http://download.trusteer.com/Gcur4Wtnu/RapportSetup.exe?x-src=TrusteerDownload download link
If it will not remove it without payment and does not divulge the location of the file then my first thought is that it is a scam
Does MBAM find this ? Does Avast find this ?
Well these scans are interesting. MBAM does not find anything whilst Avast only finds a PUP. Should I just go ahead and remove this program (if it will lt me) and how do I do this . Back to you…
PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
Not all antivirus programs scan for PUPs and avast has it turned off by default (an exception being the boot-time scan). And not all PUPs are a problem, but we need to determine if it is good or bad.
So you need to find out what the file name is that this nsis.hdr is inside, to get any idea if that file/program may have a legitimate purpose/reason for being on your system. So in your scan results (image 2) you need to expand the column width of the File name column to find the full location and file name that the nsis.hdr is inside. Place the cursor on the separator between the two columns and drag to the right (see image).
The PUP detection appears to be inside an archive and MBAM doesn’t scan archives, so that could be the reason.
Well this just gets more and more of a worry! I did a boot time scan because I couldn’t find the last log which you needed expanded, and look what I got this time! So, after instructing Avast to send to chest, this screen shot is what happened. Why can’t it “find the files” it refers to as high danger? Oh and, that expanded line you wanted is just as it shows here in this latest screen shot. There is nothing else on that line after the words nsis.hdr
Hope you can help me!!!
OK do you know what the_vow_2012.exe is that you supposedly downloaded ?
The |> bit after the file name and before the nsis.hdr indicates the file is from an archive; in this case a self-extracting executable file the_vow_2012.exe. If you have never run this executable then the nsis.hdr file won’t have been installed/run either.
Do you know what the Max folder is for in the C:\WINDOWS\Temp folder ?
Since it is a temporary folder there is a likelihood that the files have already been cleared. Generally you can safely clear temp files should you experience any issues in the C:\WINDOWS\Temp or sub-folders. I would recommend that you periodically clear temp files anyway (good housekeeping), just to get rid of the dross that can build up. You can use a program like CCleaner (free) to do this.
The DB_SEC file type appears to relate to database security according to a search, if that helps ring any bells.
The Vow is a movie that I downloaded from a friend’s thumb drive. It scans as clear of any nasties. Don’t know what the Max folder is…and The DB_SEC is that something I should be worrying about? I just want to clean these things up.
Thanks for your continuing help by the way!
I would be concerned about the location that the film was downloaded from as to its legitimacy ?
That could be packed with something unwanted . Personally if there is any doubt about the films download source I certainly wouldn’t run that .exe file and the contents of the executable. So you would have to ask your friend where they got it from.
There are just too many hits in a search for nsis.hdr that associate its use with malware, but that is the problem with the PUP classification of detection, it is a tool, etc. that can be used for good or evil.
An antivirus can’t determine intent, that unfortunately requires human intervention and for that you need knowledge of what that file does, why it is there and is it legit (and I can’t make that determination either).
I’m not familiar with the .DB_SEC file type, the main thing is that it was in a temp location and that it is gone.