Today I installed Java (which I had though was already installed but apparently wasn't.. after reformatting just over a month ago.) and updated Norton after a virus alert on another pc and ran a normal full system scan on this one to make sure. It detected a W32.IRCBOT in a .exe file.
The Exe file in question was downloaded as part of a mapping tool for a game that is used by a fair number of people and no one on the modding site (which is itself widely used) has reported this problem. It was downloaded in July and scans of the file specifically before installing, and general scans since have detected nothing until today.
We are very rigourous about keeping Norton up to date (check it several times a day) so I am wondering if there is anyway this could be a falsepositive or something? Though going off the rather worrying registry entries I guess not.
It says it was last used today at 12:50 (which is hopefully just 'used' as in Norton triggered it in the scan? since I haven't used it at all since installing it).
Any help or advice would be appreciated, operating system is Vista 64bit, Norton Internet Security is the 2010 version.
Anyway, here's the list of what it says on File Insight: (where I have simply typed <really long number> it was in the form of letter-1 digit-1 digit-2 digits-10digits-10digits-10digits.)
Origin:
bineditor.exe
File Actions:
File: c:\users\<username>\appdata\local\temp\~df6309.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~df7e60.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfe9d5.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfeba4.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfebf1.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfee48.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~df6e09.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~df7e60.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfe9d5.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfeba4.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfebf1.tmp
Restart Required
File: c:\users\<username>\appdata\local\temp\~dfee48.tmp
Restart Required
Infected file: c:\sega\medieval ii total war\tools\geomod\bineditor.exe
Removed
Registry Actions:
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UpdatesDisableNotify:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTEM\CurrentControlSet\Control\LSA->AUOPTIONS:3
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusOverride:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallOverride:0
Repaired
Registry entry: HKEY_USERS\<really long number>\Software\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
Repaired
Registry entry: HKEY_USERS\<really long number>\Software\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
Repaired
Registry entry: HKEY_USERS\<long number>\Software\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
Repaired
Registry entry: HKEY_USERS\<really long number>\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UACDisableNotify:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->AntiVirusDisableNotify:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->FirewallDisableNotify:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->UpdatesDisableNotify:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->AntiVirusOverride:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->FirewallOverride:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->FirstRunDisabled:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->UacDisableNotify:0
Repaired
Registry entry: HKEY_USERS\<reallly long number>\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->SuperHidden:1
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess->Start:2
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lsa->restrictanonymous:0
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\->UncheckedValue:1
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess->Type:32
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc->Type:32
Repaired
Registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv->Type:32
Repaired
: