4 Replies Latest reply on Jul 5, 2013 5:58 PM by Peter M

    Win32/Small.CA

      My Windows 7 PC crashed this afternoon.  I then got a message in the Microsoft Security Centre giving the message:

      Remove the Win32/Small.CA Virus

      Windows has decided Win32/Small.CA, a known PC virus, on your PC.  Win32/Small.CA has caused your PC to stop working properly 1 times, last occurring on 16/06/2013 15:12.

       

      The link from microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Virus%3aWin32 %2fSmall.R was the most interesting link I could find, but it is quite old and I am not convinced that it is reliable.

       

      I do not have the files on USB sticks which it mentions, at least as far as I can see.

      <drive:>\recycler\info.exe - copy of Virus:Win32/Small.R

      <drive:>\recycler\desktop.ini

      <drive:>\autorun.inf

       

      I note that I do have the registry entry:

      • The presence of the following registry modifications:
      • Value: "Userinit"With data: "userinit.exe,%windir%\system\svchost.exe"
      • In subkey: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

      but this seems to running a Microsoft program, so I am not sure I should worry.

       

       

       

      McAfee did not detect it with a quick scan.

      Malwarebytes did not detect it with a quick scan.

       

      I am currently running a full scan with Malwarebytes (45 minutes in an no objects detected); then I will run a full one with McAfee.

       

      I think that there may in fact be nothing wrong with my PC, and no virus.

       

      Has anyone else had this experience?

      Is there a solution?

      Is there anything for me to worry about?

        • 1. Re: Win32/Small.CA
          Peter M

          Moved this to Malware Discussion as a more appropriate spot.

           

          It probably has been dealt with.  I'm curious as to why Microsoft would alert you, are you using their security software?

           

          You could try Malwarebytes in Safe Mode (...with Networking if you want to update it prior to running).   It might catch more.

           

          It might be an idea to run a Hijackthis session and post the log as directed lower down the last link in my signature below.

           

          Good place would be either the BleepingComputer or Malwarebytes forums link.   That way you';; get an expert, independent opinion.

          • 2. Re: Win32/Small.CA
            Hayton

            http://www.microsoft.com/security/portal/threat/encyclopedia/search.aspx?query=w in32/small.CA

            Win32/Small is a generic detection for files that perform various malicious actions on an affected computer.

             

            Malicious files detected as variants of Win32/Small can have virtually any purpose, however, they are often used to download and execute arbitrary files (including additional malware) of an attacker's choice to an affected computer.

             

            There are reports on the Malwarebytes and Norton forums of Windows Action Center displaying this message. It's not clear if the message is a false positive (but it may be), nor is it obvious why it should appear in the Action Center at all.

            http://forums.malwarebytes.org/index.php?showtopic=125271

            https://community.norton.com/t5/Norton-Internet-Security-Norton/Win32-Small-CA/t d-p/590808

             

            May be one for the Microsoft forums

             

            Message was edited by: Hayton on 16/06/13 19:20:33 IST
            • 3. Re: Win32/Small.CA

              I'm begining to think this actually is a False Flag. I've ran half a dozen different security scans and done a tone of research online. Pulled all the file name and registry file names associated with this bug. I've gone through the registry and my file system and can't find any of the supposedly associated files. Now unless this virus is capable of hiding somewhere I'm unfamilar with, which isn't very likey as I'm pretty computer savy, something is a bit fishy here. In the Action Center Flags, there is also a flag for McAfee, but it doesn't tell me what is wrong. Everything is running clean and properly in my McAfee software according to the programs control panel. There is also another flag for RealPlayer which is also working just fine. Me thinks the problem is non-existant.

              • 4. Re: Win32/Small.CA
                Peter M

                As I said on your other thread:

                 

                If you really want to be absolutely sure, run Hijackthis or DDS and post the log as instructed lower down the last link in my signature below.