Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware. Help

Started by piapancudo , Mar 11 2017 10:25 AM

  • Please log in to reply

#1
piapancudo
Posted 11 March 2017 - 10:25 AM

piapancudo

    Member

  • Member
  • PipPip
  • 21 posts

Hello,

I suspect this is a case of false positive or something along those lines,
but to be sure i decided to post here.

If Essexboy is still around here and could help me, i would appreciate it.
You already helped me a couple times in the past and i liked ur style and
dealing with you. But anyone's help is obv appreciated.

so, here is what happened:

yesterday i turn on my computer. I go  do other things while it boots up.
When i return there is an Avast Behaviour Shield pop up saying theres a
program behaving suspiciously and it might be indicative of malware.
The thing is i havent installed anything other than steam games in quite
a while on this computer. But anyways i click on "fix it" and it sends the  
file to the virus chest. By the way, the infected file was a .bat file
located in c:\Windows\System32 and its name is this
{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

and the infection was IDP.Generic

So, after sending the file to the chest i restart my pc and i check and
that file is back in c:\Windows\System32 .  I scan it with avast and
MBAM and it says its clean.

So, i run an Avast(i use the free version) Boot Time Scan and it finds no
threats. I also run the MBAM quick scan and it shows no threats again.


so, is this a false positive ?


Thanks for the help

 


  • 0

Advertisements

#2
RKinner
Posted 11 March 2017 - 11:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

False Positive.  If you look at the file's contents in notepad it just says:

 

@echo off

start igfxEM.exe /RegServerPerUser

start igfxEM.exe

start igfxHK.exe

start igfxTray.exe

attrib +R +H +S +A *.cui

del /Q {A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

 

 

The files in question are from intel.  The last line seems to indicate it tries to delete itself after running.  Not sure would work so maybe just poor programming skills on someone's part.  Probably a leftover from an intel install routine.  


  • 0

#3
piapancudo
Posted 11 March 2017 - 11:57 AM

piapancudo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

well, thats a relief.

 

Thanks so much for your help.

 

Have a nice day !


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP