Guest Zareba Posted September 27, 2008 Posted September 27, 2008 Windows XP SP3, Toshiba notebook computer. When I went to PC Pitstop for an analysis of this new-to-me notebook, they said I had Vista Virus and to remove it before doing anything further. My problem is that I can not find this virus. I had downloaded and installed a program that offered to change my icons to those in Vista. When it did not work as I expected, I uninstalled it. Searching the net and searching Microsoft has not turned up anything helpful, although there seems to be a "Vista Anti-virus virus". Anyone have any suggestions? Thanks ....Z Quote
Guest Maurice N ~ MVP Posted September 28, 2008 Posted September 28, 2008 Vista Antivirus 2008 is a rogue program rather than a virus. See "How to remove Vista Antivirus 2008" http://www.bleepingcomputer.com/malware-re...-antivirus-2008 Was there a specific file identified by PC PitStop as being "Vista Icon Virus" ? Filename & path would be of great help. Have you done scans with your antivirus / anti-malware app ? One certainly hopes you have an up-to-date AV & anti-malware installed already on your notebook. Which do you have? I'd suggest you get a 2nd opinion by using one or both of these online scanners: Kaspersky Webscan Online Virus Scanner http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html ESET Online Scanner http://www.eset.com/onlinescan/ -- Maurice Naggar MS-MVP ----- "Zareba" <zarebatoo@thetimewarp.com> wrote in message news:Oj9$87MIJHA.3932@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Windows XP SP3, Toshiba notebook computer. > > When I went to PC Pitstop for an analysis of this new-to-me notebook, they > said I had Vista Virus and to remove it before doing anything further. > > My problem is that I can not find this virus. I had downloaded and installed > a program that offered to change my icons to those in Vista. When it did not > work as I expected, I uninstalled it. > > Searching the net and searching Microsoft has not turned up anything > helpful, although there seems to be a "Vista Anti-virus virus". > > Anyone have any suggestions? > > Thanks > > ...Z </span> Quote
Guest Zareba Posted September 28, 2008 Posted September 28, 2008 The program identified was C/Windows/VistaDrive/VistaDrive.exe which I could not find on any on-line search as being malware. I do not have Vista Antivirus 2008. Although I do not lurk consistently in any virus related news groups, I do get newsletters that keep me relatively informed. There was nothing in any of them about VistaDrive either. I have scanned with Avast and Spybot, then went on line and got a free on-line Panda scan. They identified 5 low level bits of malware, all of them cookies and all disappear when the cookies are deleted, which I do regularly. I also run Zone Alarm. My Avast is updated daily and Spybot is updated regularly. Panda did offer to fix these 5 problems if I buy their anti-virus program. Their on line scans and repairs used to be free, but it seems almost all now use a free scan of your computer to talk you into buying! I am beginning to think PC Pitstop pressed the alarm button when it saw the word Vista. Thank you for your assistance in this matter. ....Z (still learning after all these years) Quote
Guest David H. Lipman Posted September 28, 2008 Posted September 28, 2008 From: "Zareba" <zarebatoo@thetimewarp.com> | The program identified was C/Windows/VistaDrive/VistaDrive.exe which I | could not find on any on-line search as being malware. | I do not have Vista Antivirus 2008. Although I do not lurk consistently in | any virus related news groups, I do get newsletters that keep me relatively | informed. There was nothing in any of them about VistaDrive either. | I have scanned with Avast and Spybot, then went on line and got a free | on-line Panda scan. They identified 5 low level bits of malware, all of them | cookies and all disappear when the cookies are deleted, which I do | regularly. I also run Zone Alarm. My Avast is updated daily and Spybot is | updated