04-26-2009 05:41 PM
I think it has been explained beautifully, I was busy and trying to fully read all posts to get a picture. I have never (yet) come across a PC which has detections like that, so I couldn't comment much on it.
I am glad Symantec have looked in to it, especially the first 4 (from memory) files listed scanned by Virustotal, as Bitdefender,Panda etc also detects it.
Now also with Virustotal, even though it scans with 40 products, If I remember rightly, If Bitdefender detects, GDATA should also detect, If Avast detects, GDATA should also detects.
This is because GDATA uses both Avast and Bitdefender as it's scanning engines.
If A-Squared detects something with "IK!" on the end and "Ikarus" detects, that would be because A-Squared uses Ikarus in it's software.
So sometimes If say Bitdefender and GDATA in the group of say 4\40 detecting I actually see it in some way as 3\40.
04-26-2009 05:54 PM
Brian: First of all, allow me to thank you for your efforts. Secondly, your reply, depending on the provided evidence, is very clear and well stated. It is also within acceptable tolerances, at least in my mind, and hence I would hope that we see the end of that, and that I will not face any further issues.
Still some questions remain in my mind, regarding NIS09 functionality (and even possible comparison to Kaspersky7 architecture) as well as several discussion points, but I will not elaborate at this instant.
Finally, I would appreciate your opinion please, in relation to removing the infected files and possible consequences to the stability of the system, and any possible specific procedures that I would have to follow.
Thank you once again.
Allow me to extend my thanks to everyone who contributed to this thread, and helping out.
04-26-2009 09:43 PM
I'm glad to have been of some help. About your final inquiry, if I understand correctly, your concern is regarding the malicious files which may or may not have been executed on your system and if there are any particular steps necessary for you to insure that they have been completely removed?
Assuming this is the case, I am confident that based on the information you provided in your first post, regarding the scans you had run and the results of those scans, that your system is free from infection of the known malware which has been discussed. From the files you had provided, I had confirmed our detection, and your original post indicated that neither NIS nor the Kaspersky scanner found any of them having actively infected your computer. At this point it's your perogative as to whether you wish to keep the 3D Online Pool game installed (depending on your comfort level with the files after your scan) as uninstalling it from the Start Menu or Add/Remove Program options will certainly remove those particular files.
04-26-2009 10:33 PM
I'm also referring to the .cab files I have send you. These as you can see in my original post, are located in two areas:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive : 5 files--one actually is mentioned twice
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive: the same 5 files--one again is mentioned twice.
Should I remove them manually, (i.e. right click--->Delete), or since they do not constitute any immediate threat, just leave them there? I hope removing them won't affect stability.
Thank you very much.
04-26-2009 10:54 PM
You can definitely leave those alone with no fear of infection. They can be safely deleted as well as they have no bearing on how the system operates. For peace of mind I'd assume you would choose to delete them though.
04-27-2009 07:20 AM
None of us can hope to beat Bewell for advice on this, that is clear! <s>
However I found a lot of background on WER in this MS article that Google turned up (including my reference to dump files <g>)
which makes me consider this as a guideline on whether or not to manually delete those files:
Since such files are created when an error occurs, and perhaps added to when the user agrees to submit files to Microsoft for evaluation and suggested solutions, then if you are not aware of any continuing, unsolved problems then feel free to delete them.
That's a suggestion not gospel!
04-27-2009 01:07 PM - edited 04-27-2009 01:10 PM
OK huw. Thanks very much. I have not yet deleted them. I will though.
04-27-2009 02:24 PM
If you want to be really sure you could even move them onto a CD/DVD! That or renaming them is a useful intermediary if you are not certain whether you will have a problem without a file.
You may have to turn off System Restore in WIndows (which will lose all your Restore Points) and AutoProtect in NIS; maybe need to do it in Safe mode or as an Administrator ....
Just in case the system will not let you delete them.