Found an unfamiliar jpg file in a folder that I was hunting out some work in. The filename Nancy.jpg caught my eye as it was clearly out of place. After the extension, in top right of its tile was a weird looking “…scr”
I right click scanned with Avast - No threat found.
I did the same with Malwarebytes anti malware and it identified a trojan.
I immediately told Mbam to bin the little weasel.
Referring to the forum instructions here, I realised I had no info so I restored from the mbam quarantine and got the attached screen shots of the original file in the folder and the other information I thought helpful.
I then requarantined the file with mbam
I am concerned that Avast didn’t detect this, and I couldn’t find any direct reference to this in a forum search. the attachments are screenshots from the above process.
I noticed an improvement in loading speed of Firefox immediately afterwards, it was down to about 1/3 of what it’s been over last couple of months. I have no idea of the source of the file.
I am running a xpc shuttle with intel quad core processor, 4Gb memory, 500Gb hard drive. Windows XPPro MCE, Firefox and windows, Avast, MBAM etc are all automatically updated. I run Noscript in Firefox which I use majority of the time. I am becoming a more regular user of Chrome alongside firefox. I am involved in online marketing so I receive a hell of a lot of email from sometimes spammy sources. I hope that gives a clear enough picture of the environment in which this file was found.
Ray
Only 4 of the scanners say anything and the one suggesting its damaged makes 3. The 3 are either using heuristic or generic detections, which are more prone to mis-detection.
However, I’m always suspect of the double file extension (file type) an a file name, as it is frequently used to deceive. So nancy.jpg.scr I would find suspicious without scanning and nancy.jpg…scr with the two periods in there as well would only boost that suspicion; when you also throw a space in before those two periods nancy.jpg …scr, I couldn’t be more suspicious.
So if I wasn’t entirely sure of a) its origin and b) its legitimacy it would have been long gone.
So Avira say clean, McAfee does not detect it anymore, Norman and Panda have added detection and Malwarebytes still detect it as Trojan.Extension.Exploit …