Hi, a few minutes ago I decided to scan my computer with malwarebytes and avast actually found Win32:Malware-gen in c:\WINDOWS\OPTIONS\CABS\lansetm.exe

I quarantined it, but spybot, superantispyware and malwarebytes didnt find anything.

Ran a full avast scan afterwards and also quarantined the system volume information file infected with the same thing.

The hijackthis log doesnt show anything different (even tho im afraid my HJT isnt the latest version…), and i didnt bother sending the file to virustotal before getting opinions here.

Is this really a virus? it does seem to be an old file (last modified in 2007), and googling the name of that file didnt really help much
If so, what else should i do? (by the way, im using my laptop until i know its safe to get on the computer again)

I quarantined it, but spybot, superantispyware and malwarebytes didnt find anything.

google hits on c:\WINDOWS\OPTIONS\CABS\lansetm.exe

http://www.google.no/search?hl=no&q=c%3A\WINDOWS\OPTIONS\CABS\lansetm.exe&meta=&aq=f&oq=

ESET Online Scanner
http://www.eset.com/onlinescan/

Panda ActiveScan 2.0 - Free Antivirus
http://www.pandasecurity.com/activescan/index/?track=1&Lang=en-US&IdPais=63

Btw i also noticed that CCLeaner is finding some unusual log files in c:\WINDOWS, which are Sti_Trace.log (empty), wiaservc.log (says [wiaservc] Opened log at 18/1/2010 21:21:39.078 ), and wiadebug.log (says ========Start ‘wiaservc.dll’ Debug - Time: 2010/01/18 21:21:39:203======== > StiServiceMain entered, Time: 2010/01/18 21:21:39:203 < StiServiceMain ended, Time: 2010/01/18 22:23:10:00 )

I sent wiaservc.dll to virustotal and nothing was found, but i have never seen these logs which keep coming back if cleaned by CCLeaner.

I restored lansetm.exe to see if malwarebytes and superantispyware would find anything but nothing. Wahts the best course of action? thanks.

Hi Jao,

You are a victim of the virtumonde virus. Wait for a proposed cleansing routine by essexboy and follow up jis instructions,

polonus

Will do. Thanks in advance

I’m really surprised this is a virus. I just did a new install of Windows XP on a brand new, newly formatted hardrive, installed SP2 and SP3, Firefox 3.5.7, and Avast. The OS is only 2 hours old. My first scan of the disk reported this lansetm.exe virus and moved it to the chest. Are you sure this isn’t a false positive?

I'm really surprised this is a virus. I just did a new install of Windows XP on a brand new, newly formatted hardrive, installed SP2 and SP3, Firefox 3.5.7, and Avast. The OS is only 2 hours old. My first scan of the disk reported this lansetm.exe virus and moved it to the chest. Are you sure this isn't a false positive?

you should have startet you own topic and not inside this

Prevx file info http://www.prevx.com/filenames/3754314808398037163-X1/LANSETM.EXE.html

where did you download all the programs and drivers from?

Jotti only gives two hits on this

http://www.browserdefender.com/file/480724/site/01net.com/ motherboard_driver_lan_realtek_8111.exe false positive I reckon

I do know ive always used realtek drivers. Still, should i just wait for avast updates, restore the file and scan again?
Oh and what about wiaservc.dll and those log files i mentioned?

Still, should i just wait for avast updates, restore the file and scan again?

Jao,

Avast has updated their virus definitions. If you rerun a scan on this file, it should now be clean. I’ve reinstalled my file from the chest.