regularly. | Panda did offer to fix these 5 problems if I buy their anti-virus program. | Their on line scans and repairs used to be free, but it seems almost all now | use a free scan of your computer to talk you into buying! | I am beginning to think PC Pitstop pressed the alarm button when it saw the | word Vista. | Thank you for your assistance in this matter. | ...Z (still learning after all these years) I thought it to be a False Positive when I first read your post. Please submit a sample of VistaDrive.exe to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition Virus Total will provide the sample to all participating vendors. You can also submit a suspect, one at a time, via the following email URL... mailto:scan@virustotal.com?subject=SCAN When you get the report, please post back the exact results. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Zareba Posted September 28, 2008 Posted September 28, 2008 I thought it to be a False Positive when I first read your post. There aught to be a law!!!! ....Z Quote
Guest David H. Lipman Posted September 28, 2008 Posted September 28, 2008 From: "Zareba" <zarebatoo@thetimewarp.com> | I thought it to be a False Positive when I first read your post. | There aught to be a law!!!! | ...Z LOL -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Maurice N ~ MVP Posted September 28, 2008 Posted September 28, 2008 Vistadrive.exe is reported as Win32 Mailer Gen. EXPLOIT virus at PcPitstop http://www.pcpitstop.com/libraries/process...aDrive.exe.html Do as David suggested, and also proceed to get Vistadrive.exe removed -- Maurice Naggar MS-MVP ----- "Zareba" <zarebatoo@thetimewarp.com> wrote in message news:ul1HKsYIJHA.1936@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> >I thought it to be a False Positive when I first read your post. > > > There aught to be a law!!!! > > ...Z </span> Quote
Guest Zareba Posted September 28, 2008 Posted September 28, 2008 Please submit a sample of VistaDrive.exe to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition Virus Total will provide the sample to all participating vendors. Hi David: I took the sample to virustotal, but I have no idea what the analysis means.HELP!!! ....Z (very confused) File VistaDrive.exe received on 09.28.2008 21:09:22 (CET) Antivirus Version Last Update Result AhnLab-V3 2008.9.25.0 2008.09.26 - AntiVir 7.8.1.34 2008.09.28 - Authentium 5.1.0.4 2008.09.28 - Avast 4.8.1195.0 2008.09.27 - AVG 8.0.0.161 2008.09.28 - BitDefender 7.2 2008.09.28 - CAT-QuickHeal 9.50 2008.09.27 - ClamAV 0.93.1 2008.09.28 - DrWeb 4.44.0.09170 2008.09.28 - eSafe 7.0.17.0 2008.09.28 Suspicious File eTrust-Vet 31.6.6110 2008.09.26 - Ewido 4.0 2008.09.28 - F-Prot 4.4.4.56 2008.09.27 - F-Secure 8.0.14332.0 2008.09.28 - Fortinet 3.113.0.0 2008.09.28 - GData 19 2008.09.28 - Ikarus T3.1.1.34.0 2008.09.28 - K7AntiVirus 7.10.476 2008.09.27 - Kaspersky 7.0.0.125 2008.09.28 - McAfee 5393 2008.09.27 - Microsoft 1.3903 2008.09.28 - NOD32 3478 2008.09.28 - Norman 5.80.02 2008.09.26 - Panda 9.0.0.4 2008.09.28 - PCTools 4.4.2.0 2008.09.26 - Prevx1 V2 2008.09.28 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.09.28 - Sophos 4.34.0 2008.09.28 - Sunbelt 3.1.1675.1 2008.09.27 - Symantec 10 2008.09.28 - TheHacker 6.3.0.9.095 2008.09.27 - TrendMicro 8.700.0.1004 2008.09.26 - VBA32 3.12.8.6 2008.09.27 - ViRobot 2008.9.26.1394 2008.09.26 - VirusBuster 4.5.11.0 2008.09.28 - Additional information File size: 280779 bytes MD5...: 6e15cac2275e0b0a22e7ee9bac30d7ba SHA1..: 73907693e9e3009226aa0f062b0d139d59c445ce SHA256: 3fdcb7a2e87271faf8e65b84e92da9bbf9c954d04ddd062828cbdce600c1c4dd SHA512: 653d3ee9a8c9f15548d5dad74de2a2c063929768ef542216b2a0cf9591c6708c 170401fe833076d25ace97dc8fbf899aa9faf4d1f2226cdefa493c3f2227991b PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser TrID..: File type identification UPX compressed Win32 Executable (43.8%) Win32 EXE Yoda's Crypter (38.1%) Win32 Executable Generic (12.2%) Generic Win/DOS Executable (2.8%) DOS Executable Generic (2.