3 Replies Latest reply on Nov 15, 2013 10:10 PM by Hayton

    Microsoft Action Centre Reported a "Win32/small.CA" virus




      I've looked all over the internet and have found a mixed bag of answers, so I'm not sure what to do. I've never gotten a virus before, but yesterday Microsoft's Action Centre (I use Windows 7) told me to "Remove the Win32/Small.CA" virus. I use  McAfee's "Anti-virus Plus" and it never notified me of anything. I also did a quick scan and couldn't find any problems. I downloaded Malware Bytes as I saw in the recommendations, but that didn't find anything as well. Today I ran McAfee's Stinger in safe mode, but again nothing was found.


      I have noticed anything too funny with my computer as it's pretty slow to load up in the first place. I have found that my internet browser (Mozilla Firefox) has been freezing more than usual.


      Could you please help me with this virus?



        • 1. Re: Microsoft Action Centre Reported a "Win32/small.CA" virus

          Moved from Home & Home Office to Security Awareness / Malware Discussion / Home User Assistance.


          I'll have a look at this & will edit this post with what I find.


          Edit : I thought this sounded familiar. It was reported in a thread earlier this year, and I investigated it then. My conclusion at the time was that it was a false positive, and I still hold to that conclusion. Too many reports of this message appearing and scans with a range of different products producing no result.


          See https://community.mcafee.com/message/292935#292935


          Sophos also believe it's a false positive triggered by a failure in the services.exe process.

          http://www.sophos.com/en-us/support/knowledgebase/1462/8450/1009/2250/1351/11971 6.aspx


          And there are multiple threads in Microsoft forums all saying that no scanners can detect a problem, including Microsoft's own scanners.


          There are many untrustworthy blogsites claiming that they will show you how to remove this alleged infection. It's one of the surefire ways to identify them


          One point that was mentioned in several of the Microsoft threads is that this message is sometimes associated with blue-screen (BSOD) problems - in other words it's being triggered by a different issue altogether. In which case it's best to concentrate on whatever is causing the BSOD (usually a bad or incompatible driver).


          Message was edited by: Hayton on 15/11/13 03:54:07 GMT
          • 2. Re: Microsoft Action Centre Reported a "Win32/small.CA" virus

            Hi Hayton,


            Thank you for responding to me so quickly. I have not been having any blue screen problems, just freezing of my browser at times, a bit more than normal. So I guess I will observe and see what happens?


            Thanks again!

            • 3. Re: Microsoft Action Centre Reported a "Win32/small.CA" virus

              Yes, keep an eye on it. I don't quite buy the theory that it's a spontaneous false positive out of the blue. I suspect that, like the canary in the coal mine, it's trying to tell us something. Well, okay, wrong simile. You don't want your programs keeling over dead. But it may be a misleading pointer to an actual problem that needs to be identified; and of course there was such an infection, way back in 2008, that the detection was introduced for, so one of the signifiers for that detection is perhaps being found. I just don't know which one or why.