Win32:Crpt-DVK[Trj] in oembios.bin , need to register my Windows XP Pro !

Viruses and worms
1

Hi,
I get those alarms from laptop of my network.

avast! [A_COMPUTER] : Fichier “C:\WINDOWS\system32\oembios.bin” est infecté par “Win32:Crypt-DVK [trj]” virus.
“Scan Local Disks” tâche utilisée
La version actuelle du fichier VPS est 090409-0, 09/04/2009


avast! [A_COMPUTER] : Fichier “C:\I386\OEMBIOS.BI_\oembios.bin” est infecté par “Win32:Crypt-DVK [trj]” virus.
“Scan Local Disks” tâche utilisée
La version actuelle du fichier VPS est 090409-0, 09/04/2009

After reboot, Windows need to be reregister !

I don’t know if it false postive or not.

But it’s strange.

The computer is a laptop “Toshiba Satellite Pro”.

2

Can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

3

I try boot scan but no more virus was found.

the file is heavy 13 Mo
So, i can’t send to VirusTotal or Avast Scan online. (And virus total don’t show work today )

jsy@INFOJSY2:/media/KINGSTON$ md5sum oembios.bin
1cc6fbc4903e5c3a4b5be272e45b6d62 oembios.bin

jsy@INFOJSY2:/media/KINGSTON$ ls -l oembios.bin
-rwx------ 1 jsy root 13107200 2009-04-10 16:22 oembios.bin

The usb key plug on computer wasn’t modify with autorun.inf.

The network traffic of the host was normal.

4

I forgot, the register of XP worked fine.

5

Recently Polonus has posted about other on-line scanner with 20Gb of file size limit.

6

I had the same problem :-[

Luckily It was fixed through decryption of the relevant chest files. And relocation to it’s original location from ubuntu.

7

Incidentally, It was also on my Toshiba laptop like yourself.