Author Topic: False Alarm Deleted My Notepad.exe!!!  (Read 6310 times)

0 Members and 1 Guest are viewing this topic.

sunnyyen

  • Guest
False Alarm Deleted My Notepad.exe!!!
« on: June 08, 2004, 04:24:16 AM »
I'm using Windows XP system.

As soon as I updated to June-7 database, I received several alarms which never happened before. Infected files are:

1.Uninstall.exe of a progam.
2.Notepad.exe in C:\windows

After several repairing attempts failed (both in windows and in boot time scan, in boot time scan when trying to repair, I got the 42060 error), I had to delete them.

Then I scanned notepad.ex_ (32K, dated 2001-9-5 20:00) in windows setup directory, and I got the same alarm -- Win32: Trojan-Gen (other). The boot time scan didn't report this, neither does the free virus cleaner. So it definately is a false alarm.

Now my question is, how to restore notepad.exe from notepad.ex_ without re-installing the system?

simonk83

  • Guest
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #1 on: June 08, 2004, 04:37:31 AM »
Yep, I also got several false alarms this morning and it got so annoying I had to uninstall Avast and use a free scanner.  Any word on when this will be fixed, as I really like Avast.

Thanks
Simon

Pavel Baudis

  • Guest
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #2 on: June 08, 2004, 09:28:03 AM »
It will be fixed later today. But hey, NOTEPAD.EXE? I doubt it was standard part of Windows! We have tested the latest generic detection for several  weeks on all Windows systems and > 150 GB database of shareware programs. There is no way it could cause a false alarm on any standard Windows program! I think this Notepad.exe was really trojanized!

Pavel

S.Z.Craftec

  • Guest
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #3 on: June 08, 2004, 12:16:32 PM »
Sunnyyen,
just Google a little bit and you'll find million of web pages that contains materials about trojans and worms that attacks NOTEPAD.exe...

e.g. http://www.iss.net/security_center/advice/Intrusions/2001531/default.htm

Cheers !
« Last Edit: June 08, 2004, 12:16:50 PM by S.Z.Craftec »

Kobra

  • Guest
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #4 on: June 08, 2004, 04:46:47 PM »
Unlikely this was a false alarm.  Many malicious code is known to replace Notepad.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #5 on: June 08, 2004, 04:51:01 PM »
Well i scanned NOTEPAD.exe with maximal settings(Explorer Extension) and it's not detected. I have the same latest VPS so its most probably a real threat in your case.
« Last Edit: June 08, 2004, 04:51:26 PM by RejZoR »
Visit my webpage Angry Sheep Blog

Tuna

  • Guest
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #6 on: June 08, 2004, 08:01:28 PM »
False aram ???  :o :-\ i didn't know about false alarms i scared about that :(

sunnyyen

  • Guest
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #7 on: June 09, 2004, 01:57:05 AM »
It maybe that my notepad.exe WAS really infected, but how come notepad.ex_ in the setup directory (32K, 5-9-2001 20:00) also get an alarm?

sunnyyen

  • Guest
Re:False Alarm Deleted My Notepad.exe!!!
« Reply #8 on: June 09, 2004, 02:04:29 AM »
Yesterday, after I posted the question, I extracted notepad.exe (65K, 8-6-2004) from notepad.ex_ (32K, 5-9-2001). I got loads of alarms for both files by doing this, and cannot use the extracted notepad.exe.

Just now, after the virus database updated, I scanned both files again, and no detection! And I can use the extracted notepad.exe again.