Detected a strange start-up program called autoupdatev2.ex_ on my Windows 2000 SP4 machine running Avast4Home (latest version). I have no idea what the file is nor how it got on my computer. All I did recently on this computer was connect to Microsoft Update to REPLACE Windows Update on this computer... Downloaded the new ActiveX controls for Microsoft Update, performed an Express and Custom scan....shut-down the computer....and that's it!
Next day, I notice this program running in the applications tab in task manager, along in the processes tab. While my computer is sitting idle or if I'm browsing around on the web or on my hard drive, I hear clicking sounds comming from my speakers. Like IE page transitions when clicking on a hyperlink. But I'm not in IE nor is my browser open. The process AUTOUPDATEV2.EX_ starts acting up and accesses the internet for a short period..... then stops accessing it but the process remains running.
===
AdAware SE: NEGATIVE RESULTS
Spybot S&D 1.4: NEGATIVE RESULTS
Microsoft Anti-Spyware BETA1: NEGATIVE RESULTS:
Avast4Home: NEGATIVE RESULTS
===
Here is my results with other on-line AntiVirus Scanners. I sent the exact file in for analysis via VirusTotal which uses many different virus scanning engines:
This is a report processed by VirusTotal on 11/05/2005 at 18:57:10 (CET) after scanning the file "autoupdatev2.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.05.2005 no virus found
Avast 4.6.695.0 11.04.2005 no virus found
AVG 718 11.03.2005 no virus found
Avira 6.32.0.6 11.05.2005 no virus found
BitDefender 7.2 11.05.2005 no virus found
CAT-QuickHeal 8.00 11.05.2005 no virus found
ClamAV devel-20050917 11.05.2005 no virus found
DrWeb 4.33 11.05.2005 no virus found
eTrust-Iris 7.1.194.0 11.04.2005 no virus found
eTrust-Vet 11.9.1.0 11.04.2005 no virus found
Fortinet 2.48.0.0 11.04.2005 no virus found
F-Prot 3.16c 11.05.2005 no virus found
Ikarus 0.2.59.0 11.04.2005 no virus found
Kaspersky 4.0.2.24 11.05.2005 no virus found
McAfee 4621 11.05.2005
Generic VB.b NOD32v2 1.1276 11.04.2005 no virus found
Norman 5.70.10 11.04.2005 no virus found
Panda 8.02.00 11.05.2005 no virus found
Sophos 3.99.0 11.05.2005 no virus found
Symantec 8.0 11.05.2005 no virus found
TheHacker 5.9.1.029 11.05.2005 no virus found
VBA32 3.10.4 11.04.2005 no virus found
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail info@virustotal.com
Should I sent this file into Avast 4 Analysis?
I can probably safely tell you right now that the file is in no way related to ATITECH.ca. I have an old ATI Radeon 7000 PCI card and the drivers I downloaded were directly from ATITECH.ca. I did not install drivers from Microsoft Update yesterday... or in the past.
I really need some assistance and I hope I have provided enough info for now.
Sincerely,
~Steele Wolf~
