I’ve just completed a complete boot scan (4 hours :o ) and discovered a virus on an old file that had been scanned previously (had this on my Pc for the last few years) and was wondering if it was a false positive…
Also, I’ve recently downloaded this other file that registers as Win32:Virtualizer [Cryp] (no clue what that means… searched a few places without results)
Note that jotty.org reports that only Avast detects something… and that Dot9 says it’s safe. Still, I’d love to know that this is. Is it just because it’s packed with UPACK or is something else detected that I should be aware of?
Thx in advance…
P.S. where can I get infos on PeStaple and Virtualizer? Actually, is there a good database of virus definition out there that could help me? Searched a few but none returned anything about those 2 viruses/malwares.
A google search turns up PeStaple as a trojan dropper. But that does not mean you are infected. Perhaps reading a few links from the search will give you more to go on. Such as what files, registry key, etc to look for. What was the path and file name deected?
A search for Virtualizer gives music and encryption related hits.
I must have been half asleep (4am when I typed previous message) but I could have sworn that PeStaple returned just a few links in google, then I read your message and decided to retry… now I get more than 10 pages of results ??? – again, might be my typing ;/
Anyways, the fr030-candytron-final-101.zip file can be found anywhere on my drive… It was first detected in old backups I had of demos I sent to a friend in Feb 2005 – have to guess here based on other demos I sent back by checking the ‘Sent Items.dbx’ with Outlook Express. I cannot confirm the date since I cannot restore the infected file with AVast from the chest.
So… the detection was within backups of the Sent Items folder of Outlook Express, which is why this one bugs me a bit… I always scan the stuff I send to friends, but nothing was detected back then – I wasn’t using AVast though… I think I used to use AVG back then.
I then extracted the file from the chest to a temporary folder with the same result. I can’t even unzip the file without AVast alerting me
I do not believe that I’m infected but if I am, the location of the 2 infections are…
J:\OtherDrive_Backups\Name\Outlook Express\Sent Items.dbx\fr030-candytron-final-101.zip#22197248
and
Y:\Name\Outlook Express\Sent Items.dbx\fr030-candytron-final-101.zip#22197248
Note that both of those locations are backups of Emails I received (and sent) and are NOT in use right now… I deleted my sent items from my current Email setup a few months back since I had backups. Now the infected file is in the AV chest. I sent a copy of both files to Alwil.
Note2: I’ve done a complete scan of my PC with AVG Anti-Spyware and SuperAntiSpyware… Nothing was found by those 2 – I know they’re not AV software, but hey, doesn’t hurt to try them too
Still trying to find out if I can use ar.dll (Win32:Virtualizer [Cryp]) or keep it in the chest.
Is there a way to have Avast confirm if it’s infected or not? I already sent them the Email via the chest but if I need to do something else, let me know.
oh, and still haven’t found any infos on what Win32:Virtualizer [Cryp] is. Can anyone at Alwil elaborate (or point me to where I can get the info on it?)
Win32:Virtualizer [Cryp] is a generic detection for the files packed with some PE packer/protector and simultaneously running in virtual machine… this technique is (ab)used by virii authors to obfuscate the file and to disallow the unpacking/analysis/detection… no legal application should use this trick, but if you’re sure that your dll is clean, you can add it to exclusions… anyway - when the file is packed with Upack (flagged by some AV’s as malware packer) and is also running in VM, then is something strange there…
That’s what I needed to know. I wasn’t aware that files/exe/dlls packed with UPack ran in VM mode as well. I’m glad Avast detected it then. It’ll stay in the chest
Rej did you said ar.dll?That file is used in Gothic 2,and I played that game long time ago,I don’t know what antivirus program I had,but all was ok.Now when I saw your question I tried to scan that file with avast and latest updates,and it tells me that file is infected with Win32:Virtualizer.So I think file its ok,because when I played Gothic 2 nothing happened to my system,ar.dll didn’t do anything.
