Hi all,
I think I got infected with this virus, not sure.
I downloaded a zipped file, scanned with avast; avast did not detect any problem. So I double clicked on the zipped file and clicked extract. After the fact I noticed a file called desktop_.ini in the zip utility window but I could not see that file in the folders where I extracted all the files. I did not think much of it after all I did scan the file buy avast!! then I dropped that folder on a CD to take to work, when I checked that folder on the cd the (desktop_.ini) showed up. I went to work and googled (desktop_.ini) I found out that this is the w32.fujack virus or worm. I scanned the cd at work, the virus protection software at worked found it and alerted me to it.
I turned on the (show hidden file) option on but still I can’t see the file, I was able to see A file in the windows/system32 but that file was (desktop.ini) without the underscore. I reinstalled avast and updated the definitions and scanned my hard drives completely twice once in normal mode and once in save mode Avast got nothing.
So now what! I am infected with a virus/worm that avast cannot detect and an INI file that that I cannot see. I can’t even delete it manually if I wanted, I can’t see it to delete it.
there are so many copies of desktop.ini in a particular system it is just used to customize the folder. but what you are mentioning here is desktop_.ini which indicates that it is replaced by other desktop.ini file - in order to replace it is renamed to desktop_.ini- think so. think so because sometimes same thing happens with autorun.inf
Can you download malwarebytes’ anti-malware malware and run a quick scan?If any threat was found,quarantine it.Also post back a log. http://www.malwarebytes.org/mbam.php
if you find that all most all of the antivrus(av) engines are detecting and avast not detecting it, you can upload it to avast by: virus chest > user files > add (browse for file)> and click the email to avast icon.
if you are afraid that youre pc is infected then you can scan your pc using malwarebytes (post the log).
I will do that when I get home tonight and I’ll post the log for all to see.
thank you,
Does anyone from avast staff have any idea why it was not detected but the other virus protection software did, I keep my avast definition up to date automatically. If possible I would like to hear comments from the avast people. Maybe I did something wrong with the setup. I had it on High.
I’m not an avast staff but i can tell you that no antivirus detects 100% of the virus.Thats why you should always use an anti-spyware in conjunction with an antivirus.Sometime the virus is so new that no antivirus can detects it.
explorer > folder options > view > uncheck hide protected operating system files click ok. it should work on windows 7 since i use windows 7(i think it will work on xp and vista too)
What antivirus do you use in your office?It might be a false positive.
Some virus has new variants everyday so it might be hard for antivirus to detect.
For the office - You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
If multiple scanners find these infected (it is unlikely a false positive), send the samples to avast for analysis and inclusion in the virus database.
I don’t think the desktop_.ini is malicious as such,and will not show, to be, from virustotal. If infected,you may find dozens of them. A scan from MBAM or HijackThis, should provide easy proof.
1-For all my hardrive and external hardrive, Zero infected files found .
2-Zero infected in the CD with file desktop_.IN.
Tomorrow I am going to take the CD to work and scan it again by Mcafee.
Thanks to all who contributed with their answers and help.
I am starting to feel really bad, in my frustration I’ve already sent a nasty message to the website I downloaded the file from!!! (not very nasty but nasty enough to feel bad).
Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.