Brontok infects Windows Calculator?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi !

Both on my computer and my wife's (networked) BitDefender has suddenly
decided that the Windows XP calculator is infected with the
Win32.Brontok.A@mm virus.

Should I believe it or has Bitdefender gone crazy?

I know of no way that Calculator would have got infected as I am not
aware of having started any programs from incoming emails.

When I did a full scan it also decided to find Win32.Klez.H in a large
number of 2002 sent emails and Win32.Yahaa.K in a large number of 2003
sent emails (in Thunderbird). I've no way of knowing whether these
really existed or how they could have done. I've closed and re-opened
Thunderbird and the messages left in the relevant 2002 folder look the
same as what was in the original Outlook Express version, though
Thunderbird doesn't seem to count them so I can't be sure.

Kind regards

Peter


Re: Brontok infects Windows Calculator?


| Hi !
|
| Both on my computer and my wife's (networked) BitDefender has suddenly
| decided that the Windows XP calculator is infected with the
| Win32.Brontok.A@mm virus.
|
| Should I believe it or has Bitdefender gone crazy?
|
| I know of no way that Calculator would have got infected as I am not
| aware of having started any programs from incoming emails.
|
| When I did a full scan it also decided to find Win32.Klez.H in a large
| number of 2002 sent emails and Win32.Yahaa.K in a large number of 2003
| sent emails (in Thunderbird). I've no way of knowing whether these
| really existed or how they could have done. I've closed and re-opened
| Thunderbird and the messages left in the relevant 2002 folder look the
| same as what was in the original Outlook Express version, though
| Thunderbird doesn't seem to count them so I can't be sure.
|
| Kind regards
|
| Peter


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Brontok infects Windows Calculator?

Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Dave

Thanks for this - Bitdefender has already quarantined my calculator,
and it looks like the virus problems in the email folders had a
genuine origin - though Bitdefender's actions seemed a wee bit strange
- perhaps the Thunderbird folders were corrupted.

I guess the calculator on my wife's computer has not been quarantined,
maybe we can submit that somewhere?

Kind regards

Peter


Re: Brontok infects Windows Calculator?

Quoted text here. Click to load it

What is this??? Someone is going to now say that the Windows
calculator.exe is an infection or can be infected?

This is too much. ;-)

Re: Brontok infects Windows Calculator?


Quoted text here. Click to load it
| What is this??? Someone is going to now say that the Windows
| calculator.exe is an infection or can be infected?
|
| This is too much. ;-)

No.  There are many infectors that replace CALC.EXE and NOTEPAD.EXE.

But then again, I'm sure you know this already are just being facetious.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Brontok infects Windows Calculator?

Quoted text here. Click to load it

<g>

Re: Brontok infects Windows Calculator?



wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

It was a **false alarm**:
http://www.bitdefender.com/KB330-en--Trojan.Flashkiller.C-and -
Win32.Brontok.A@mm-false-alarms.html

Just tried opening Calc again on my wife's computer and Bitdefender is
no longer flagging it.  There have been two hourly updates since it
did.

Thanks to all who replied - and good to know about VirusTotal which I
also tried.

Kind regards

Peter


Re: Brontok infects Windows Calculator?

This wasn't a false alarm - I had to deal with it too the other day.
Dropped a trial version and cleaned it up (as well as a trojan or
two). Ran the cleaner tool from BD for good measure and made sure it
was gone.

Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.c...It
was a **false
alarm**:http://www.bitdefender.com/KB330-en--Trojan.Flashkiller.C-and -
Quoted text here. Click to load it


Re: Brontok infects Windows Calculator?

gunnbear@gmail.com wrote:
Quoted text here. Click to load it

since brontok.a is not a file infector, reports of it infecting windows
calculator are false...

Quoted text here. Click to load it

just because you encountered it too doesn't mean it wasn't a false alarm...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Brontok infects Windows Calculator?

Arnold"@Arnold.COM says...
Quoted text here. Click to load it

All programs can be infected and spread infection.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Brontok infects Windows Calculator?

Leythos wrote:
Quoted text here. Click to load it

I would say that there can be impostors that can impersonate and spread
malware/infection.


Re: Brontok infects Windows Calculator?

In article <KIwvh.16043$pQ3.7044
@newsread4.news.pas.earthlink.net>, "Mr. Arnold" <"Mr.
Arnold"@Arnold.COM> says...
Quoted text here. Click to load it
http://www.textfiles.com/virus/datut003.txt is very old but
shows how exe files can be modified rather than merely replaced

Re: Brontok infects Windows Calculator?



|
| Dave
|
| Thanks for this - Bitdefender has already quarantined my calculator,
| and it looks like the virus problems in the email folders had a
| genuine origin - though Bitdefender's actions seemed a wee bit strange
| - perhaps the Thunderbird folders were corrupted.
|
| I guess the calculator on my wife's computer has not been quarantined,
| maybe we can submit that somewhere?
|
| Kind regards
|
| Peter

Yep, you sure can...

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

The reason I mentuioned the Multi AV scanning tool is that BitDefender may have
missed
something.  The four scanners in the Multi AV Scanning Tool will help determine
if
BitDefendeer did or not.

I do suggest going into your email client and deleting all email declared to be
infected
ASAP.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Brontok infects Windows Calculator?

PeterR wrote:
Quoted text here. Click to load it

brontok.a is not a file infector... it is a mass mailing worm...
therefore it can't be anything but a false alarm, however i think you've
already figured out it was that...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Site Timeline