Windows 7 - Vista Icon Virus
Asked By Zareba
27-Sep-08 02:29 PM
Windows XP SP3, Toshiba notebook computer.
When I went to PC Pitstop for an analysis of this new-to-me notebook, they
said I had Vista Virus and to remove it before doing anything further.
My problem is that I can not find this virus. I had downloaded and installed
a program that offered to change my icons to those in Vista. When it did not
work as I expected, I uninstalled it.
Searching the net and searching Microsoft has not turned up anything
helpful, although there seems to be a "Vista Anti-virus virus".
Anyone have any suggestions?
Thanks
...Z
Vista
(1)
VistaDrive
(1)
XP
(1)
AV
(1)
WNetUseConnectionA
(1)
HKEY_LOCAL_MACHINE
(1)
IdentificationUPX
(1)
EXPLOIT
(1)
Maurice N ~ MVP replied...
Vista Antivirus 2008 is a rogue program rather than a virus. =20
See "How to remove Vista Antivirus 2008"
http://www.bleepingcomputer.com/malware-removal/remove-vista-antivirus-20=
08
Was there a specific file identified by PC PitStop as being "Vista Icon =
Virus" ? Filename & path would be of great help.
Have you done scans with your antivirus / anti-malware app ?
One certainly hopes you have an up-to-date AV & anti-malware installed =
already on your notebook. Which do you have?
I'd suggest you get a 2nd opinion by using one or both of these online =
scanners:
Kaspersky Webscan Online Virus Scanner
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
ESET Online Scanner
http://www.eset.com/onlinescan/
--=20
Maurice Naggar=20
MS-MVP=20
-----
they=20
installed=20
did not=20
Zareba replied...
The program identified was C/Windows/VistaDrive/VistaDrive.exe which I
could not find on any on-line search as being malware.
I do not have Vista Antivirus 2008. Although I do not lurk consistently in
any virus related news groups, I do get newsletters that keep me relatively
informed. There was nothing in any of them about VistaDrive either.
I have scanned with Avast and Spybot, then went on line and got a free
on-line Panda scan. They identified 5 low level bits of malware, all of them
cookies and all disappear when the cookies are deleted, which I do
regularly. I also run Zone Alarm. My Avast is updated daily and Spybot is
updated regularly.
Panda did offer to fix these 5 problems if I buy their anti-virus program.
Their on line scans and repairs used to be free, but it seems almost all now
use a free scan of your computer to talk you into buying!
I am beginning to think PC Pitstop pressed the alarm button when it saw the
word Vista.
Thank you for your assistance in this matter.
...Z (still learning after all these years)
David H. Lipman replied...
From: "Zareba" <zarebatoo@thetimewarp.com>
I thought it to be a False Positive when I first read your post.
Please submit a sample of VistaDrive.exe to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN
When you get the report, please post back the exact results.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Zareba replied...
I thought it to be a False Positive when I first read your post.
There aught to be a law!!!!
...Z
David H. Lipman replied...
LOL
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Maurice N ~ MVP replied...
Vistadrive.exe is reported as Win32 Mailer Gen. EXPLOIT virus at =
PcPitstop
http://www.pcpitstop.com/libraries/process/i/VistaDrive.exe.html
Do as David suggested, and also proceed to get Vistadrive.exe removed
--=20
Maurice Naggar=20
MS-MVP=20
-----
Zareba replied...
Please submit a sample of VistaDrive.exe to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's
scanners.
That will give you an idea what it is and who recognizes it. In addition
Virus
Total will provide the sample to all participating vendors.
Hi David:
I took the sample to virustotal, but I have no idea what the analysis
means.HELP!!!
