infected by win32:Nilage-GC [Trj]

General Topics
1

Hello all,

Just for the purpose of doing it, I planned to do an avast scan at boot time
this evening, and to my surprise, here follows what I had in the aswBoot.txt
report file :

29/04/2007 00:43
Analyse de tous les lecteurs locaux
Fichier C:\Documents and Settings\admin\Mes documents\LemonadeTycoonSetup-dm.exe est infecté par Win32:Adware-gen. [Adw], Supprimé
Fichier C:\Documents and Settings\admin\Mes documents\Monopoly3-dm.exe est infecté par Win32:Adware-gen. [Adw], Supprimé
Fichier C:\Documents and Settings\admin\Mes documents\WormsArmageddon-dm.exe est infecté par Win32:Adware-gen. [Adw], Supprimé

Nombre de dossiers parcourus : 5769
Nombre de fichiers analysés : 125721
Nombre de fichiers infectés : 3

04/05/2007 08:37
Analyse de tous les lecteurs locaux

Nombre de dossiers parcourus : 5969
Nombre de fichiers analysés : 131157
Nombre de fichiers infectés : 0

21/05/2007 22:58
Analyse de tous les lecteurs locaux
Fichier C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E212D78.exe est infecté par Win32:Nilage-GC [Trj], Mis en quarantaine
Fichier C:\System Volume Information_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP657\A0150388.exe est infecté par Win32:Nilage-GC [Trj], Mis en quarantaine

Nombre de dossiers parcourus : 5914
Nombre de fichiers analysés : 106372
Nombre de fichiers infectés : 2

I have two topics questions :

  • is the Nilage-GC virus particularly harmfull ? what kind of damage could it have done ?
    Is this virus recent ?

  • what i find astonishing is the location of this virus : it’s first occurence is inside the
    Norton quarantine folder. This makes me believe that this virus might have been detected
    by Norton at the time I was working with it (Norton did not warn me about it’s presence),
    and before I switched to Avast. In an other hand, I think I may have caught this virus
    recently, because all my previous Avast scans did not detected it. How can this be
    possible ? Should not have Avast detected it in real time ? Here is any way to find at which
    time a virus has entered a PC ? How does a virus choose the location it will infect ?

    (My PC : Avast 4 about since a month, along with the free version of ZoneAlarm, on
    Windows XP Pro SP2, all automatically updated)

Thanks in advance for any advice,

2

It was added to the avast VPS (virus signatures) on # 13.5.2007 - VPS update 0740-0.

Two things that strike me as strange, 1) you appear to have remnants of Norton antivirus on your system, 2) I’m surprised that avast was able to find it in what is supposed to be Norton’s quarantine folder, they really should be inaccessible for other applications (poor Norton security).

Norton it would seem probably caught this and moved it into its quarantine, it was probably in one of the system folders and windows system restore saved a copy in the system volume information folder as a restore point, so that should account for it being there. Assuming avast was able to move them to the chest, you have no further action to take.

Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.

So you should ensure Norton is fully removed (uninstall and run a clean-up program, see below) as this could compromise your security.

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

The Nilage- family of Trojans would appear to be password stealers, though I couldn’t find much about the GC variant a google search for Nilage returns many hits.