Other > Viruses and worms
HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
diana_loves:
Ok, David... I'll follow your instructions and send the file to VirusTotal.. just have a couple more doubts that you might be able to clarify for me.
I just uninstalled the Acoustic Silencer from my Toshiba (the application connected with the supposedly infected TOSCDSPD.exe file) after downloading a clean installer for the application from the Toshiba website.
My questions are, if I follow your instructions to send the report to VirusTotal, won't I run the risk of reactivating the beagle virus that supposedly infected the TOSCDSPD.exe file when I'm trying to export it to the c:\Suspect folder?
If that is a real risk and if indeed I already found the installer to recover that application, could I just Delete the file from the Chest and be rid of it finally? Is that what happens when you Delete the files form the Avast Chest? Are they deleted totally without leaving any other trace in the recycle bin or any other place in the laptop?
Thanks again for all your help!
DavidR:
Exporting is just copying not running, the fact that it isn't in the original location also gives some limited protection (even if it were infected) because any run command would be referencing the original location.
So with the file in the suspect folder it would effectively be inert unless you actually execute/run the file, which you aren't going to do.
As I have said deletion is a last action and then only if confirmed as infected and that is what we are trying to do.
diana_loves:
Me again.
I did as you suggested and uploaded the exported TOSCDSPD.exe file to VirusTotal.
I don't know how to interpret the results so I'm posting them here to see if you can tell me what's the next necessary step:
File TOSCDSPD.exe received on 11.20.2008 02:38:25 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.2 2008.11.19 Win-Trojan/Bagle.872456
AntiVir 7.9.0.34 2008.11.19 TR/Dldr.Bagle.agb
Authentium 5.1.0.4 2008.11.19 -
Avast 4.8.1281.0 2008.11.19 Win32:Beagle-AHE
AVG 8.0.0.199 2008.11.19 Win32/Themida
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.19 TrojanDownloader.Bagle.agb
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.19 Trojan.Packed.650
eSafe 7.0.17.0 2008.11.19 Win32.Bagle.agb
eTrust-Vet 31.6.6217 2008.11.19 -
Ewido 4.0 2008.11.19 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 Trojan-Downloader.Win32.Bagle.agb
Fortinet 3.117.0.0 2008.11.20 W32/Bagle.AGB!tr.dldr
GData 19 2008.11.20 Win32:Beagle-AHE
Ikarus T3.1.1.45.0 2008.11.20 Trojan-Downloader.Win32.Bagle
K7AntiVirus 7.10.528 2008.11.19 -
Kaspersky 7.0.0.125 2008.11.20 Trojan-Downloader.Win32.Bagle.agb
McAfee 5439 2008.11.19 Generic Downloader.x
Microsoft 1.4104 2008.11.20 TrojanDownloader:Win32/Bagle.WB
NOD32 3626 2008.11.19 Win32/Bagle.QH
Norman 5.80.02 2008.11.19 W32/Mitglied.BEI
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.19 -
Prevx1 V2 2008.11.20 Malicious Software
Rising 21.04.22.00 2008.11.19 -
SecureWeb-Gateway 6.7.6 2008.11.20 Trojan.Dldr.Bagle.agb
Sophos 4.35.0 2008.11.20 Mal/Bagle-B
Sunbelt 3.1.1801.2 2008.11.14 Trojan-Downloader.Win32.Agent.V (vf)
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 W32/Behav-Heuristic-064
TrendMicro 8.700.0.1004 2008.11.19 -
VBA32 3.12.8.9 2008.11.19 Trojan-Downloader.Win32.Bagle.agb
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.19 -
Additional information
File size: 872456 bytes
MD5...: 1fb8c915bad498904ea46e1bec9fc0c0
SHA1..: 529e1e968db9a6b82a0f9d48277a0a7379e39f85
SHA256: a21f6074c28fc03afd9af429f06d9616931f7d3870c249f48e66ce98489e46be
SHA512: 626a8daa5d6cd2653601bbf6172b574881e3c22ea023473f3b59458d67fce31b<BR>dfde7ff8959d78f04b6fcebbffb575eba478170dd492c4b64c7eee36d5ab62f0
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x488014<BR>timedatestamp.....: 0x4912b351 (Thu Nov 06 09:05:21 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>0x1000 0x7f000 0x3a000 7.98 042f03724e2a90c658f9c412cd6fa2ac<BR>.rsrc 0x80000 0x6a08 0x3000 5.90 df1e50853b5cb1b9edc4fc61a936228c<BR>.idata 0x87000 0x1000 0x1000 0.24 1774b4558eb29db1bb488bcb9523da64<BR>Themida 0x88000 0x156000 0x96000 7.88 db89fa947c97866ccb1ce2a4d8c94bc5<BR><BR>( 2 imports ) <BR>> KERNEL32.dll: CreateFileA, ExitProcess<BR>> COMCTL32.dll: InitCommonControls<BR><BR>( 0 exports ) <BR>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=99AE801B0813BC94508F0D6755CD55007A046904
packers (F-Prot): Themida
Does this mean it was or wasn't a false positive? Should I report it to http://forum.avast.com/index.php?topic=34950.msg293451#msg293451. If it is a false positive can I safely reinstall the Acoustic Silencer that I downloaded from Toshiba which surely contains another file named TOSCDSPD.exe? Won't this cause Avast to report it as a virus or malicious software?..... Does the fact that Avast is running normally again mean that I'm free of this obnoxious beagle pest? ......asks the newbie yet again!! ::)
DavidR:
Fortunately I know how to interpret that particular set of results, it is a good detection it isn't a false positive, you should delete the copy in the suspect folder.
Now you re-downloaded the Acoustic Silencer installation file and avast should have scanned that file when you downloaded it (if not or you aren't sure find where you saved it to and right click on the file, select Scan selected area for viruses) that should find if anything is infected on it. If no detection you should be OK to reinstall just watch for any avast alert, but that may not be the case.
There is no need to report it as it isn't a false positive.
diana_loves:
Sounds good!
I guess this would probably mean that the beagle infection has been erradicated, yes?
And now for the final question that just poped into my mind....
As soon as the initial problem started I backed up the most important files I had on my ipod. Is there a way I can scan my ipod (maybe with Avast!Pro) while making sure that nothing in the ipod will be able to reinfect my laptop? Maybe I need to run on Safe Mode and only then connect my ipod to run an avast scan?
Thanks again for all your help in this matter!! :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version