoughts on this
> would be much appreciated. Thanks.
>

No telling from your description of the effect as to what it was. Further,
who cares? So, you learned from the experience, right?
 >> Stay informed about: a virus or not...very curious 

After much thought,lee aka pepplewick RemoveThis @gmail.com came up with this jewel:

> Last night I was stupid enough to click on a unknown exe....though I
> had scanned it with NOD32 first, which is running on my XP system, and
> it said it was fine. Then my PC just shuts down and reboots and
> continues this cycle, shutting down and restarting.
>
> I managed to go into Safemode and scanned my system for a virus and
> nothing. So I treid Panda, Trend Micro...every on-line scanner I could
> think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
> (from safemode) I simply deleted the dodgy exe from the folder it had
> been downloaded to and did a system restore. Then everything was fine.
> Can anybody explain what happened here? Is there somethign still on my
> system? Why didn't any of the scanners find it. Any thoughts on this
> would be much appreciated. Thanks.

Submit the dodgy exe to VirusTotal and see what they come up with.

max
--
My Pages:
Virus Removal Instructions:
http://maxpro4u.freehostingnow.com/removal.html
Keeping Windows Clean:
http://maxpro4u.freehostingnow.com/keepingclean.html
Tools: http://maxpro4u.freehostingnow.com/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
 >> Stay informed about: a virus or not...very curious 

lee wrote:
> Last night I was stupid enough to click on a unknown exe....though I
> had scanned it with NOD32 first, which is running on my XP system, and
> it said it was fine. Then my PC just shuts down and reboots and
> continues this cycle, shutting down and restarting.
>
> I managed to go into Safemode and scanned my system for a virus and
> nothing. So I treid Panda, Trend Micro...every on-line scanner I could
> think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
> (from safemode) I simply deleted the dodgy exe from the folder it had
> been downloaded to and did a system restore. Then everything was fine.
> Can anybody explain what happened here? Is there somethign still on my
> system? Why didn't any of the scanners find it. Any thoughts on this
> would be much appreciated. Thanks.

scanners are really very good at identifying *known* malware...
unfortunately new/unknown malware doesn't really fall into that category...

my suggestion would be to send a sample of the file (if you still have
it somewhere) to your anti-virus developer for analysis, but beyond that
there's really no way to tell what it was or if there's anything left
over on your drive...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
 >> Stay informed about: a virus or not...very curious 

This message is not archived
 >> Stay informed about: a virus or not...very curious 

lee <pepplewick.DeleteThis@gmail.com> wrote in news:1179169520.149598.63310
@l77g2000hsb.googlegroups.com:

> Last night I was stupid enough to click on a unknown exe....though I
> had scanned it with NOD32 first, which is running on my XP system, and
> it said it was fine. Then my PC just shuts down and reboots and
> continues this cycle, shutting down and restarting.
>
> I managed to go into Safemode and scanned my system for a virus and
> nothing. So I treid Panda, Trend Micro...every on-line scanner I could
> think of, plus Nod32, plus Adaware and Spybot and nothing. Finally,
> (from safemode) I simply deleted the dodgy exe from the folder it had
> been downloaded to and did a system restore. Then everything was fine.
> Can anybody explain what happened here? Is there somethign still on my
> system? Why didn't any of the scanners find it. Any thoughts on this
> would be much appreciated. Thanks.
>
>

Hi Lee.

Do you still by chance have the original exe you clicked on? I'd be happy
to analyse it for you and report back the results. If BugHunter doesn't
already detect it or it's potential offspring, it will.

Sadly, No scanner will detect everything out there. Even if you use
multiple ones, if the malware is new enough, it's probably going to evade
them. It may not get far due to various other security software, but
it'll get a start.

The exe file might have changed files, added additional files, and/or
modified certain registry keys incorrectly resulting in the system
failing to restart in normal mode. Not all malware seems to be well
tested before they release it.

You can find the program I wrote to scan for this junk here:
http://bughunter.it-mate.co.uk


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin.DeleteThis@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
 >> Stay informed about: a virus or not...very curious 

On May 17, 4:50 am, Dustin Cook
<spamfilterineffect.see.... DeleteThis @nowhere.com> wrote:
> lee <pepplew... DeleteThis @gmail.com> wrote in news:1179169520.149598.63310
> @l77g2000hsb.googlegroups.com:
>
> > Last night I was stupid enough to click on a unknown exe....though I
> > had scanned it with NOD32 first, which is running on my XP system, and
> > it said it was fine. Then my PC just shuts down and reboots and
> > continues this cycle, shutting down and restarting.

Thanks for the all the advice. I finally just reinstalled everything;
I was due anyway and and a plus side everything's a lot faster now. I
did run the file through VirusTotal as a post advised and it found a
lot of nasty stuff in there, generic graybird, dropper.small.awa,
win32.delf.dnr, etc...could all of these be in there are are they just
nakenames? Anyway, thanks again and will take of the advice for
alternated scanners as advised also.
 >> Stay informed about: a virus or not...very curious 

lee <pepplewick DeleteThis @gmail.com> wrote in news:1179498610.767218.16440
@y80g2000hsf.googlegroups.com:

> On May 17, 4:50 am, Dustin Cook
> <spamfilterineffect.see.... DeleteThis @nowhere.com> wrote:
>> lee <pepplew... DeleteThis @gmail.com> wrote in news:1179169520.149598.63310
>> @l77g2000hsb.googlegroups.com:
>>
>> > Last night I was stupid enough to click on a unknown exe....though I
>> > had scanned it with NOD32 first, which is running on my XP system,
and
>> > it said it was fine. Then my PC just shuts down and reboots and
>> > continues this cycle, shutting down and restarting.
>
> Thanks for the all the advice. I finally just reinstalled everything;
> I was due anyway and and a plus side everything's a lot faster now. I
> did run the file through VirusTotal as a post advised and it found a
> lot of nasty stuff in there, generic graybird, dropper.small.awa,
> win32.delf.dnr, etc...could all of these be in there are are they just
> nakenames? Anyway, thanks again and will take of the advice for
> alternated scanners as advised also.
>
>

They could all be names for the same item. No standard naming convention,
same problem with viruses and worms. I don't help the problem, as
BugHunter tends to call things whatever BitDefender calls them. If
BitDefender doesn't know it at the time, it's named something other than
what BitDefender would eventually call it.

If there was some form of standards, I would make BugHunter conform to
it.

I'm glad you got your machine back up and running, thats the most
important part.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin DeleteThis @gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
 >> Stay informed about: a virus or not...very curious 

Dustin Cook wrote:
[snip]
> They could all be names for the same item. No standard naming convention,
> same problem with viruses and worms. I don't help the problem, as
> BugHunter tends to call things whatever BitDefender calls them. If
> BitDefender doesn't know it at the time, it's named something other than
> what BitDefender would eventually call it.
>
> If there was some form of standards, I would make BugHunter conform to
> it.

as was demonstrated by the caro naming convention's failure to harmonize
malware naming, a naming standard does not solve the naming problem... a
naming standard can only define the format of the name, it can't
reasonably be expected to tell you what the final name should be... for
that you need a central naming authority or a naming effort that is
coordinated across all vendors... unfortunately the deconfliction stage
(to ensure that 2 companies don't get different names for what turns out
to be the same thing) would invariably introduce delays in the issuing
of updates... that's not a easy trade off to justify...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
 >> Stay informed about: a virus or not...very curious