Avast version: 4.8
Os: Vista 32
Suspicious file location: c/users/my name/app daa/local
File name: DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF
File type: Under it’s properties-details it is listed as a notebook configuration settings (.ini) file, but for what?

When I opened it, it’s the strangest thing I have ever seen. Most of it is random text which makes no sense and very odd symbols, but it also made a reference to Root Entry. Could this be some kind of root kit virus, Trojan, keylogger or actual virus code? The orig file says it was created in 2008 and modified on Feb 19 2010.

I do download a lot of stuff off the internet, (mostly flv files) but I always use the web shield, and it’s always activated. I run a thorough scan almost weekly and Avast Never flagged anything including the last time I ran a scan which was yesterday.

I tried to upload it, but it would not preview due to the amount of odd symbols it is using. I have therefore tried to attach some of the text from the suspicious .ini file:

Does anybody know what it is?

Thanks.

It is most likely malware … Fraudulent Security Program, Cloaked Malware, or Worm.

For reference only :

http://www.prevx.com/filenames/X53629983198077872-X1/DFRG.DLL.html

I suggest you run a boot-time scan with avast and send what is found to the Chest.

Hopefully, someone else can provide a solution for you if that does not work.

try uploading it to virustotal and post here the link for the results.

But some characters may lost coz of renaming it to .txt so it give me no thing of information,may you have this file and with an extention but MAY YOU HAVE RENAMED IT AND FORGET,ANY WAY RUN AN EXPRESS SCAN BY DR.WEB CURE IT TO ENSURE YOU ARE SAFE

The same file is present on my computer system. View the image attached.

The file is clean

virustotal results
0/42

http://www.virustotal.com/analisis/94cbd81d385793303fecfa95fab6154d23ad8aeb0999ed183e887c308a47dc4b-1268590017

samnetx

Ok, I have had a look and I have the file as well.

Had a look around, and it could be related to Windows Media Player:
http://libertyboy.free.fr/computing/tips/index.php#w_wmp_his

Or

It could be related to JPEG view:
http://portableapps.com/node/12077#comment-105211

The reason that you may get google hits that lean towards malware, is because it falls under the ‘files created/modified within the last 30 days’ category…

However, I could be wrong…

I don’t think it is a sign of infection though…my pc is clean.

-Scott-

I never heard of Virustotal before, but in seeing the results, I do not think its a virus either. As a precaution I ran a full system scan with Avast and also a back up scan using another antivirus program that’s not on that list. Nothing suspicious was detected.

Am going to add that Virustotal into my bookmarks though.

You shouldn’t take what results are posted by someone else as gospel, their file may not be the same as yours other than the file name, so you too should confirm the detection based on your file. Unless the MD5 hash is the same as that reported in the VT results, MD5 : 40519c09aa5e9630155045cc69f97cbc.