Slacker Virus in PowerPoint files (embedded Excel objects)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello everyone,

One of my team's PowerPoint files apparently got infected with a virus which
Mcafee describes as the "slacker virus" but is unable to desinfected it for
some reason - I get an error saying file cannot be cleaned whenever I try to
do so.

The Mcafee scan result shows me a list of about 25 infected OLE obejcts,
which are Excel embedded objects for the vast majority - there are tens of
those inserted into that one file - but there is no way to tell which
infected object corresponds to the actual object in the presentation as far
as I can tell.  Otherwise I would simply delete the infected objects from
the PPT file and I reinsert new ones that had already been pre scanned for
viruses (virii?).

The reason I used the word "apparently"  up above is because no other AV
program I've tried so far (Kaspersky, Norton and AVG) detects anything
whatsoever, so I can't really tell for sure what's going on.  There was also
a extensionless file named *book1*, about 25K, residing in the XLSTART
folder that caused Excel to behave strangely while present - for instance a
lot of functions like F5 stop working until I manually deleted it.   None of
the programs, Mcafee included, detected anything wrong with the book1 file,
which seems odd to me.

I should also mention that Macfee was able to clean many other PPT infected
files but they were all much smaller - most were less that 10 MB - and had
far less infected objects in it.

Any suggestions on how to go about cleaning this file?  I'm quite desperate,
and I don't mind going out and buying yet another program if there was a
good chance that it would do the job.

I thank you all in advance.

KC






Re: Slacker Virus in PowerPoint files (embedded Excel objects)

On Sun, 20 Jul 2008 13:39:22 -0400, "Karen Cooper"

Quoted text here. Click to load it

Have you tried uploading the file in question here?:
http://www.virustotal.com /

If the file is not too large for acceptance there, it would be
interesting to see if any other av alert on it.

I presume by "slacker" you mean McAfee alerted as X97M/Slacker
generic detection? There are several variants and vendors such
as Sophos and Trend Micro ... if they alert ... will likely pinpoint
a particular variant.

If no other av alert, then it's likely that McAfee's generic
detection is "too loose" and it's false alarming, in which case
the file should be submitted to NAI for analysis. They will
quickly respond and send you a updated DAT with the
corrected detection.

If the file is too large to be accepted at Virus Total, I'd then
try Trend Micro's free Sysclean product:
http://www.trendmicro.com/download/dcs.asp

There are other free on-demand scanners you could try
as well, but first let us know how you make out.

Art

Site Timeline