VirusTotal results for David

Well when I go to install it.It asks me if I want to allow it or not.Obviously I tell it yes then it doesn’t do anything after that.I’ve tried it quite a few times.One time it told me that it may have not been installed correctly do to an issue with the OS.

I had a little fight first with my OS, XP Pro SP3 (asking if it is OK to ‘Run’ answered yes) this is an SP3 update which is like a mild form of UAC in vista. Then my Firewall chipped in, for a process, which I allowed. It then asked me to insert my USB Drive which I did.

On conclusion it displayed a switching off active desktop with a button to restore the desktop but explorer had been closed.

I had 3 USB drives to do so I ran the program again once more I got challenged by my OS and then my firewall for another process, but after that I never got challenged by the firewall, same end process as before.

So this may be UAC at work, I don’t know if trying a right click on the Flash_Disinfector.exe and select Run As, select the administrator and enter the password (assuming you are the administrator or are allowed to do that and have the password).

Other than that I’m out of ideas as I don’t use vista.

I shut off my firewall and the on access protection on avast and right clicked and ran it as admin n still nothing.I’m clueless lol.Any idea on different flash drive disinfector I could try?

The firewall (if using the vista firewall) and avast (scan but doesn’t block) should have zero impact on the running of this tool. Even if they did they should pop-up alerts if they had any interaction that they objected to.

Sorry that is the only such tool that I’m aware of.

Not as clueless as I am on matters Vista, I’ve been avoiding it like the plague.

Heya David,

How’s your day goin?

did a boot up scan with avast today and wouldn’t ya know this little bugger pops up lol telling me this file has been infected c:\Users\Gus\Documents\Downloads\is09promo.exe/Files/Initrd.img\initrd\opt\pavd\usr\lib\lib
libPSKAVS.so.1.4.3.24 by annihilator -272.

Funny thing is it won’t let me move to the chest says error 4211 (operation not supported).

When and did a search for the file on the comp and best I can see is it’s the panda.exe. Any ideas what I should do?

Well it can’t extract it (to put it in the chest) from deeply within an .exe file is09promo.exe and still deeper within Initrd.img (which I’m guessing is like an iso image you burn to CD) and deeper still in this file libPSKAVS.so.1.4.3.24. So I’m surprised it managed to root this out from so deep, the uprated unpackers at work no doubt.

As to what to do with it, since avast can’t extract it, I doubt you would be able to extract it to be able to say upload to virustotal for scanning.

My google searches for is09promo.exe show this could be Panda Internet Security 2009 so have you been looking at this ?

Panda has a nasty habit of not encrypting its virus signatures so AVs can see them and match the signatures believing that it has actually found a real virus and not an unencrypted virus signature file. That is what I believe the libPSKAVS.so.1.4.3.24 file is an unencrypted signature file. Google searches on both the files have mentioned seem to confirm my suspicions above.

So the short answer is get rid of the c:\Users\Gus\Documents\Downloads\is09promo.exe file and never let it darken your doorstep again ;D

Yup I’ve been looking at panda internet security when I first had my little prob that you helped me with.I was thinking about deleting it originally but then I thought oh boy David said never delete lol.

I will correct you slightly in that ‘deletion is never a good first option as you have none left’ send to the chest and investigate and that is what you tried to and after investigation the decion is to delete :stuck_out_tongue:

Heya David,

Had a question for ya.Say someone downloads a program with a keygen and avast identifies the keygen as a win32:hupigon-LZV and it got moved to the chest and the comp is clean now would it be alright to delete the program?

Do you mean the keygen into Chest? Yes, it’s safe to do so.

Well if a good detection (this is the key, point, pun intended) and a keygen was included in a program, it has effectively been cracked so what is to stop it having other unwelcome guests.

So I wouldn’t just say it should be OK to delete (uninstall if installed) the program I would say there should be no question, uninstall it (assuming it was installed) because you just don’t know what may have come with it.

But like everything you need information to make any kind of decision like this, e.g. the program, the infected file name, the location it was downloaded from (form a trustworthy source, not some crack/warez site) all the little thing we ask to try and confirm that the detection is good or if it needs further investigation.

It was downloaded from a bittorrent site.It was never installed the detection was actually picked up just after the download finished.Scanned comp in boot up and didn’t find anything else .

Bittorrent site, read questionable trustworthiness, as the actual location could be anywhere, that is the nature of P2P.

You have to exercise care when using any P2P network or application as the location of the source could be anywhere. Not to mention if that game/program is a proprietary copyright protected/retail product, then the moral/legal problem comes into play.

So if you are downloading material of a questionable legal standing (not that I’m saying you are, this is an example of the risk), who are you going to complain to if it brought an unwelcome guest and infected your system.

In this case (P2P download and alert) I would have deleted the complete file upon detection. The fact that nothing else is found is up to a point good news, but remember anti-virus programs play catch up. So there will be times when things could be undetected, hence needing to reduce your risk by not downloading possibly suspect files/programs.

Heya David ,

Merry Christmas.Just wanted to ask you whenever you do have time n happen to come on I just wanted to ask you if it’s alright that I delete everything that I have in the chest?

Hope your having a happy holidays

Gus

Do you mean the items you’ve sent to Chest in the end of November and the beginning of December?
Yes, you can delete it withing Chest. Just to be sure, select the items, right click them and rescan them to be sure they’re clean an not, for accident, a false positive. Then delete :wink:

Leave anything in the System Files section, they are backups.

The others in the Infected Files section, there is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Happy New Years .Just had a quick question David.Shocking I know .I was downloading something and I scanned it once it was done but when I tried installing it I got a few warning everything I moved to the chest.Then I did a boot up scan and this popped up during it .Distrodl.exe original location C:\Users\Gus\Appdata\local\Temp\81971.exe i went to check the logs to get more info but it doesn’t show up in the log viewer at all.

Info relating to a boot-time scan isn’t in the normal logs, C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt contains info on the boot-time scan including any detections. Use notepad to view the contents.

However, you won’t get much more information other than what you gave, file name and location, plus the malware name of the detection.

ahh ok.I learn something new everyday.Other then that mishap the comp has been running fairly well lol.one or two blue screens but found out that has something to do with the crappy ram .Thanks for posting so quick

You’re welcome and a Happy New Year to you too.