Other > Viruses and worms

Suspicious file found!

(1/3) > >>

raiya_23:
Recently I have been getting this msg on my PC thru my Avast antivirus :

SUSPICIOUS FILE FOUND!

A suspicious file has been detected (using a heuristic method). This may be a sign of Malware infection. Plz allow the file to be submitted to our virus lab for analysis

File No.: C:\Windows\System\nmdfsgds0.dll
Type Rootkit:hidden process

It asks me 2 delete or ignore the infection I ignore it

I scanned the operating memory bt it didn get detected and now whenever I try to do something it appears and I have to ignore it. Plz help

Lisandro:
Send it to Chest instead of ignoring it...

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

CharleyO:
***

No search results for nmdfsgds0.dll makes it a suspicious file.

Please follow Tech's suggestions above.


***

DavidR:
It is most certainly suspicious and I hope you allowed it to be sent to avast ?

If not - Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first.

After this you should rename this file to something like nmdSUSfsgds0.dll, that essentially should stop it being run as whatever runs it (registry entry, etc.) would be looking for the original file name. You should run some of the applications in Tech's line 2 and 3 to get you started.

Maxx_original:
Win32:Kavos... it shoud be detected already.. if it is not, please send the file to us...

Navigation

[0] Message Index

[#] Next page