Author Topic: Setup.exe in all my winrar files  (Read 9255 times)

0 Members and 1 Guest are viewing this topic.

abhisham

  • Guest
Setup.exe in all my winrar files
« on: May 07, 2009, 03:20:12 PM »
Hey guys,

I have been infected with some virus which has added a "setup.exe" file to all my winrar files. Avast didnt pick it up!!! any idea how to solve this?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: Setup.exe in all my winrar files
« Reply #1 on: May 07, 2009, 05:02:45 PM »
How do you know it is a virus, what detected it ?

Check the suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here in the topic, the URL in the Address bar of the VT results page. This should give some malware names and could help in removal, otherwise it could be manual removal from your .rar files, but most inmportantly finding what infected them.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Setup.exe in all my winrar files
« Reply #2 on: May 07, 2009, 05:39:50 PM »
To get clean, I suggest a full computer on-line scanning:
BitDefender
ESET NOD32
F-Secure

Also: use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
The best things in life are free.

abhisham

  • Guest
Re: Setup.exe in all my winrar files
« Reply #3 on: May 07, 2009, 06:27:16 PM »
Thaks for the replies...

I know its a malware because it has infected all my rar files.


Here is the analysis:

https://www.virustotal.com/reanalisis.html?831b393a1d4a728c8489d7976022b0a2

Code: [Select]
File has already been analysed:
MD5: 5936f3cd9071bd1c1598fbe2dd9acbce
First received: 05.01.2009 16:16:50 (CET)
Date: 05.06.2009 19:32:15 (CET) [<1D]
Results: 15/40
Permalink: analisis/a6ed928de064ad69e4edbc0012da294b


https://www.virustotal.com/analisis/a6ed928de064ad69e4edbc0012da294b
Code: [Select]
File rundll52.exe received on 05.06.2009 19:32:15 (CET)
Current status: finished

Result: 15/40 (37.50%)
 Compact Print results 
Antivirus Version Last Update Result
a-squared - - Trojan.Win32.Buzus!IK
AhnLab-V3 - - -
AntiVir - - TR/Agent.mcv.16
Antiy-AVL - - Trojan/Win32.Buzus
Authentium - - -
Avast - - -
AVG - - Generic13.AHNS
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - Win32.TRAgent.Mcv
eTrust-Vet - - -
F-Prot - - -
F-Secure - - Trojan.Win32.Buzus.axfr
Fortinet - - W32/Buzus.AXFR!tr
GData - - -
Ikarus - - Trojan.Win32.Buzus
Jiangmin - - -
K7AntiVirus - - -
Kaspersky - - Trojan.Win32.Buzus.axfr
McAfee - - -
McAfee+Artemis - - Artemis!5936F3CD9071
McAfee-GW-Edition - - Trojan.Agent.mcv.16
Microsoft - - -
NOD32 - - Win32/Injector.NY
Norman - - -
nProtect - - -
Panda - - Suspicious file
PCTools - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - Trojan/Buzus.axfr
TrendMicro - - -
VBA32 - - Trojan.Win32.Buzus.axfr
ViRobot - - -
VirusBuster - - -
Additional information
MD5: 5936f3cd9071bd1c1598fbe2dd9acbce
SHA1: ca8e27fc368b1bd0de1e1edf0706b728e01ac498
SHA256: cccd78e6633a70d4400e1b19a847c9b6167285533433273b4933b144491074f1
SHA512: 80b2778f732808931661928a5bbfe9a2ec7f760f6e54392ad753f8300f79e3a375048f53e41cfdcfb729e16820bae3e69cb7f56d7344d0f5b0f3d03236983045


 ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



I sent the file according to the instructions you provided.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: Setup.exe in all my winrar files
« Reply #4 on: May 07, 2009, 07:13:14 PM »
OK now to find the infecter, using the links that Tech gave.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

fogus

  • Guest
Re: Setup.exe in all my winrar files
« Reply #5 on: May 28, 2009, 06:56:01 AM »
I am having exactly the same issue here.  Any ideas on how to fix this?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Setup.exe in all my winrar files
« Reply #6 on: May 28, 2009, 02:26:59 PM »
I am having exactly the same issue here.  Any ideas on how to fix this?
Did you try on-line scanning as I've posted before?
The best things in life are free.