Author Topic: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)  (Read 14219 times)

0 Members and 1 Guest are viewing this topic.

SkaterKid

  • Guest
I was running my monthly maintenance and virus scans when avast detected a Trojan in my C:\Program Files\music_now\inetchk.exe file.  This folder has been on my system since purchase and has something to do with AOL's music now program.  So naturally I did some research and discovered that other Anti Virus software had detected it too.  In fact someone claimed they sent a copy of inetchk.exe to a major anti virus company and they reported it as a false positive.
Quote
I sent inetchk.exe (zipped and password protected) to grisoft. They just
got back to me and said it was a false positive. Thanks for your help...
.  However I wanted to here it from my own anti virus software company.  So is this a false positive or not?   Am I infected or not?  I sent this file to avast at virus@avast.com compressed and password protected and asked if it was a false positive or not.  They never replied and I am still in the dark.  Well I hope someone can shed some light on this thanks for the help.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #1 on: March 15, 2008, 09:56:44 PM »
Hi SKaterKid,

Yes this could well be a FP. A lot of malware scanners flag this as:
Quote
inetchk.exe
    We suggest you to remove inetchk.exe from your computer as soon as possible.
    Inetchk.exe is Trojan/Backdoor.
    Kill the process inetchk.exe and remove inetchk.exe from Windows startup.
In the case music_now/inetchk.exe and it appears there are numerous examples of anti-malware scanners detecting and removing the file. One scan log indicated in was a sign of "Win32:Trojan-gen. {VB}". BitDefender is flagging it as Trojan.Click.HD.

Since your longer finding that file, it appears the malware was removed. And since the program is something you never use, you might want to remove it altogether. If so, go to Start > Settings > Control Panel, double-click on Add/Remove Programs. From within Add/Remove Programs highlight "music_now" (if listed) and select Remove.

Then search for the folder and if its still listed in Program Files, right-click on it and choose delete. If there is no entry in Add/Remove, then look for an uninstall file within the music_now folder and double-click on it to remove. If there is no uninstall file, then just delete the folder. AOL comes with these adware sometimes, AVG stated it was not malicious, maybe like I said unwanted adware...

polonus
« Last Edit: March 15, 2008, 09:59:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #2 on: March 15, 2008, 10:00:30 PM »
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limit of 10Mb.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.
« Last Edit: March 15, 2008, 10:56:20 PM by Tech »
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86821
  • No support PMs thanks
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #3 on: March 15, 2008, 10:39:26 PM »
Tech, I think both VT and Jotti have an upload maximum of 10MB now.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #4 on: March 15, 2008, 10:55:06 PM »
Tech, I think both VT and Jotti have an upload maximum of 10MB now.
I'll correct the post. Thanks.
The best things in life are free.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #5 on: March 15, 2008, 11:46:58 PM »
I remember this file from a couple of weeks ago from a thread I was helping in. A bit of reshearch lead to a post on a different forum where AVG confirmed, in writting, that it was indeed a FP.

SkaterKid

  • Guest
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #6 on: March 15, 2008, 11:54:15 PM »
I remember this file from a couple of weeks ago from a thread I was helping in. A bit of reshearch lead to a post on a different forum where AVG confirmed, in writting, that it was indeed a FP.

Thank you so much! For some reasson though it wont let me upload this file to VirusTotal.  Avast pops up when ever I am in the same directory as the file and after that I can't move delete or even check the properties of this file :S Like what the hell why is it doing this and when will the virus database be updated to accept this file as not being malicious?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #7 on: March 15, 2008, 11:58:36 PM »
You can pause avast's standard shield while you upload the file. Once you get the results, post them here. If it seems like a FP, you can then notify Avast along with a link to this thread.

I'll try to find that link for you.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #8 on: March 16, 2008, 12:02:39 AM »
Hi sKaterKid,

Well FP's are a fact of life when malware scanners are concerned, and avast is no exclusion in that respect, while avast FP record is not that impressive as other av-software. You can exclude this file of yours, so avast won't alert it in the future, putting it to the exclusion list. You can report the FP to avast, and hope an update won't flag it (it is their decision 'though).  Sometimes genuine legal code behaves like malware, just like crooks can look like very amiable normal gents, they look like gentlemen, they look like one, smell like one, and still they are crooks and vice versa,

oldman's link reads: http://forum.avast.com/index.php?action=post2;start=0;board=4

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #9 on: March 16, 2008, 12:17:51 AM »
Thanks pol, couldn'r remember which thread that came from.

Here you go, last post in this thread

http://help.wugnet.com/security/Downloader-VB-AXO-ftopict11724.html

There was another one that said this program is connected to AOL and comes preinstalled on HPs. The detections started around feb.

Nosnibor

  • Guest
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #10 on: April 28, 2008, 06:08:10 PM »
Yes this file comes pre installed from HP(linked with AOL). After doing a fresh reinstall of my OS and then installing only my Firewall and "avast" i did a full system scan and it was detected as a TRJ. I contacted HP and they assured it IS a SAFE file.

Live long and prosper.
God bless the CPU.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #11 on: April 28, 2008, 06:20:17 PM »
Add it to both exclusions lists. Hopefully Alwil will correct it.

Nosnibor

  • Guest
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #12 on: April 28, 2008, 06:38:51 PM »
If i add it to the exclusions list does avast get a report of this exclusion?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #13 on: April 28, 2008, 06:51:43 PM »
No, you just won't get a warning. You should send a copy to avast at

virus@avast.com  clearing stating it as a false positive, the vps that detected it and a link to this thread. The email will have to be a password protected zip file.

Nosnibor

  • Guest
Re: Win32:Neptunia-KH [Trj] (C:\Program Files\music_now\inetchk.exe)
« Reply #14 on: April 28, 2008, 06:58:20 PM »
OK will do. Also if u could help me with a small problem i would really appreciate it. Under avast settings-Alerts-SMTP I'm trying to set it so it will send a report of virus findings to my email. What do i put in the "Server address" so it sends it to my "Hotmail" account.