Author Topic: Infected ntuser.dat (Read 13160 times)

cbmrulez · « **Reply #15 on:** March 25, 2012, 09:50:23 AM »

http://virusscan.jotti.org/en/scanresult/85c7bcc470a0acd9e95924b2caedda68e6eba565

Another time it's only avast...

Asyn · « **Reply #16 on:** March 25, 2012, 09:57:16 AM »

Quote from: cbmrulez on March 25, 2012, 09:47:41 AM

It seems that only Avast detects this threat...

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

cbmrulez · « **Reply #17 on:** March 25, 2012, 10:02:28 AM »

http://r.virscan.org/report/9641b803815b3600266015c728b613c8.html

Another avast-only detection...

@Asyn
I'll do it, but I don't know if it's a false positive. I hope so, but I don't really know it.

Asyn · « **Reply #18 on:** March 25, 2012, 10:04:12 AM »

Quote from: cbmrulez on March 25, 2012, 10:02:28 AM

@Asyn
I'll do it, but I don't know if it's a false positive. I hope so, but I don't really know it.

Well, if it's no FP, it wont be removed anyway.

DavidR · « **Reply #19 on:** March 25, 2012, 01:49:43 PM »

@ cbmrulez
I thought right from the start it was possibly an FP, that and because of its importance was why we were dancing around avoiding doing anything to the actual file in its original location.

Hopefully, sending it to avast for analysis should resolve this detection, though each ntuser.dat file is pretty unique as it reflects the users system and what they have installed. This is no doubt why I didn't find anything wrong on mine and why we didn't have a flood of similar topics in the forums.

mwidunn · « **Reply #20 on:** March 09, 2013, 06:00:48 AM »

Quote from: Pondus on March 23, 2012, 04:51:21 PM

Quote
Avast 7 found "Win 32:Rustock-AY [Rtk]" on file "C:\Users\CBM\ntuser.dat".
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the URL in your addressbar and post it here for us to see

alternative
Jotti - http://virusscan.jotti.org/en
VIRScan - http://virscan.org/
Metascan - http://metascan-online.com/

I can't do it. When I select the file, I get a pop-up message saying the file is in use by another program, and that that programs needs to be ended. Of course, in line with Microsoft's always-helpful nature, it doesn't say what program specifically is using the file or how to turn it off in order to scan the file. (Could it be a self-defense by the "infected" file? I don't know.)

I've scanned the file with Malwarebytes as well as the whole User folder with Norton Power Eraser. Malwarebytes found no threats. NPE found several files that it didn't recognize enough to make a determination as to good, bad, or indifferent. Ntuser.dat was NOT one of them; it never came up in NPE's results.

Sooooooo, . . . I'm going to ASSUME that Ntuser.dat on my computer is clean, telling Avast to "do nothing" when it finds it again.

The last time this happened, I had Avast 7. I stupidly told Avast to quarantine the file. Then, all hell broke loose upon re-start. The User profile was effectively wiped out -- though, it was still there -- and, the computer acted as if it were dealing with a brand new User profile that had to be set up. Anyways, to make a long story short: I restored the computer to its previous setting and everything went back to normal working order. Then, I installed AVG.

I was hoping that Avast 8 would have taken care of this. Or, that there would be (at least) some explanation as to why this is happening. But, . . . no. Back to AVG? I hope not. I've found Avast to be superior in many ways.

Author Topic: Infected ntuser.dat (Read 13160 times)

cbmrulez

Re: Infected ntuser.dat

Asyn

Re: Infected ntuser.dat

cbmrulez

Re: Infected ntuser.dat

Asyn

Re: Infected ntuser.dat

DavidR

Re: Infected ntuser.dat

mwidunn

Re: Infected ntuser.dat