5 Replies Latest reply: Jul 23, 2009 8:55 AM by Ex_Brit RSS



      I am looking to buy some welding equipment and have been browsing the local Cragslist ads. Yesterday I found what appeared to be a pretty good deal and I mailed the poster. I got back a response which gave me a link for directions. I followed the link and downloaded a zipped file. Unzipping this file and clicking on the file didn't seem to do anything so I searched the internet looking for information about the zip program and the file.

      What I found was that the file imagereader1x.exe was a virus which spawned unwanted processes. Searches brought up other users who, similarly on craigslist, had downloaded the file and were rewarded with a virus.

      I also found an anti-malware software download, Prevx which claimed to help clear this virus so I downloaded and installed it. Since them I have deleted the file imagereaderx.exe and hope that I caught it quick enough that it did not infect my computer. It doesn't seem like my computer is infected.

      Except ...

      The program imagereader1x.exe spawned programs which I managed to kill. However the anti-malware program Prevx spawns programs called prevx.exe This program loads at start-up and spawns two processes, both called prevx.exe Searching on "prevx.exe" leads to results which say the process is a dangerous virus and that it should be removed immediately. Searching for "prevx" brings up Prevx anti-malware software. There are reviews and it seems that Prevx is legit; even though it spawns the process "prevx.exe"

      I've used McAfee and scanned the files and it's looked through my computer and says that I am virus free.

      Is the process "prevx.exe" spawned by Prevx (www.prevx.com) a virus or a virus checker?

      Other than running a virus checker is there some way to tell if my computer is infected? I'm still a bit concerned about the "imagereader1x.exe" that I downloaded, unzipped and ran.

      Any help in clearing this up would be greatly appreciated!

        • 1. RE: prevx.exe
          Prevx bills itself as the answer to just about everything which it isn't.

          Prevx.exe is I believe malware according to a very reliable source, but to be sure you should run the free version of both of these tools and let them clean everything they find.



          Meanwhile, what is your operating system and service pack and are you totally up to date?

          Meanwhile it is only Prevx that finds Imagereader1x as malware as far as I can gather.
          • 2. Ockham's razor
            "Prevx.exe is I believe malware according to a very reliable source"

            That statement alone is unfortunately very very misleading and in this case most likely going to cause more worry than anything - prevx.exe could be malware IF it i located in c:\windows\system32 . You might as well just say mcshield.exe is malicious as well as it has been known to be seen in system32 as well. You can not simply identify a file by it's filename, you must look at much more than this - at least by looking at the location in which the file is located in.

            As for Prevx.exe , Prevx is indeed a legit antimalware product, and does install itself by default into c:\program files\prevx\prevx.exe . It will show up as two separate processes in your process list as it runs in both user and system account.

            Searching for google will lead you to some sites which talk about a malicous file called prevx.exe, however living in c:\windows\system32.

            Ockham's razor is often true, however may I suggest you include in your future filename searches a better approach - find out where the file is located, and use the services provided by a site such as virus total (www.virustotal.com) where it will scan a file you upload against all the leading antimalware products on the market. And yes, Prevx is in that list as well.
            • 3. RE: Ockham's razor
              Whatever. I'm afraid often we don't always have time to go into intricate details. just point to things we (or anyone) could find by doing a search.

              I have had VirusTotal linked in my signature for some time.
              • 4. Thanks!

                I was quite concerned about having a virus since I have very valuable things on my computer (I know I should back it up). Over the past 38 years I have avoided getting a virus not by running virus checkers, which really slow everything down, but by not running random executables downloaded from the internet; this one caught me off gaurd. I was so interested in seeing what the deal was that I didn't follow my own protocol.

                I really appreciated the quick response by Peter! Almost immediately I followed through with his advice and was relieved when nothing was found.

                I also really appreciate the additional information! It helps me to understand what happened and feel a lot more comfortable. If it ever happens again to me or someone I know, I can deal with the situation confidently instead of wondering if the virus is in the database yet and/or if it's a modified version.

                Thanks to both of you!
                • 5. RE: Thanks!
                  If you ever have something you aren't sure about just submit it to either McAfee Threat Center or to VirusTotal, as linked in my signature. VirusTotal is great in that it will then be scanned by a whole bunch of the major scanners out there. It is often surprising to view the widely different findings though.