Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware. Help


  • Please log in to reply

#1
piapancudo

piapancudo

    Member

  • Member
  • PipPip
  • 21 posts

Hello,

I suspect this is a case of false positive or something along those lines,
but to be sure i decided to post here.

If Essexboy is still around here and could help me, i would appreciate it.
You already helped me a couple times in the past and i liked ur style and
dealing with you. But anyone's help is obv appreciated.

so, here is what happened:

yesterday i turn on my computer. I go  do other things while it boots up.
When i return there is an Avast Behaviour Shield pop up saying theres a
program behaving suspiciously and it might be indicative of malware.
The thing is i havent installed anything other than steam games in quite
a while on this computer. But anyways i click on "fix it" and it sends the  
file to the virus chest. By the way, the infected file was a .bat file
located in c:\Windows\System32 and its name is this
{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

and the infection was IDP.Generic

So, after sending the file to the chest i restart my pc and i check and
that file is back in c:\Windows\System32 .  I scan it with avast and
MBAM and it says its clean.

So, i run an Avast(i use the free version) Boot Time Scan and it finds no
threats. I also run the MBAM quick scan and it shows no threats again.


so, is this a false positive ?


Thanks for the help

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP

False Positive.  If you look at the file's contents in notepad it just says:

 

@echo off

start igfxEM.exe /RegServerPerUser

start igfxEM.exe

start igfxHK.exe

start igfxTray.exe

attrib +R +H +S +A *.cui

del /Q {A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

 

 

The files in question are from intel.  The last line seems to indicate it tries to delete itself after running.  Not sure would work so maybe just poor programming skills on someone's part.  Probably a leftover from an intel install routine.  


  • 0

#3
piapancudo

piapancudo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

well, thats a relief.

 

Thanks so much for your help.

 

Have a nice day !


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP