WINMX: settings.dat (DAME VIRUS)

[Steele]

Okay guys.... what kind of virus is this?

I don't know what it is or why Avast4Home is reporting it in settings.dat of WinMX?   I don't see how this could be infected... any ideas?

Here is a screenshot.

[Steele]

I right clicked the folder WinMX in C:\Program Files\WinMX and scanned the whole folder containing settings.dat. NO VIRUS DETECTED.

I even clicked the individual file and scanned it.
Nothing.

Weird.  

[Steele]

Frustrating!  

I just did a SCAN of my system and no virus turns up??

Why was it detected??
WINMX settings.dat??

After the virus alert occured, I pressed Prt Scr to copy the image to paint then uploaded it here. I then closed the dialog box because HOW can there be a virus in settings.dat?

I just ran a scan of my hard drive and all checks out? So what triggered this? Is this virus running stealth now or something.... *grrrr*
I'm not happy...

Help please  :'(

[RejZoR]

DAME is pretty old now,but it was one of the first self-encrypting polymorphic viruses. This might be the key why it was not detected second time,but as far as i know avast!-s polymorphic engine is very good. Check the system with NOD32 or some other On-Line based scaner.

[Steele]

Honestly...it seems like a TOTALY false alarm.  

For one thing... I just DID a scan yesterday and the day before with NO alerts. We've all been using the same VPS for the past few days. Then today while I finished downloading an MP3... I was almost about to close WinMX and it alerts me that settings.dat has a trace of DAME M.E.

How settings.dat could EVER become infected is beyond my understanding. I rescanned everything and it all checks out.

It's the resident sheild that reported it ONCE... now it's not reporting it anymore. I didn't even do anything with the alert. I just bypassed it.

I've only used WinMX once the other day for downloading one MP3.  

[Steele]

Oh and thank you RejZoR!  

Maybe I'll try House Call's online scan.... *sigh*

[.: Mac :.]

steele try the new AV scanner I found http://www.commandondemand.com

and post your opinion of it in the thread in the off topic forum

[Steele]

Thanks MacLover2000.... errrr....  
I don't know exactly who that compnay is or what it will do to my PC.
Does it use ActiveX controls? Do I need to disble Avast? *sigh*

You know... it's just a shame I think.
I can't retrace how an infection like this could have EVER occured on my system because, I know how to protect myself...what not to open and what is okay to open. I have serious reservations about this whole thing... and if it is even an infection.

99% of the time there ALWAYS false positives when I post here about what to do... and that bugs me as it puts me into a state of pannic when all I had to do was leave everything alone in the first place.  

It's pretty annoying when you have to take all these extra steps by looking into other anti virus solutions to detect viruses that avast missed or is falsely identifying as positives.

My situation.... is unusual.  :'(

[Steele]

Okay, I did a Trend Micro House Call:

RESULTS ARE IN IMAGE

I'm happy, but it's still strange.
Why Avast4Home's resident WinMX sheild triggered a false alarm....I'll never know I guess.

DAME M.E. could not infect a DAT file anyways as the attatch themselves to .COM and .EXE files.

Another false postive?  

[.: Mac :.]

Thanks MacLover2000.... errrr....  
I don't know exactly who that compnay is or what it will do to my PC.
Does it use ActiveX controls? Do I need to disble Avast? *sigh*

The company is Command Software Systems.  They were purchased by Authentium last year.  It does the same as trend, downloads engine and pattern file to your hard disk and runs them. I used their stand alone AV program Command Antivirus, Before I went to avast. Great program, lousy customer support  .  So if you have trouble with the scanner contact me not them


the engine it uses is Called F-Prot, Im sure you have heard about it before, F-Secure uses it  and so does F-Prot Antivirus
I will post this info in the off topic thread as well.

[Steele]

Well.... 4 other AntiVirus scanners tell me I'm clean.

What a fluke!
Please report if anybody else encounter an issue with WinMX.

1.) Loaded WinMX
2.) Connected
3.) Downloaded Hole - Malibu.MP3
4.) Played it in WMP9SERIES
5.) Closed WMP9
6.) Cleared incomplete downloads... about to close WinMX
7.) SETTINGS.DAT (sign of Dark Angel DAME M.E. virus)

~Steele~

[whocares]

Hi,

as always:

when you next encounter this potential false positive: let avast resident shield move it to chest or a new, empty  folder
then send it in to avast: via chest, or in a pwd-protected zipfile to
virus (at) asw (dot) cz

tell them you suspect a false positive
include the zip-password and a link to this topic in the mailtext

copy the file back to its original location if you think changed a lot in WinMX settings or if WinMX won't recreate the settings


 

[Steele]

Thanks for that valuable info whocares.  
I always do that too when I suspect false positives... but this situation was a little different.  

You see... the reason why I did not take any action is because I did not want Avast to move WinMX's (settings.dat) file becasue I was afraid of screwing up all my settings and possibly corrupting something. Plus the DAME (Dark Angel M.E.) virus does not infect .DAT files. Only .EXE and .COM files.... so I found the whole experience to be very bewildering.

Since 4 other virus products: Command, Frisk (F-Prot), BitDefender, and HouseCall found NOTHING... it must be a fluke.

But if I come accross this again... (which I have yet to even re-create)... I will do, just that.  

BTW: Yeah, I was also a little *agrivated* in my earlier thread.   I'm good now! lol