Author Topic: I have a question about a particular virus... (Read 4445 times)

Forte Lambardi · « **on:** April 02, 2008, 12:42:20 AM »

My avast! scanner picked up the following Trojan: Neptunia-NH.

Does anyone know what this Trojan can do? I've been searching the internet about this kind of Trojan, but all I have been finding are different variants (like Neptunia-NM). Is this a false positive?

Thanks for a response.

oldman · « **Reply #1 on:** April 02, 2008, 02:42:38 AM »

Please post the filename and path.

Justin_22 · « **Reply #2 on:** April 02, 2008, 03:55:12 AM »

Or If you believe it may be a False Positive you can upload it to www.VirusTotal.com with that many scanners you may get the answer and if you dont want to do that then please do as OldMan said

Forte Lambardi · « **Reply #3 on:** April 02, 2008, 05:32:24 AM »

The best I can do is give you the log entry for it. Also, there are two occurrences of this virus

1st:

Sign of "Win32: Neptunia-NH [trj] has been found in
C:\Documents and Settings\owner\Desktop\Roms and EMulation\1964_099.exe"

1964_099.exe was an installer for an emulator. What was ironic is that it was not detected as a Trojan UNTIL I updated to avast! 4.8. Also, I verified that this site was legit, and that it was safe. So one cannot say that I got careless and downloaded material from an unfamillar 3rd party site

The 2nd is:

"Sign of "Win32:Neptunia-NH[trj] has been found in
C:\System Volume Information\_restore{9087B6A4-583A-4EB6-ABF5-1238C5EE26E2}\RP337\A0090701.exe"

Not sure what this instance is about.

oldman · « **Reply #4 on:** April 02, 2008, 06:10:33 AM »

I would say that the second detection is the same as the first, except in the system restore. Deal with the first one.

If you moved it to the chest, you will have to extract it to a temporary location. Suggest you create a folder on C:\, named whatever you chose.

Open the chest, click the infected file button, right click on the file, select extract. Set the location to the folder you created.

Click this link www.virustotal.com

use the upload a file box on that site to submit the file from the folder you created. Use the browse to navigate to it. Click send and wait for the results.

You can post the results here.

Forte Lambardi · « **Reply #5 on:** April 02, 2008, 09:21:05 PM »

o_O I kind of already deleted it, but I will use this information in the future.

Thanks for the help, guys.

polonus · « **Reply #6 on:** April 03, 2008, 01:09:17 AM »

Hi Forte Lambardi,

Also consider the information in this thread: http://forum.avast.com/index.php?topic=33906.0

also this tool: http://rapidshare.com/files/30504755/Virus_Removal_Tools_159in1__AIO_.rar

polonus

Forte Lambardi · « **Reply #7 on:** April 03, 2008, 02:27:56 AM »

Thanks for further information.

The link you provided leads me to nothing; I got the "file cannot be found" on file share.

Author Topic: I have a question about a particular virus... (Read 4445 times)

Forte Lambardi

I have a question about a particular virus...

oldman

Re: I have a question about a particular virus...

Justin_22

Re: I have a question about a particular virus...

Forte Lambardi

Re: I have a question about a particular virus...

oldman

Re: I have a question about a particular virus...

Forte Lambardi

Re: I have a question about a particular virus...

polonus

Re: I have a question about a particular virus...

Forte Lambardi

Re: I have a question about a particular virus...