Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan.VB.VZO

25 Jul 2009   #21
mickey megabyte

ultimate 64 sp1
 
 

Quote   Quote: Originally Posted by DJG View Post
Well, I have been reluctant to do anything that might remotely trigger the potential malware, not even opening the archive with Winzip (I actually have a license, how anal is that!) until I have a better handle on the sitch.
very understandable, DJG. one thing i don't understand is why people still use winzip? i gave it up years ago ever since windows (was it xp) starting supporting zip's 'out of the box'.

don't get me wrong, i'm not criticising you using it, just wondering what advantages winzip has over windows explorer in dealing with zip files.


My System SpecsSystem Spec
.
25 Jul 2009   #22
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

Quote   Quote: Originally Posted by DJG View Post
Well, I have been reluctant to do anything that might remotely trigger the potential malware, not even opening the archive with Winzip (I actually have a license, how anal is that!) until I have a better handle on the sitch.
ok there shouldnt be any problem extracting the file...
Quote:
And unfortunately it appears my false positive gone experience wasn't quite true. What happened is I did a file-specific right-click / Scan for malware, and apparently that works different, or possible doesn't work as expected in Win 7 which is still in beta trim for this release. I just did another full system scan and they (I have two copies currently) showed up again.
hmm interesting
Quote:
The good news? The same sig showed up this time three times, the two zip archives, and an OCX in my 7232 partition's SysWOW64, mswinsck.ocx which is a skimpy 106KB. And it matches what might have been installed by that installation ZIP. I'll send that and see what happens now.

BTW, the right-click / Scan for malware gives positive on the OCX file, but not on the ZIP that seems to contain it.

since its a OCX file its not executable by default...
it should be fine...
once great way to check whether its a false positive is to see whether it has a valid signature...
if it does then all means its a false positive...
My System SpecsSystem Spec
25 Jul 2009   #23
DJG

 

Quote   Quote: Originally Posted by mickey megabyte View Post
very understandable, DJG. one thing i don't understand is why people still use winzip? i gave it up years ago ever since windows (was it xp) starting supporting zip's 'out of the box'.

don't get me wrong, i'm not criticising you using it, just wondering what advantages winzip has over windows explorer in dealing with zip files.
I actually like the interface better, and I got the license the year before it got integrated into Win Explorer . Also I prefer to explicitly deal with the archive environment separately from the filesystem. I think I did one upgrade, to v10. It does have nicer functionality, but if I didn't have that original license I just might be using the Win Explorer integration too. I'm just showing my age .

OK, I went through all sorts of hoops to try and get a hold of the mswinsck.ocx file to send it to Agnitum but security would not let me do anything with it, saying I needed permissions, it said it couldn't display the owner when I tried to take ownership, bla, bla. I started to get worried as it looked like they'd made the file untouchable. Then I realized it might be the AV trying to protect me. Bingo. I momentarily disabled protection and was able to submit it as a suspect infection with a brief history. Well, I really can't complain even if it turns out to be a false (I'm hoping), it seems to be doing its job.

Plus it forced me to do a clean install of 385 instead of the upgraded 384, which will make many people in this forum happy . It was coming once I got comfy but now I'm there a bit sooner. Minus my lovely Brit Lass voice to croon to me . Let's see if I get a response from Agnitum.
My System SpecsSystem Spec
.

25 Jul 2009   #24
DJG

 

Quote   Quote: Originally Posted by darkassain View Post
ok there shouldnt be any problem extracting the file...
... into somebody else's PC

Quote   Quote: Originally Posted by darkassain View Post
since its a OCX file its not executable by default...
it should be fine...
Paranoia often makes you take little for granted and assumptions for what they are

Quote   Quote: Originally Posted by darkassain View Post
once great way to check whether its a false positive is to see whether it has a valid signature...
if it does then all means its a false positive...
Good point on the sig, but again, I trust very little at this point until (if) I hear from Agnitum. Here's that for you. Whadda ya think?


