why avast does not detect desktop_.ini, win32fujack

Hi all,
I think I got infected with this virus, not sure.

I downloaded a zipped file, scanned with avast; avast did not detect any problem. So I double clicked on the zipped file and clicked extract. After the fact I noticed a file called desktop_.ini in the zip utility window but I could not see that file in the folders where I extracted all the files. I did not think much of it after all I did scan the file buy avast!! then I dropped that folder on a CD to take to work, when I checked that folder on the cd the (desktop_.ini) showed up. I went to work and googled (desktop_.ini) I found out that this is the w32.fujack virus or worm. I scanned the cd at work, the virus protection software at worked found it and alerted me to it.

I turned on the (show hidden file) option on but still I can’t see the file, I was able to see A file in the windows/system32 but that file was (desktop.ini) without the underscore. I reinstalled avast and updated the definitions and scanned my hard drives completely twice once in normal mode and once in save mode Avast got nothing.

So now what! I am infected with a virus/worm that avast cannot detect and an INI file that that I cannot see. I can’t even delete it manually if I wanted, I can’t see it to delete it.

Any ideas for another course of action (PLEASE)

Hello robert_k

there are so many copies of desktop.ini in a particular system it is just used to customize the folder. but what you are mentioning here is desktop_.ini which indicates that it is replaced by other desktop.ini file - in order to replace it is renamed to desktop_.ini- think so. think so because sometimes same thing happens with autorun.inf

Hi nmb,

yes it is suspecious, and my computer at work did detect it when I scanned the CD.

any ideas???

Can you download malwarebytes’ anti-malware malware and run a quick scan?If any threat was found,quarantine it.Also post back a log.
http://www.malwarebytes.org/mbam.php

you can do these things in order:

  1. upload the same file to virustotal.com and check it.
  2. if you find that all most all of the antivrus(av) engines are detecting and avast not detecting it, you can upload it to avast by: virus chest > user files > add (browse for file)> and click the email to avast icon.
  3. if you are afraid that youre pc is infected then you can scan your pc using malwarebytes (post the log).

Thanks mathboy,

I will do that when I get home tonight and I’ll post the log for all to see.

thank you,

Does anyone from avast staff have any idea why it was not detected but the other virus protection software did, I keep my avast definition up to date automatically. If possible I would like to hear comments from the avast people. Maybe I did something wrong with the setup. I had it on High.

nmb,

how can I upload it if I can’t see it??

I’m not an avast staff but i can tell you that no antivirus detects 100% of the virus.Thats why you should always use an anti-spyware in conjunction with an antivirus.Sometime the virus is so new that no antivirus can detects it.

just browse to the cd and in the file name region type desktop_.ini if you are sure that its on cd.

if you want to see the file,

explorer > folder options > view > uncheck hide protected operating system files click ok. it should work on windows 7 since i use windows 7(i think it will work on xp and vista too)

Agreed, but I googled desktop_.ini I found this virus has been out since 2006!

That was my reason for raising the issue.

What antivirus do you use in your office?It might be a false positive.
Some virus has new variants everyday so it might be hard for antivirus to detect.

Mathboy, I like this false positive thingy, I hopy you are right.

We have Mcafee at work.

Mcafee doesn’t really produce alot of false positive but who knows.Guess I’ll just have to wait until you post the log from malwarebytes.

For the office - You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

If multiple scanners find these infected (it is unlikely a false positive), send the samples to avast for analysis and inclusion in the virus database.

I don’t think the desktop_.ini is malicious as such,and will not show, to be, from virustotal. If infected,you may find dozens of them. A scan from MBAM or HijackThis, should provide easy proof.

OK Guys,

here is the verdict from Malwarebyte:

1-For all my hardrive and external hardrive, Zero infected files found .

2-Zero infected in the CD with file desktop_.IN.

Tomorrow I am going to take the CD to work and scan it again by Mcafee.

Thanks to all who contributed with their answers and help.

I am starting to feel really bad, in my frustration I’ve already sent a nasty message to the website I downloaded the file from!!! (not very nasty but nasty enough to feel bad).

I will report the findings tomorrow.

thank you all.

OK, I scanned the CD at work again!

Mcafee detected the following virus: W32/fujacks.remnants and the culprit file is desktop_.ini

Now what guys? Does avast have an area to upload files or to report virus not found by their software?

Thank you,

Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

Hi,

I sent the zipped file to virus@avast.com I hope to hear something soon.

Thank you,