How to restore default setting for detecting suspicious files?

[simran8187]

this is the hcl link:
http://www.hclstore.in/hcl_me_laptop_AE1V0685

also this is the file stored in malwarebytes' logs 'protection-log-2010-11-16'


19:59:32   harvinder vir singh   MESSAGE   Protection started successfully
19:59:38   harvinder vir singh   MESSAGE   IP Protection started successfully
19:59:38   harvinder vir singh   MESSAGE   IP Protection stopped
19:59:42   harvinder vir singh   MESSAGE   IP Protection started successfully
20:04:46   harvinder vir singh   DETECTION   C:\WINDOWS\system32\EXPLORE.EXE   Backdoor.Bot   ALLOW
20:04:49   harvinder vir singh   DETECTION   C:\WINDOWS\system32\EXPLORE.EXE   Backdoor.Bot   ALLOW
20:04:49   harvinder vir singh   DETECTION   C:\WINDOWS\system32\EXPLORE.EXE   Backdoor.Bot   ALLOW
21:31:04   harvinder vir singh   MESSAGE   Protection started successfully
21:31:14   harvinder vir singh   MESSAGE   IP Protection started successfully

[DavidR]

HCL (hindustan computers limited) is the name of the computer/netbook manufacturer..i just purchased it recently..interestingly malwarebyte also flagged it when i did a full scan with it,so i ignored it then as well..i think this is the hcl file because of the icon..i use internet sparingly and that only for work and the netbook is new (bought like 15 days back)..i really cant see how it got infected so soon??? :/
i've submitted the  file to virus lab..should i zip it and put it up here also or is it sufficient?

It isn't that it could become infected so soon, but what it actually does and why it is a hidden process. These are questions that you will have to address to HCL telling them about the avast and MBAM alerts on their file.

The name is really a bad choice as in itself I would have been suspicious already before any alert as it is too close to regular system file names, a common tactic of malware creators. Add to that they placed it in the system32 folder also a common tactic of malware creators. Then add the google hits about the explore.exe being highly associates with malware.

So you need some plain answers from HCL as to exactly what it does and why it is needed and why some anti-virus/malware applications consider it at the very least suspicious if not infected.

No need to attach it, we don't want the forums become a possible malware distribution center and you never know we don't want the forums alerting on an uploaded file (you can't attack zip files anyway).

~~~~
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

[Charyb-0]

EDIT: Had something to add but was already in DavidR post. Sorry about this post.

[simran8187]

@DavidR/Charyb..ok will do that..and paste the result here..thanks

[DavidR]

You're welcome.