Strange AutoRunWorm in Nero CD BURNER??

[Brickstin]

Can you please post these malware to www.VirusTotal.com and share the link to result here?

I am going to have to find the image again.. I don't know what I did with it. But I did burn the CD after I used a different burning software because I was getting errors like hell when I was trying to like... Burn the image to the CD - R it self..

I will get back to you laters.. I have to go drop off my GF at work.

[Brickstin]

But I always use malwarebytes.. this is what i found but
C:\Documents and Settings\Brickstin\x.exe (Trojan.KillAV) -> Quarantined and deleted successfully.  But I found that a week ago.

I suggest you do the following:

1.  Update and run MBAM again (Full Scan).  Quarantine (not delete) anything infected.  Copy and paste your entire MBAM scan here to the thread; I will need you log for the Certified Malware expert referral as well.

2.  Run the OTL log as I suggested above; attach the log to your next post.  I will then have a Certified Malware expert review your log.

3.  It is up to you if you want to install the Panda USB Vaccine.  To my knowledge, Avast nor any AV will disable autoruns.inf., but Panda USB Vaccine will.  You can always reverse the "vaccine" with a click of a button, and this does not conflict with Avast.

4.  Upgrade your Avast 4.8 to 5.0.677 only after we know that you are malware-free; do not do it now as it may complicate matters. 

Please let me know if you have any questions.  Thank you.

OK I will get back to you.. IM like barely catching up on my Posts here in this thread x.x I forgot so much about what happened But i just remember the little bit of it.

I was out dealing with stuff but I have to drop off my GF at work so I will be able to get this stuff again later.. tonight.. I don't know if you guys get on at night or someting.

[Brickstin]

Its fixed now.
Best regards
Jan Sirmer

Did you guys just fixed this?

because I wouldn't count that as a false positive just yet.. you might want to have waited till I could confirm it was actually a real virus.

I was contacting ITU earlier. and apparenently computer students used a program or created some thing to exploit the COPY rights on the Microsoft 07 office I have from College.

including my friends from itu.

 Its indiana University

So yes.. Forget that False positive for right now.. I have to do more testing to ensure it was just a hiccup by Avast and not a real virus.

NER33A.tmp is the file that contained it and I am going to do some tests again to find out if i can ripp out the files from the TMP file..anyone know of any tools to help open TMP files?

Maybe I can execute the code outside of it and place that code into a file and then scan that file itself.

SO again please this is highly possible a TRUE Virus, not a false positive.

its not a matter if Nero is exporting these Temp files and Avast thinks its a virus..

I have burned many program copies and data recovery stuff using Nero and it has never given me that avast scan error about finding NER33A.tmp as virus contained..

There really was a virus in there because my friend used AVG and found out the same kind of virus was found in that temp file.

[Mr.Agent]

x.exe sound strange Sirmer if you wanna have a look to it ask him as for a name of that file to my eyes its sound suspicious.

[Brickstin]

x.exe sound strange Sirmer if you wanna have a look to it ask him as for a name of that file to my eyes its sound suspicious.

x.exe is a execution tracking program that comes with older versions of Visualware company called IP trace or Visial trace.. Look it up on Google.. The company Got into some trouble because of it.. it had a trojan in it.. but thats not the problem I am having with. its the Image.. I still haven't had time to work on that I just now got back so I am going to go ahead an do that now.. *Goes and finds the disc*  


But I need a techy too take a look at this.. When I upload the results of the scan I will let you know.. What was it again that you needed?..

I have no other viruses but do you want me to upload the TEMP file for identification?

I also want to upload the image files from the program of Microsoft from ITU version.

the hacked version.

[Sirmer]

Hello,
i didn't fix x.exe i wrote about AutoRun. This AutoRun is a false positive. unfortunately i didn't recive x.exe so i wasn't able to investigate it.
If you can send me x.exe i'll be really grateful.

[Brickstin]

Hello,
i didn't fix x.exe i wrote about AutoRun. This AutoRun is a false positive. unfortunately i didn't recive x.exe so i wasn't able to investigate it.
If you can send me x.exe i'll be really grateful.

how do I upload the Files?

I don't know where to send them, attatchmens only says Allowed file types: txt, jpg, gif, png, logs.

[Sirmer]

how do I upload the Files?

I don't know where to send them, attatchmens only says Allowed file types: txt, jpg, gif, png, logs.

Hello,
you can send it to virus @ avast.com (without spaces), send it zipped with password,write password in body of email.
Regards

[Brickstin]

how do I upload the Files?

I don't know where to send them, attatchmens only says Allowed file types: txt, jpg, gif, png, logs.

Hello,
you can send it to virus @ avast.com (without spaces), send it zipped with password,write password in body of email.
Regards

I sent the file in.. sorry I took so long i was in New York as mentioned earlier.

let me know what happens email tittled as e.exe