Hello shubby

I would suggest running a full scan with the free version of Malwarebytes to check to see if your computer is clean. You can also send the file for further analysis and follow the steps according to what you want to do and what the file is dong.

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because some malware creators have large lists of sites that they block. Please be careful to down load the correct program ----the FREE version of MALWAREBYTES

(Thanks to Delph for providing the alternative site)  That's the scan you should do.

This is the instructions for submitting the file.

Please use this link if you think that a file is a false positive: https://submit.symantec.com/dispute/false_positive/

If there is a possibility that the file might be infected, please submit it to Symantec using this link:

https://submit.symantec.com/websubmit/retail.cgi



Another alternative which is fast you can use Threat Expert:

http://www.threatexpert.com/submit.aspx

(Thanks to Yaso for providing the links)

Please come back and post the Malwarebytes log when you done with that. Also please let us know how you made out with submitting the file for analysis. Thanks

That fle made an registry entry and is a trojan downloader. But what i dont find happy is why didnt my norton notic it. I mean thats give norton bad reputation.

The log is in an attachment.

That file made an registry entry and is a trojan downloader. But what i dont find happy is why didnt my norton notic it. I mean thats give norton bad reputation.

The log is in an attachment.

Hi shubby,

The registry entry that Malwarebytes' found may not necessarily be related to the scape.exe file that you are concerned about.  Normally, these orphan registry entries are leftover remnants of malware that has been removed from your machine at some time in the past.  Often the earlier removal process will intentionally leave such registry entries, and Malwarebytes' has chosen to take an aggressive approach to finding such things.  Note also that Malwarebytes' did not alert to the scape.exe file.  So there may not be an active infection currently on your system.  To investigate further you should upload the file you are concerned about to VirusTotal and see if any of the antivirus engines there find it to be suspicious.

I did go to the site to upload that file and the results were that :

Only these two notic that the file was infected.

Here are the result if you would like to look at them: VirusTotal

It could be a very early detection as the result of submitted samples, or in the case of 2 out of forty, a false positive.

ok another bad thing.

I sent that file to CA Security Advisor and they replied that the file is confirmed malware.

here is what they replied to me back:

Dear customer,

Thank you for using CA Security Advisor.

This is to notify you of the results of your submission, issue number
1598914. Please keep this issue number for future reference.
Please see below for the final results of our analysis of your file
submission.

We successfully received the following files:

FILE                                      SIZE      CONCLUSION
------------------------------------------------------------------------
Scape.rar                                 114691    clean
------------------------------------------------------------------------
Scape.exe                                 405504    confirmed malware
------------------------------------------------------------------------



This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. For
technical support please visit http://www.ca.com/about/support.htm.

If you would like to comment on the quality of this automated service,
please send your suggestion to virtue.feedback@ca.com .

CA Security Advisor

------------------------------------------------------------------------
For the latest security advisories, including detailed analysis of the
latest vulnerabilities, viruses, trojans, worms and spyware, and for
complete information on how to protect yourself or your organization,
please visit
http://www.ca.com/securityadvisor

If still not believeing me than tell me to make a video and i will make a video of what the file does, where it saves it self and how it manage to run on startup and also include the email the CA Security Advisor sent me.

Ok I have summited the file to symantic.