...Z (very confused)
File VistaDrive.exe received on 09.28.2008 21:09:22 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.9.25.0 2008.09.26 -
AntiVir 7.8.1.34 2008.09.28 -
Authentium 5.1.0.4 2008.09.28 -
Avast 4.8.1195.0 2008.09.27 -
AVG 8.0.0.161 2008.09.28 -
BitDefender 7.2 2008.09.28 -
CAT-QuickHeal 9.50 2008.09.27 -
ClamAV 0.93.1 2008.09.28 -
DrWeb 4.44.0.09170 2008.09.28 -
eSafe 7.0.17.0 2008.09.28 Suspicious File
eTrust-Vet 31.6.6110 2008.09.26 -
Ewido 4.0 2008.09.28 -
F-Prot 4.4.4.56 2008.09.27 -
F-Secure 8.0.14332.0 2008.09.28 -
Fortinet 3.113.0.0 2008.09.28 -
GData 19 2008.09.28 -
Ikarus T3.1.1.34.0 2008.09.28 -
K7AntiVirus 7.10.476 2008.09.27 -
Kaspersky 7.0.0.125 2008.09.28 -
McAfee 5393 2008.09.27 -
Microsoft 1.3903 2008.09.28 -
NOD32 3478 2008.09.28 -
Norman 5.80.02 2008.09.26 -
Panda 9.0.0.4 2008.09.28 -
PCTools 4.4.2.0 2008.09.26 -
Prevx1 V2 2008.09.28 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.09.28 -
Sophos 4.34.0 2008.09.28 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.09.28 -
TheHacker 6.3.0.9.095 2008.09.27 -
TrendMicro 8.700.0.1004 2008.09.26 -
VBA32 3.12.8.6 2008.09.27 -
ViRobot 2008.9.26.1394 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.28 -
Additional information
File size: 280779 bytes
MD5...: 6e15cac2275e0b0a22e7ee9bac30d7ba
SHA1..: 73907693e9e3009226aa0f062b0d139d59c445ce
SHA256:
3fdcb7a2e87271faf8e65b84e92da9bbf9c954d04ddd062828cbdce600c1c4dd
SHA512:
653d3ee9a8c9f15548d5dad74de2a2c063929768ef542216b2a0cf9591c6708c<BR>170401fe833076d25ace97dc8fbf899aa9faf4d1f2226cdefa493c3f2227991b
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar &
John Reiser
TrID..: File type identification<BR>UPX compressed Win32 Executable
(43.8%)<BR>Win32 EXE Yoda's Crypter (38.1%)<BR>Win32 Executable Generic
(12.2%)<BR>Generic Win/DOS Executable (2.8%)<BR>DOS Executable Generic
(2.8%)
PEInfo: PE Structure information<BR><BR>( base
data )<BR>entrypointaddress.: 0x47a1c0<BR>timedatestamp.....: 0x42543d7e
(Wed Apr 06 19:50:22 2005)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3
sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x5e000
0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x5f000 0x1c000 0x1b400
7.92 910877b07352078e99d4d7dc617c4cea<BR>.rsrc 0x7b000 0x29000 0x28800 5.23
9c5fa377a89bd5b6b76efc7074feeb06<BR><BR>( 13 imports ) <BR>>
KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess<BR>>
ADVAPI32.dll: RegCloseKey<BR>> COMCTL32.dll: ImageList_Create<BR>>
comdlg32.dll: GetOpenFileNameA<BR>> GDI32.dll: DeleteDC<BR>> MPR.dll:
WNetUseConnectionA<BR>> ole32.dll: CoInitialize<BR>>
OLEAUT32.dll: -<BR>> SHELL32.dll: DragFinish<BR>> USER32.dll:
GetDC<BR>> VERSION.dll: VerQueryValueA<BR>> WINMM.dll:
timeGetTime<BR>> WSOCK32.dll: -<BR><BR>( 0 exports ) <BR>
ThreatExpert info:
http://www.threatexpert.com/report.aspx?md5=6e15cac2275e0b0a22e7ee9bac30d7ba
packers (Kaspersky): UPX
packers (F-Prot): UPX
David H. Lipman replied...
From: "Zareba" <zarebatoo@thetimewarp.com>
The analysis indicates the probability that this was a False Positive declaration is very
high.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Zareba replied...
The analysis indicates the probability that this was a False Positive
declaration is very
high.
Thanks, I think. ...Z
kalyan replied...
Hi
It is Win32.Mailer.Gen.Exploit
1.Disable the system restore mode&Restart you pc in safe mode
2.Kill the vistadrive.exe process
3.Remove the vistadrive.exe registery key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4.delete the folder vistadrive in
c:\windows\vistadrive,c:\windows\system32\vistadrive
5.Clean all temp files
6.Restart and enjoy
--
Warm Regards
Kalyan
Zareba replied...
Thanks Kalyan:
When there was some doubt as to what the file actually was, I uninstalled
and deleted everything I could find, rebooted and checked again for signs of
the wayward program. When I found one instance that appeared to have
regenerated itself, I stopped system repair and deleted it again. After
another reboot, I was not able to find it anywhere, Windows, Registry,
Programs ... in short it had totally disappeared.
