Worm.Luder detected by MBAM but not by Avast? FP or not logged in Defin.

When I did a routine MBAM scan it came up with one result. One of my games(A pirated one, but I have a license as I have bough it before) had its Windows error reporting code infected by Worm.Luder. Virus total only had one hit though.

http://www.virustotal.com/analisis/919fe5a07a5094a803538e77b921594a

Postcard.exe still shows just what it was before, Trojan.Agent Dropper
http://www.virustotal.com/analisis/d4ab754c7f83f8f6b0535782d6d2e6f7

the thing is though the original program Luder is in was detected as a Trojan.Gen in my very first topic,

Postcard.exe. It was in a realarcade game.

According to F-secure, its a file infector. but nothing has been hit except zoo tycoon error reporting.

Right now its in the chest so it cant do anything. I need some insight on this Worm.

FP? or Real deal?

Hi John2009,

Worm removal tool to be found here: http://www.avg.com/virus-removal.ndi-67765

polonus

according to http://www.virustotal.com/analisis/919fe5a07a5094a803538e77b921594a , Dr.Watson (dw.exe) look like false positive.

postcard.exe is a downloader Trojan (by what I saw in Virus Total result) and there a risk your windows be infected now, so it’s better you scan your computer by some different virus engine to be sure there are nothing bad in you windows.

here is my advise in case of being infected:

first of all scan with a bootable antivirus disc to get rid of hard virus that are not able to remove inside windows (because of running processes), there are some free and paid, Avira has a free one with a good virus database:

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from here. You can learn how to use it from Here.
also, if you want to burn that disc yourself with your own burning tool (Such as Nero or…), you can download the Image File (.iso) from Here.
After burn it to disc, use it to boot your computer and do a full scan and remove anything that it find.

then back to windows in normal boot and:
Download, install and update these programs (just use Offline update installer if you cannot use Live Update to update your programs):

[tr]
	[td][b]Program[/b][/td]
	[td][b]Download[/b][/td]
	[td][b]Offline Updater[/b][/td]
[/tr]
[tr]
	[td][b]Malwarebytes Antimalware[/b][/td]
	[td][url=http://www.malwarebytes.org/mbam.php]Download[/url][/td]
	[td][url=http://www.malwarebytes.org/mbam/database/mbam-rules.exe]Updater[/url][/td]
[/tr]
[tr]
	[td][b]SUPERAntiSpyware[/b][/td]
	[td][url=http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe]Download[/url][/td]
	[td][url=http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE]Updater[/url][/td]
[/tr]
[tr]
	[td][b]SpyBot S&D[/b][/td]
	[td][url=http://www.safer-networking.org/en/mirrors/index.html]Download[/url][/td]
	[td][url=http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe]Updater[/url][/td]
[/tr]

scan your computer using them, also during installation of SpyBot S&D disable all residents.

Download and install HostsMan.
after install run it, click on “update Hosts”, choose “MVPS Hosts” and in below options choose “Overwrite Current” hosts.
this step would immunize your Hosts File and would prevent any internet traffic to malware sites and also would fix Windows Hosts File if it has been HiJacked by malwares.

now Enjoy your virus-free windows ;D

Have a good times.

Postcard is old, it was part of my very first topic so dont worry

And also f-secure says postcard.exe is where luder originates from