Security Risk- suspicious file

  • Thread starter Thread starter Semi Head
  • Start date Start date
S

Semi Head

I just ran F-Prot
Results:

1 suspicious file

In Windows 98SE

windows\system\mstask32.exe

named

W32\Xcombot.D@bd

Hope you'll don't mind me asking:
"What is it & what should be done about it?"

S_H
 
From: Art
(e-mail address removed) (Semi Head)
wrote:
I just ran F-Prot
Results:
1 suspicious file
In Windows 98SE
windows\system\mstask32.exe
named
W32\Xcombot.D@bd
Hope you'll don't mind me asking:
"What is it & what should be done about
it?"

S_H

-------------------------------------------------------

Try updating your defs and see if F-Prot
still alerts.

Art
http://www.epix.net/~artnpeg
Click to expand...
-------------------------------------------------------

OK Art, I updated defs & macs.
It Still Alerts

i've never removed a suspicious file(s) before.
Is it safe to remove using F-prot?
And

Do i remove both?

Mstask32.exe

and

W32\Xcombot.D@bd


S_H
 
From: Art
Click to expand...

That's odd. Xcombot still doesn't appear in a up to date F-Prot
/virlist and it isn't listed as known malware at their web site
either. Recently, there was a similar incident with one or two of
these new weird malware names, and a discussion on alt.comp.virus, and
it seemed that FSI had withdrawn detection. Updating the defs got rid
of the false alert.
i've never removed a suspicious file(s) before.
Is it safe to remove using F-prot?
And

Do i remove both?

Mstask32.exe

and

W32\Xcombot.D@bd
Click to expand...

I have no idea what's going on. Don't do anything until you contact
FSI about this. Let us know what you learn.

From where did you d/l your latest def updates?


Art
http://www.epix.net/~artnpeg
 
Semi Head said:
Do i remove both?

Mstask32.exe

and

W32\Xcombot.D@bd
Click to expand...

In addition to what Art has told you, you should be aware that:

Mstask32.exe is the name of a "file" on your computer, and
W32\Xcombot.D@bd is the name of a malware item that the
malware detector thinks is contained within that file.

Deleting the file would also delete the malware within it.
 
In addition to what Art has told you, you should be aware that:

Mstask32.exe is the name of a "file" on your computer, and
W32\Xcombot.D@bd is the name of a malware item that the
malware detector thinks is contained within that file.

Deleting the file would also delete the malware within it.
Click to expand...

But never delete files until you find out what's going on. In this
case, the name mstask32.exe has been used by malware, making it
particularly suspect. But any suspect file should be scanned by other
scanners for "second opinions".

..
Art
http://www.epix.net/~artnpeg
 
From: (e-mail address removed)
OK Art, I updated defs & macs.
It Still Alerts
Mstask32.exe

I suggest also that you upload this file for scanning
here:
http://www.kaspersky.com/remoteviruschk.html
and here:
http://www.dialognauka.ru/english/www_av/
That file name is associated with certain malware and it
looks suspicious.
Let us know what you find.

Art
http://www.epix.net/~artnpeg
Click to expand...



Art
I updated from your F-Prot Updater program.
I think the Mstask32 came from The "Weatherbug" free download but not
sure.

At any rate, i backed my Win98 system & Reg. files & let F-Prot delete
it.
Nothing negative has occurred because i deleted it..

All seems ok now thanks for your help. Sorry i did not wait your your
last 2 responses before deleting it.
BTW your F-Prot Updater is invaluable!

AntiVir, Avast4, & a2 did not catch it.
Those were the only ones i tried after F-Prot caught the suspicious
file.

S_H
 
Art
I updated from your F-Prot Updater program.
I think the Mstask32 came from The "Weatherbug" free download but not
sure.

At any rate, i backed my Win98 system & Reg. files & let F-Prot delete
it.
Nothing negative has occurred because i deleted it..

All seems ok now thanks for your help. Sorry i did not wait your your
last 2 responses before deleting it.
BTW your F-Prot Updater is invaluable!
Click to expand...

Glad you like it!
AntiVir, Avast4, & a2 did not catch it.
Those were the only ones i tried after F-Prot caught the suspicious
file.
Click to expand...

Well, I'm happy that things worked out ok for you. Of course, I'm
still puzzled since I don't see that malware name on F-Prot's
/virlist. It would have been interesting to see what KAV and DRWEB had
to say about the suspect file.


Art
http://www.epix.net/~artnpeg
 
Back
Top