Brontok infects Windows Calculator?

  • Thread starter Thread starter PeterR
  • Start date Start date
P

PeterR

Hi !

Both on my computer and my wife's (networked) BitDefender has suddenly
decided that the Windows XP calculator is infected with the
Win32.Brontok.A@mm virus.

Should I believe it or has Bitdefender gone crazy?

I know of no way that Calculator would have got infected as I am not
aware of having started any programs from incoming emails.

When I did a full scan it also decided to find Win32.Klez.H in a large
number of 2002 sent emails and Win32.Yahaa.K in a large number of 2003
sent emails (in Thunderbird). I've no way of knowing whether these
really existed or how they could have done. I've closed and re-opened
Thunderbird and the messages left in the relevant 2002 folder look the
same as what was in the original Outlook Express version, though
Thunderbird doesn't seem to count them so I can't be sure.

Kind regards

Peter
 
From: "PeterR" <[email protected]>

| Hi !
|
| Both on my computer and my wife's (networked) BitDefender has suddenly
| decided that the Windows XP calculator is infected with the
| Win32.Brontok.A@mm virus.
|
| Should I believe it or has Bitdefender gone crazy?
|
| I know of no way that Calculator would have got infected as I am not
| aware of having started any programs from incoming emails.
|
| When I did a full scan it also decided to find Win32.Klez.H in a large
| number of 2002 sent emails and Win32.Yahaa.K in a large number of 2003
| sent emails (in Thunderbird). I've no way of knowing whether these
| really existed or how they could have done. I've closed and re-opened
| Thunderbird and the messages left in the relevant 2002 folder look the
| same as what was in the original Outlook Express version, though
| Thunderbird doesn't seem to count them so I can't be sure.
|
| Kind regards
|
| Peter


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Download MULTI_AV.EXE from the URL --http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *
Click to expand...

Dave

Thanks for this - Bitdefender has already quarantined my calculator,
and it looks like the virus problems in the email folders had a
genuine origin - though Bitdefender's actions seemed a wee bit strange
- perhaps the Thunderbird folders were corrupted.

I guess the calculator on my wife's computer has not been quarantined,
maybe we can submit that somewhere?

Kind regards

Peter
 
I guess the calculator on my wife's computer has not been quarantined,
maybe we can submit that somewhere?
Click to expand...

What is this??? Someone is going to now say that the Windows
calculator.exe is an infection or can be infected?

This is too much. ;-)
 
From: "PeterR" <[email protected]>


|
| Dave
|
| Thanks for this - Bitdefender has already quarantined my calculator,
| and it looks like the virus problems in the email folders had a
| genuine origin - though Bitdefender's actions seemed a wee bit strange
| - perhaps the Thunderbird folders were corrupted.
|
| I guess the calculator on my wife's computer has not been quarantined,
| maybe we can submit that somewhere?
|
| Kind regards
|
| Peter

Yep, you sure can...

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

The reason I mentuioned the Multi AV scanning tool is that BitDefender may have missed
something. The four scanners in the Multi AV Scanning Tool will help determine if
BitDefendeer did or not.

I do suggest going into your email client and deleting all email declared to be infected
ASAP.
 
| What is this??? Someone is going to now say that the Windows
| calculator.exe is an infection or can be infected?
|
| This is too much. ;-)

No. There are many infectors that replace CALC.EXE and NOTEPAD.EXE.

But then again, I'm sure you know this already are just being facetious.
 
"Mr. said:
What is this??? Someone is going to now say that the Windows
calculator.exe is an infection or can be infected?

This is too much. ;-)
Click to expand...

All programs can be infected and spread infection.
 
From: "Mr. Arnold" <"Mr. Arnold"@Arnold.COM>



| calculator.exe is an infection or can be infected?
|
| This is too much. ;-)

No. There are many infectors that replace CALC.EXE and NOTEPAD.EXE.

But then again, I'm sure you know this already are just being facetious.
Click to expand...

It was a **false alarm**:
http://www.bitdefender.com/KB330-en--Trojan.Flashkiller.C-and-
(e-mail address removed)

Just tried opening Calc again on my wife's computer and Bitdefender is
no longer flagging it. There have been two hourly updates since it
did.

Thanks to all who replied - and good to know about VirusTotal which I
also tried.

Kind regards

Peter
 
PeterR said:
Hi !

Both on my computer and my wife's (networked) BitDefender has suddenly
decided that the Windows XP calculator is infected with the
Win32.Brontok.A@mm virus.
Click to expand...

brontok.a is not a file infector... it is a mass mailing worm...
therefore it can't be anything but a false alarm, however i think you've
already figured out it was that...
 
This wasn't a false alarm - I had to deal with it too the other day.
Dropped a trial version and cleaned it up (as well as a trojan or
two). Ran the cleaner tool from BD for good measure and made sure it
was gone.
 
This wasn't a false alarm
Click to expand...

since brontok.a is not a file infector, reports of it infecting windows
calculator are false...
- I had to deal with it too the other day.
Click to expand...

just because you encountered it too doesn't mean it wasn't a false alarm...
 
Back
Top