Ronin77
2009-02-05, 00:49
This morning, a customer was told by an associate that AVG had flagged a .jpg attachment on one of his emails as infected.
A short time ago, he ran Adaware, which reported that two files in the Spybot S&D program folder were infected:
Family Id: 983 Name: Win32.Trojan.Spy Category: Virus TAI:10
Item Id: 536469 Value: File: C:\Program Files\Spybot - Search & Destroy\CGONXDUPPADYDIJ.scr
Item Id: 536469 Value: File: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Upon examination, I also found the following suspicious .scr files in the folder:
MPGEZWNQCSCC.SCR
OVTSAOECRLPQLXE.SCR
QQIWLEWIYFQWNSRK.SCR
RUFJVSEDLYYBCDYOCJ.SCR
All of these files are flagged as hidden system files.
Neither Eset (NOD32) nor Avira show any infection in these files.
Normally, I would write this off as a false positive, but the .scr file names look suspiciously like infection components.
Any insights would be greatly appreciated.
Thanks!
Brian Freeman
A short time ago, he ran Adaware, which reported that two files in the Spybot S&D program folder were infected:
Family Id: 983 Name: Win32.Trojan.Spy Category: Virus TAI:10
Item Id: 536469 Value: File: C:\Program Files\Spybot - Search & Destroy\CGONXDUPPADYDIJ.scr
Item Id: 536469 Value: File: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Upon examination, I also found the following suspicious .scr files in the folder:
MPGEZWNQCSCC.SCR
OVTSAOECRLPQLXE.SCR
QQIWLEWIYFQWNSRK.SCR
RUFJVSEDLYYBCDYOCJ.SCR
All of these files are flagged as hidden system files.
Neither Eset (NOD32) nor Avira show any infection in these files.
Normally, I would write this off as a false positive, but the .scr file names look suspiciously like infection components.
Any insights would be greatly appreciated.
Thanks!
Brian Freeman