Attached Images
 
My System SpecsSystem Spec
25 Jul 2009   #25
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

Quote   Quote: Originally Posted by DJG View Post
Good point on the sig, but again, I trust very little at this point until (if) I hear from Agnitum. Here's that for you. Whadda ya think?
click on the sig itself and the click the details button...
-details.png
if the the sig checks out the there is NO way (emphasis on "no way"...) its malware...
if this the rtm mswinsck file send the zip file (i dont know how Agnitum handles FP) since this is a very important file..
if it does not then there might be tampering going on...


My System SpecsSystem Spec
25 Jul 2009   #26
DJG

 

You are of course right, I'm getting over my initial paranoia attack . Between that and my still-somewhat-there tooth ache, and my PITA neighbor complaining about some fronds that slightly tilt over her side of the fence, it was just getting too overwhelming at once .

And actually everything looks rather kosher from the sig end. I'm breathing much easier now :


Attached Images
  
My System SpecsSystem Spec
25 Jul 2009   #27
DJG

 

Quote   Quote: Originally Posted by darkassain View Post
click on the sig itself and the click the details button...
Attachment 19845
if the the sig checks out the there is NO way (emphasis on "no way"...) its malware...
if this the rtm mswinsck file send the zip file (i dont know how Agnitum handles FP) since this is a very important file..
if it does not then there might be tampering going on...
Actually this is not a core file - it's not part of the MS distribution. It doesn't show up in my current 7600 install since I haven't installed the ZIP file this time around. There's a similarly named DLL that is though, mswsock.dll.
My System SpecsSystem Spec
25 Jul 2009   #28
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

Quote   Quote: Originally Posted by DJG View Post
Actually this is not a core file - it's not part of the MS distribution. It doesn't show up in my current 7600 install since I haven't installed the ZIP file this time around. There's a similarly named DLL that is though, mswsock.dll.
rightly noted DJG....
you are correct of course, the dll is the critical one not the ocx (got the two files mixed up....)...
My System SpecsSystem Spec
25 Jul 2009   #29
DJG

 

And a very important file it is. Sock management is very important. Socks keep your feet warm in the winter, and your shoes from getting smelly. Managing Win sockets is also very important .

BTW, I've been trying to fathom "In a ... lazy eight portal?

And FYI, I believe Marie Antoinette did - or at least so I've been told. Might want to check it out, though I think she's out in France somewhere, and probably doesn't even visit the forum ... most likely not something you'd want to lose your head over.
My System SpecsSystem Spec
25 Jul 2009   #30
Mercurial

Windows 7 32bit RTM
 
 

I'd say change your AV o.O;
My System SpecsSystem Spec
Reply

 Trojan.VB.VZO




Thread Tools





Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
Need some help got a trojan
Hello, First off sorry if this is in wrong area. My parents have got a trojan ( Smart internet protection) even tho they was protected using Mcafee internet security. Anyways, when i tried to open mcafee to run a system scan it would not let me. I don't know any thing about what to do, i have...
System Security
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro
A little help,please.Got this trojan earlier.It disabled MSE,MBAM,Internet,CCleaner,and pretty much anything .exe.Claimed everything was infected...so says whatever fake AV program that came with it.(I wish I could figure out how to use the indention tool here)I had to restart,open task manager...
System Security
Trojan, Please HELP!!!
Well, I’m a little embarrassed to say, I’ve been hit with a rather nasty Trojan. McAfee detected it right away, and I told it to quarantine the junk, and I assumed it had… until IE kept opening with random junk pages I didn’t prompt it to open. :mad: I therefore, did not write down the name of...
System Security
Trojan
Hi, This other day I downloaded a file that raped my system, causing me to lose access to any .exe file aswell as the task manager. My internet was also terminated. How do I remove this menace? I scanned with AVG Free and Superantispyware but to no avail. I have DDS and HiJackThis, but...
System Security
New trojan
Hi, there's this new trojan which I found on a website. Its filename is Bookmark.exe. Strange is that only 22/40 anti malware engines were able to detect it. Currently, I was trying Norton 360 beta 4 which has failed to detect it. :shock: So far, this trojan has changed my IE8 homepage. Not...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:18.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App