Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Eli on June 03, 2005, 03:37:11 AM

Title: possible virus?
Post by: Eli on June 03, 2005, 03:37:11 AM

I recieved some alerts from my Sygate Firewall. I queried them about it and they say it may be a new virus. I have run a full virus scan + spyware scan and haven't come up with anything.

Here is the relevant info:

http://forums.sygate.com/vb/showthread.php?s=&postid=62460#post62460

Here's abrief summary of what I've been dealing with:

Application Hijacking has been detected
The application: C:\WINDOWS\NV_SS_US_6Series.exe.scr  try to launch another application: C:\Program Files\Google\Gmail Notifier\gnotify.exe  to go to remote host  gmail.google.com

C:\WINDOWS\NV_SS_US_6Series.exe.scr  is a screen saver but it shouldn't be trying to launch other programs.

Any ideas?

Title: Re: possible virus?
Post by: YLAP on June 03, 2005, 03:56:26 AM

Interesting that it has two extensions.... Are you sure it's screensaver. Try to send this file to other online scanner. Here's link to kaspersky online scanner which scans separate files http://www.kaspersky.com/scanforvirus Good luck.

Title: Re: possible virus?
Post by: Lisandro on June 03, 2005, 04:21:46 AM

Submit the file to Jotti (http://virusscan.jotti.org/) and let us know the results, i.e., if it is or not a false positive.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus (at) avast.com.
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see About avast: right click avast icon) will also help.

Title: Re: possible virus?
Post by: DavidR on June 03, 2005, 11:43:05 AM

Quote

C:\WINDOWS\NV_SS_US_6Series.exe.scr  is a screen saver but it shouldn't be trying to launch other programs.

With its double file extension, I strongly doubt that this is a screen saver but something masquerading as a screen saver, an exe file not a .scr

Title: Re: possible virus?
Post by: Eli on June 05, 2005, 10:39:13 PM

Did some searchin on the net. I found a reccommendation to download and run ewido. I did and this is what was found:

File: intelii32.exe
Path: C/Windows
Infection: Trojan.Qrap

I have sinced deleted the virus. Avast had missed this on regular and deep scans, but I do not know if it was because I didn't check scan archives.