I have no doubt it’s a Virus.
Yet Avast didn’t find anything.
What do you think? What should I do?
The file can be downloaded for further investigation here: http://www.sendspace.com/file/nnsrxe
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic and the VT results link might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Based on the file name (Keygen.Color.Efex.Pro.v3.0.For.Nikon.Capture.NX.2.0.exe), I’m not surprised that it comes with an unwelcome gift.
May I trust windows defender for scanning
good question
If it finds the problem answer is Yes
If it does not answer is no
Windows defender would not hurt
No one scanner including the one Polonus mentions (MBAM) could you always answer that question Yes
Now there are a lot of scam scanners out there where the answer is always NO
But windows defender is NOT a scam product
There is no scanner you can get that is going to give you a 100% result
you can attack this problem either way
HJT first or scanner first
your call
in the end you need to do both (and an on line AV scan) as neither HJT or the scanners will find everything and you might have some other issues that are not obvious
Wyrmrider is right here, we are now in the phase of layered av-protection. That means that to get to all the malware that is around one resident av solution and a firewall is not sufficient anymore. We need additional programs like programs that can run next to one resident av solution (you cannot have two because of real problems of interference). But a non resident scanner (always updated to the last version and update) like DrWebCureIt, Stinger.exe, MBAM, SAS are the right cocktail to close the vulnerability gap. Other measures you can take to lessen the risk of getting reinfected is if connected to the Internet go there with normal user rights (malware can do far less harm that way to your system or registry), update all the critical software and patches for your OS (OS, browser, Java, Flash, etc. etc.). Security has not to do with being a geek, but is more about a continuous security attitude, welcome to the forums, and do what wyrmrider instructs you to do,
I’m using Vista.
I was ansked by the UAC to allow any Registry change. Does it mean the Trojan has no effect?
As I’m seaching for the entries listed in the “Removal” procedure yet can’t find them. Windows Defender says everything is OK.
This maybe prevent you from setting the BHO entrie in the Registry, but the dll should be found in system32.
Due to the missing BHO Entrie the dll is harmless. You can wait till AVASt detects the file and delete it then, or take a look at the system32 folder and search for a dll created at the time you started the exe file. The file should have 21,504 bytes.
If you are unsure what dll to delete, test it at virustotal.com befor deleting it.
When I see 10 detections (avast and gdata grouped together) I tend to think it is a good detection.
However, there are many detections that are either generic, heuristic or non-signature specific (e.g. packers) I would say you should send it to avast for further analysis.