Just to be sure, I went back to PC Pitstop and ran the tests again. They
could not find it either.
It seems to me that because it was so easy to remove, it was either a false
positive, or a very devious and tenacious virus. Either way, it is gone. If
it was a legitimate program, it did not do what it was supposed to do so I
would have uninstalled it anyway.
Thanks everyone, for your help.
...Z (still learning after almost 10 years)
Downloaded Windows Updates fail to install in Windows Update Windows 7 Re: XP Home Edition SP2. 1 / 6 / 09 Shenan Stanley offered remedial sequence of commands. I completed typed in cannot be found. Any suggestions will be appreciated. - - DHF Windows Update Discussions Windows XP (1) Windows Installer (1) Windows Update (1) BigBoxStoreUSA (1) Outlook (1) XP (1) CltUI (1) AutomaticUpdates (1) drop the exclamation marks, if you are using them, " " - - WT on to this computer and Windows will prompt with further instructions: - Security Update for Windows XP (KB955069) 2009-01-22 11:16:15:322 788 ef4 AU Changing existing AU client on to this computer and Windows will prompt with further instructions: - Security Update for Windows XP (KB955069) - Security Update for Windows XP (KB958644) 2009-01-22 11:16:15:322 788 e40 Report REPORT EVENT: {7741AF51-7D1F on to this computer and Windows will prompt with further instructions: - Security Update for Windows XP (KB955069) - Security Update for Windows XP (KB958644) - Security Update for Windows XP (KB954600) 2009-01-22 11:16:15:322 788
Why do you still use Windows XP? Windows 7 Give your reasons. Do you plan to upgrade ever? If so, when and why? If you use both XP and 7, do you ever plan on ditching XP for good? What will you do when support is dropped to the point where this new hardware? Personally I am waiting for Windows 8 to release a second service pack. XP sucked when it first came out until SP1. Even then, I find the moron-babysitting not work, it had to enabled then disabled to be disabled for real. Sigh. . . Windows XP Discussions Windows XP (1) Windows Embedded (1) Windows Server (1) Microsoft Word (1) Windows Media (1) PowerPoint (1 when Microsoft puts a dagger in the heart of the OS. | If you use both XP and 7, do you ever plan on ditching XP for good? I have XP on home built desktop and Vista business on Dell Latitude
Will w8 have xp downgrade rights? Windows 7 Hi Guys, Has anyone heard any rumors on weather or not M$ will continue with its XP downgrade rights when Windows 8 comes out? -T Windows XP Discussions Windows XP (1) Windows Server (1) Windows Vista (1) Windows 7 (1) Office (1) Linux (1 Vista (1) Money (1) XP is on its death bed. I doubt it. - - Dave Multi-AV Scanning Tool - http: / / multi-av.thespykiller.co.uk http: / / www.pctipp.ch / downloads / dl / 35905
Microsoft extends XP downgrade rights date by six months Windows 7 MS knows Vista is crap lol http: / / blogs.zdnet.com / microsoft / ?p = 1619 Microsoft is sending some very confusing signals about Windows Vista - the latest of which it issued via a statement on October 3. The Register reported be allowed to continue to offer Windows users "downgrade rights, " enabling them to switch from Vista to XP on new machines. The Reg said Microsoft had moved the downgrade cut-off date from media for a few more months is part of that commitment, as is the Windows Vista Small Business Assurance program (available in the U.S. only), which provides 1-on-1 the Reg's story was correct. The spokesperson sent further clarification: provide downgrade media for XP Professional for OEMs and system builders to provide to their customers who purchase Windows Vista Ultimate and Business editions - (which the company figures will be) largely going to be small
Vista 64 bit or 32 bit on New Computer? Windows 7 I am going to purchase a new laptop computer but the one I want comes with Vista 64 bit installed and I'd prefer 32 bit due to the number of programs somehow in the Windows program on the computer or am I stuck with it? Windows Vista Discussions Windows XP (1) Virtual PC (1) Windows Server 2008 (1) Windows 7 (1) RealBASIC (1) Office (1) Adobe (1) Vista (1) No it cannot be changed internally, it requires a format of the drive and a clean installation of Vista 32 bit which you'll need to purchase. - - Crosspost, do not multipost http: / / www.blakjak You will be a lot happier with 32 bit. And, you are not stuck with Vista. Both Lenovo and Dell will sell you the XP downgrade. XP is twice as fast as Vista and does not have any of the