Guest Eric Posted May 7, 2008 Posted May 7, 2008 When I scan my PC using F-Secure, I find no virus, but when I use the online Norton anti-Virus, I find following infected files. our computer is infected with at least one known virus or Trojan horse. Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information C:\WINDOWS\Downloaded Program Files\UERSR_0001_N91M2407NetInstaller.ex... is infected with WinFixer C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe is infected with ErrorSafe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSR_0001_N91M2407NetI... is infected with WinFixer C:\backup_carman\Radmin\r_server.exe is infected with Remacc.Radmin Quote
Guest PA Bear [MS MVP] Posted May 7, 2008 Posted May 7, 2008 The machine is infected. Unexplained computer behavior may be caused by deceptive software http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal...n:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2....emoving_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware with assistance from an expert. Post your log to http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, http://aumha.net/viewforum.php?f=30, or other appropriate forums for review by an expert in such matters, not here. If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Eric wrote:<span style="color:blue"> > When I scan my PC using F-Secure, I find no virus, but when I use the > online > Norton anti-Virus, I find following infected files. > > our computer is infected with at least one known virus or Trojan horse. > > Search for the name of the threat(s) listed below on the Symantec Security > Response site for removal information > > C:WINDOWSDownloaded Program FilesUERSR_0001_N91M2407NetInstaller.ex... > is > infected with WinFixer > C:WINDOWSDownloaded Program FilesUERS_0001_N68M1801NetInstaller.exe is > infected with ErrorSafe > C:WINDOWSDownloaded Program FilesCONFLICT.1UERSR_0001_N91M2407NetI... > is > infected with WinFixer > C:backup_carmanRadminr_server.exe is infected with Remacc.Radmin </span> Quote
Guest Malke Posted May 7, 2008 Posted May 7, 2008 Eric wrote: <span style="color:blue"> > When I scan my PC using F-Secure, I find no virus, but when I use the > online Norton anti-Virus, I find following infected files. > > our computer is infected with at least one known virus or Trojan horse. > > Search for the name of the threat(s) listed below on the Symantec Security > Response site for removal information > > C:WINDOWSDownloaded Program FilesUERSR_0001_N91M2407NetInstaller.ex... > is infected with WinFixer > C:WINDOWSDownloaded Program FilesUERS_0001_N68M1801NetInstaller.exe is > infected with ErrorSafe > C:WINDOWSDownloaded Program FilesCONFLICT.1UERSR_0001_N91M2407NetI... > is infected with WinFixer > C:backup_carmanRadminr_server.exe is infected with Remacc.Radmin</span> I'm not a big fan of online scanning tools in general but this could be for a couple of reasons: 1. Those files are connected with non-viral malware so it isn't surprising that an antivirus program doesn't flag them. Perhaps F-Secure doesn't look for non-viral malware. 2. It could be a false-positive. I would certainly go through other malware scanning per the information here: http://www.elephantboycomputers.com/page2....emoving_Malware Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest Milo Posted May 8, 2008 Posted May 8, 2008 It is not a virus to be exact it is a malware - a trojan that system has been visiting site that prompts a preload of those rouge security applications. Its just trying to go in your system. Those that are in downloaded directory it means your system had made an acquaintance with those file already someone or somehow they agreed to it previously. If you are using Internet Explorer 7 reset it on on the internet option>Advance tab>reset it just to dump all possible attached ( unauthorized apps ), you can just reinstall those that you use ex for office or for your gaming. It's much safer than take chances. "Eric" <Eric@discussions.microsoft.com> wrote in message news:AC72A055-FE58-448F-8615-31109D114363@microsoft.com...<span style="color:blue"> > When I scan my PC using F-Secure, I find no virus, but when I use the > online > Norton anti-Virus, I find following infected files. > > our computer is infected with at least one known virus or Trojan horse. > > Search for the name of the threat(s) listed below on the Symantec Security > Response site for removal information > > C:WINDOWSDownloaded Program FilesUERSR_0001_N91M2407NetInstaller.ex... > is > infected with WinFixer > C:WINDOWSDownloaded Program FilesUERS_0001_N68M1801NetInstaller.exe is > infected with ErrorSafe > C:WINDOWSDownloaded Program FilesCONFLICT.1UERSR_0001_N91M2407NetI... > is > infected with WinFixer > C:backup_carmanRadminr_server.exe is infected with Remacc.Radmin </span> Quote
Guest PA Bear [MS MVP] Posted May 8, 2008 Posted May 8, 2008 Milo, these are symptoms of a ZLOB infection, which is usually accompanied by Vundo and SDBot, all of which are being protected by a rootkit. No anti-virus or anti-spyware applications or online scans will detect and remove all of it. -- ~PA Bear Milo wrote:<span style="color:blue"> > It is not a virus to be exact it is a malware - a trojan that system has > been visiting site that prompts a preload of those rouge security > applications. Its just trying to go in your system. > > Those that are in downloaded directory it means your system had made an > acquaintance with those file already someone or somehow they agreed to it > previously. > > If you are using Internet Explorer 7 reset it on > on the internet option>Advance tab>reset it just to dump all possible > attached ( unauthorized apps ), you can just reinstall those that you use > ex > for office or for your gaming. It's much safer than take chances. > > "Eric" <Eric@discussions.microsoft.com> wrote in message > news:AC72A055-FE58-448F-8615-31109D114363@microsoft.com...<span style="color:green"> >> When I scan my PC using F-Secure, I find no virus, but when I use the >> online >> Norton anti-Virus, I find following infected files. >> >> our computer is infected with at least one known virus or Trojan horse. >> >> Search for the name of the threat(s) listed below on the Symantec >> Security >> Response site for removal information >> >> C:WINDOWSDownloaded Program FilesUERSR_0001_N91M2407NetInstaller.ex... >> is >> infected with WinFixer >> C:WINDOWSDownloaded Program FilesUERS_0001_N68M1801NetInstaller.exe is >> infected with ErrorSafe >> C:WINDOWSDownloaded Program FilesCONFLICT.1UERSR_0001_N91M2407NetI... >> is >> infected with WinFixer >> C:backup_carmanRadminr_server.exe is infected with Remacc.Radmin </span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.