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x47a1c0 timedatestamp.....: 0x42543d7e (Wed Apr 06 19:50:22 2005) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x5e000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x5f000 0x1c000 0x1b400 7.92 910877b07352078e99d4d7dc617c4cea .rsrc 0x7b000 0x29000 0x28800 5.23 9c5fa377a89bd5b6b76efc7074feeb06 ( 13 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess > ADVAPI32.dll: RegCloseKey > COMCTL32.dll: ImageList_Create > comdlg32.dll: GetOpenFileNameA > GDI32.dll: DeleteDC > MPR.dll: WNetUseConnectionA > ole32.dll: CoInitialize > OLEAUT32.dll: - > SHELL32.dll: DragFinish > USER32.dll: GetDC > VERSION.dll: VerQueryValueA > WINMM.dll: timeGetTime > WSOCK32.dll: - ( 0 exports ) ThreatExpert info: http://www.threatexpert.com/report.aspx?md...2e7ee9bac30d7ba packers (Kaspersky): UPX packers (F-Prot): UPX Quote
Guest David H. Lipman Posted September 28, 2008 Posted September 28, 2008 From: "Zareba" <zarebatoo@thetimewarp.com> | Please submit a sample of VistaDrive.exe to Virus Total -- | http://www.virustotal.com/flash/index_en.html | The submission will then be tested against many different AV vendor's | scanners. | That will give you an idea what it is and who recognizes it. In addition | Virus | Total will provide the sample to all participating vendors. | Hi David: | I took the sample to virustotal, but I have no idea what the analysis | means.HELP!!! | ...Z (very confused) < snip > | eSafe 7.0.17.0 2008.09.28 Suspicious File < snip > The analysis indicates the probability that this was a False Positive declaration is very high. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Zareba Posted September 28, 2008 Posted September 28, 2008 The analysis indicates the probability that this was a False Positive declaration is very high. Thanks, I think. ...Z Quote
Guest kalyan Posted October 1, 2008 Posted October 1, 2008 Re: Vista Icon Virus--Removal instructions Hi It is Win32.Mailer.Gen.Exploit 1.Disable the system restore mode&Restart you pc in safe mode 2.Kill the vistadrive.exe process 3.Remove the vistadrive.exe registery key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4.delete the folder vistadrive in c:\windows\vistadrive,c:\windows\system32\vistadrive 5.Clean all temp files 6.Restart and enjoy -- Warm Regards Kalyan "Zareba" <zarebatoo@thetimewarp.com> wrote in message news:Oj9$87MIJHA.3932@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Windows XP SP3, Toshiba notebook computer. > > When I went to PC Pitstop for an analysis of this new-to-me notebook, they > said I had Vista Virus and to remove it before doing anything further. > > My problem is that I can not find this virus. I had downloaded and > installed a program that offered to change my icons to those in Vista. > When it did not work as I expected, I uninstalled it. > > Searching the net and searching Microsoft has not turned up anything > helpful, although there seems to be a "Vista Anti-virus virus". > > Anyone have any suggestions? > > Thanks > > ...Z > </span> Quote
Guest Zareba Posted October 3, 2008 Posted October 3, 2008 Re: Vista Icon Virus--Removal instructions Thanks Kalyan: When there was some doubt as to what the file actually was, I uninstalled and deleted everything I could find, rebooted and checked again for signs of the wayward program. When I found one instance that appeared to have regenerated itself, I stopped system repair and deleted it again. After another reboot, I was not able to find it anywhere, Windows, Registry, Programs ... in short it had totally disappeared. Just to be sure, I went back to PC Pitstop and ran the tests again. They could not find it either. It seems to me that because it was so easy to remove, it was either a false positive, or a very devious and tenacious virus. Either way, it is gone. If it was a legitimate program, it did not do what it was supposed to do so I would have uninstalled it anyway. Thanks everyone, for your help. ....Z (still learning after almost 10 years) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.