3 Replies Latest reply on May 19, 2011 8:14 AM by sacolletta

    Potential malware

      I recently logged onto my computer and noticed an executable running from Windows Task Managaer labeled, 1uStEEUw.exe. I have no idea what the file is, and there is nothing available from searching the web a possible description. The file was created the last time I used Google Chrome which was over a day ago. There is nothing in my registry that points to related programs or libraries. The file was located in the C:\Documents and Settings\All Users\Application Data folder and was using just a small amount of memory and low CPU utilization. A McAfee scan of the file doesn't show any problems, but am not taking any chances.

       

      Can anyone tell me what this file is or how I should proceed? I attached the file with a txt extension, but it is an exe.

      Thanks.

       

      Attachment removed from post by Moderator as it contained a malicious file.

       

      on 19/05/11 13:34:17 IST
        • 1. Re: Potential malware
          Peter M

          Moved this to Malware Discussion > Home User Assitance in the hope someone from that department will spot it.

           

          In the meanwhile I suggest submitting the file by email.

           

          Email file to:  Virus_Research@avertlabs.com

           

          When submitting samples via E-mail all samples must be packaged in a .ZIP file and if you believe it to be a false detection, the email header should start with the word "False" (minus the "").

          Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.

          If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

          If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

           

          **If they respond that it is an infection and you are sure it is not, reply to that email immediately ( to Virus_Research@avertlabs.com )  and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

           

          To be on the safe side scan with an outside anti-malware agent such as MalwareBytes (Free)  or SuperAntispyware (Free). Let them clean everything they find.

           

          Message was edited by: Ex_Brit on 18/05/11 10:15:18 EDT AM
          • 2. Re: Potential malware

            Hello -

             

            The file is malicious.

            http://www.virustotal.com/file-scan/report.html?id=b128fbc12629eb081a3e97620411c 0f458b7ec530c3b7c101a77326714295233-1305806656

             

            Only two vendors actually have a signature detection for it, Dr.Web and Nod32.  I have sent the file to the lab, the file is being sent for further processing.

             

            on 19/05/11 13:30:42 IST
            • 3. Re: Potential malware

              Thanks for the heads up. I sent the file to McAfee and their initial review of it was that it wasn't malicious, but they still had to do an in depth analysis.