i was on opera looking at a few websites like facebook ect then i logged onto world of warcraft with opera open
went onto my account, and up pops nutcracker family virus
documents and settings\ryan\local settings\application data\opera\opera\profile\cache4\opr017Qf
its in the chest now, i read somewhere its a password cracker. maybey its trying to do that to my world of warcraft account?
Try creating a new folder, titled “suspicious” (or similar) and move it from the chest to that, then upload it from there to www.virustotal.com/ (or a similar online virus scanning site.)
Then post the url to the results page.
WOW is known to be a target for hackers attempting to steal players assets. I was surprised to find this out, but apparently there is quite a bit of money in it. The assets are sold, usually in places like China, and folk pay cash for them.
OK. Not very conclusive, is it?
Either it is a new virus and Avast is the first to detect it, or it is a false positive, or something else. (Don’t ask me what. Just covering my 6. ;))
Please select “email to Avast” from the virus chest. If you right-click on the file in there, that option should appear. It should send itself next time Avast checks for updates.
If you right click the file in the “suspicious” folder, and look under properties, does it give any indication (under any of the tabs in the properties window) as to the file size, author, program it is used by etc?
If you don’t notice anything wrong with the way any of your programs are working, it can stay in the chest. Personally I’d leave it in there at least until it is known to be a false positive (FP). To know this, scan it again periodically (say, every 2-3 days) by right clicking the file and making the appropriate selection.
If it is a FP, the detection will be corrected in a database update. After (if) that happens, it will scan clean and can then be restored.
If not, it can be left there indefinitely, or deleted.
If something stops working as it should, possibly as a result of this file being absent, please post back.
Google doesn’t return any hits for the file name, so it’s rare or random.
ok just deleted to recycle bin instead then used avasts delete permenantly,anyway back to the one in my chest i think i got it from the gamespy website… im sure i was on that when i got it and i did a search and a guy also got his from there
You put it there (and excluded the suspect folder from scans) so that you could upload it to virustotal to scan it at some point (previous detection), remember ?
It doesn’t add anything when you extract/restore it from the chest, if you try to run it again avast will alert, stopping it from running. Exclusion as you previously did allows it to run, however, the only way to resolve this is to submit the file (the one in the VT results) to avast as a false positive.
The virus rewrites hard disk and floppy drives and the sectors cannot be readable. It can also corrupt or encrypt files and drive sectors. A format + reinstall is the only way to clean the Nutcracker virus and repair damages.