C:\Windows\Syswow64 File Infected: Questions

Hi,
Like I said one of several files was found to be infected with a Win32 virus in an Avast Scan. After finding the entry in a quick scan the program prompted me to do a boot scan. For most other files I was allowed to choose to put them “in the chest”. However when it found this file was infected. I was prompted witha message that said. C:\Windows\Syswow64\digit.exe is infected by Win32: Freezer-C [PuP]. File is in Windows folder. Are you sure? 1 - Yes. 2 - Yes all. 3- No. Exit-Esc:

I don’t want to delete a Windows file that is necessary for boot-up however. If I don’t get a reply I suppose I can exit the bootscan and do a full scan later, but I’d also like to be able to get ride of the file as quickly as possible. Can anyone answer this?

C:\Windows\Syswow64\digit.exe is infected by Win32: Freezer-C [PuP].
PUP - not a virus = Posible Unwanted Program so you should know what it is before you do anything

you may upload the digit.exe file to www.virustotal.com and check with 40+ scanners
this will also give you some extra info
post the scan link here for us to see…

Sorry, I was out of town for a couple of days :frowning:

Here is the link to the digit.exe file.

https://www.virustotal.com/file/2062be26dee3bafedc006fb4e869a2385cfa2e145a74e8dc3c9a467dd7f01b51/analysis/

During the boot scan it found a couple 4 other infected files that I neglected to write down the names of. Doing a complete scan now to see it can find them again.

Thanks for your help in advance!

Oddly, nothing turned up in the full scan. I then ran a bootscan and in addition to the digit.exe found this rather three rather long file which all turned out to be clean according to virustotal.com.

C:\Windows\SoftwareDistribution.709old\Downloadaa6a9ee01709b9c392afb705bba73f9d\BITFA30.tmp|>BingBar.msi|Bingbar.cab|dappsglobalSettings7_0_822js_gsInstrumentation_js
Error 42127{CAB archive is corrupted}
https://www.virustotal.com/file/6786f050252c1a17ed99c1f1d16af6210338048bf466b83d37870131efca463b/analysis/1345868562/

Are they just corrupted files that couldn’t be read properly so avast! just flagged them? Can I delete them along with the digit.exe file? And if so, is the best way to put the files in the recycle bin manually or re-run a bootscan to delete them/put them in the “chest”? I never quite understood what the chest was to begin with though…

Lastly, I have Malewarbytes Anti-Malware in addition to avast! Should I download any more programs to make sure the infection was thoroughly eradicated/ I don’t have any other infections present like OTL or RogueKiller?

Edit: I’ve attached OTL logs

Hey, just looking for some help on a couple simple questions. Can I delete these two files, how is the best way to delete them, and is there anything else I should do?

You may want to wait for a malware specialist on the “digit.exe” before you do anything.
As for the really long filename, archive is corrupted means archive is corrupted. You should be able to delete or ignore, but if you choose to delete, try renaming it to BITFA30.tmp.old and make sure the Bing bar still works before you delete.

the virus total link you posted in reply #2 is two years old. ::slight_smile:

And if so, is the best way to put the files in the recycle bin manually or re-run a bootscan to delete them/put them in the "chest"?
no, files that can not be scanned are just that and does not mean they are infected, so avast will not take any action on them it is just a scan error report, avast telling you it could not scan the file and the reason why, no more no less
I never quite understood what the chest was to begin with though...

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

Technically, the virus was scanned on the website by someone else two years ago and the link I posted was from a couple days ago. But anyways here is the re-scanned analysis.
https://www.virustotal.com/file/2062be26dee3bafedc006fb4e869a2385cfa2e145a74e8dc3c9a467dd7f01b51/analysis/

Thanks for the feedback on the corrupted files. I suppose I’ll leave them for now, but if they keep turning up in scans I’ll delete them. Especially since I don’t use a Bing-Bar or whatever it is.

bing is part of IE i guess http://toolbar.discoverbing.com/en-US

to remove all toolbar crap run this. http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml

first click search, when the log pop up click delete and reboot when asked to
you may post the log here

I ran AdwCleaner and probably was helpful in some areas. However after I clicked “Delete” and reboot it totally messed with my Google Chrome settings, preferences, and extensions. Is there anyway to revert those changes?

Also, what is the consensus on that digit.exe file? Delete?

Also, what is the consensus on that digit.exe file? Delete?
as seen from you last VT link the file is old.....and still only detected by a few as PUP or adware so i would not delete it

First seen by VirusTotal
2007-10-25 08:37:18 UTC ( 4 år, 10 måneder ago )