Solve : First Virus?

1.	Solve : First Virus?
Answer» I've been connected to the internet since i moved in to my new place,(about 9 months) and i've never had an actual Virus detected. Lastnight I downloaded the new CRYSIS Demo game and then decided to scan for viruses using PCcillin Internet Security. And what do you know, it found one. All my spysweeper and anti-virus has ever found was tracking cookies, until today. Now, it says it will keep it "quarintined" until a "dis-infection" is available. Is this quarintine actually safe or should I delete the virus completely. I think Crysis might use the file the virus is in, but i'm not sure. I need some advice. ThanksWhat is the name of the file in quarantine? If you are sure it is from the Crysis Demo and you were downloading from a safe site it "could" be a false positive.Virus name: iun6002.exe Location: C:\Windows\ How do i find out where it came from? I wouldn't take any risk. Empty quarantine vault, and delete whatever file(s), you downloaded. Thinking about false-positive, uploading that file to some on-line scan is not worth your effort. You didn't download anything you can't go by without. IMHO. Quote from: Broni on October 31, 2007, 09:41:11 PM I wouldn't take any risk. Empty quarantine vault, and delete whatever file(s), you downloaded. Thinking about false-positive, uploading that file to some on-line scan is not worth your effort. You didn't download anything you can't go by without. IMHO. It is nice to know what you are dealing with. What if it was a false positive of a system file needed by windows? Just delete it? Crash your computer? Not me...... Quote iun6002.exe (desktop surveillance personal spyware) - Details Finding a program by the name of iun6002.exe running on your computer is usually a sign that you may have a spyware program known as 'desktop surveillance personal' installed on your computer. This process was potentially installed manually by a user using an installation package (possibly with ANOTHER application). The 'desktop surveillance personal' process may perform actions such as recording your key-strokes and taking screen-shots I don't think I would download from whatever site you got the Demo from. Empty the quarantine and you should be OK.I did some search about iun6002.exe Indigo Rose reports it as a part of their UNINSTALL program, but number of other sites: http://www.auditmypc.com/process/iun6002.asp http://www.wilderssecurity.com/showthread.php?t=121402 Quote It appears that Symantec has it STILL listed as spyware http://securityresponse.symantec.com...opsurveil.html They list it as being in 3 products-wiretap,shopnav & desktop surveillance. These appear to be added in 2004. A search at pest patrol shows it in ZipitPro. This appears to be added 2/20/06. http://www3.ca.com/securityadvisor/p...x?id=453090779 report it as a dangerous file, so I wouldn't take a risk. Quote What if it was a false positive of a system file needed by windows? But it's not. That's why it's safe to get rid of it. Im not saying it has anything to do with this, but my eventlog viewer isn't running. I didn't disable it or anything, but it is telling me that the service is unavailable. Thats weird, it always worked just fine before today. I dont like to mess with things that I dont completely understand and dont know what they affect. So i'm pretty sure I didnt do anything to stop the service.Go Start>Run, type in: services.msc Hit Enter. Check what is the status of your "Event Log" service.I'll do that Broni, but first, I was looking around in my PCcillin logs and found the actual name of the virus. It was TROJ_DLOADER.WAH. The .exe file we talked about was the infected file. I'm not sure if this is of any use. Did exactly what you said to do and its not showing any Event Log in the list, NEITHER extended or standard.I checked Trenmicro for TROJ_DLOADER.WAH: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.WAH but as you can see here: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOADER%2EWAH&VSect=T it hides under the name of irsetup.exe You posted before, that infected file was named iun6002.exe, so maybe irsetup.exe comes up when you're silly enough to execute iun6002.exe Just my guesses.

Answer»

I've been connected to the internet since i moved in to my new place,(about 9 months) and i've never had an actual Virus detected. Lastnight I downloaded the new CRYSIS Demo game and then decided to scan for viruses using PCcillin Internet Security. And what do you know, it found one. All my spysweeper and anti-virus has ever found was tracking cookies, until today.

Now, it says it will keep it "quarintined" until a "dis-infection" is available. Is this quarintine actually safe or should I delete the virus completely. I think Crysis might use the file the virus is in, but i'm not sure. I need some advice. ThanksWhat is the name of the file in quarantine?

If you are sure it is from the Crysis Demo and you were downloading from a safe site it "could" be a false positive.Virus name: iun6002.exe
Location: C:\Windows\

How do i find out where it came from?

I wouldn't take any risk.
Empty quarantine vault, and delete whatever file(s), you downloaded.
Thinking about false-positive, uploading that file to some on-line scan is not worth your effort. You didn't download anything you can't go by without.
IMHO. Quote from: Broni on October 31, 2007, 09:41:11 PM

I wouldn't take any risk.
Empty quarantine vault, and delete whatever file(s), you downloaded.
Thinking about false-positive, uploading that file to some on-line scan is not worth your effort. You didn't download anything you can't go by without.
IMHO.

It is nice to know what you are dealing with.
What if it was a false positive of a system file needed by windows? Just delete it? Crash your computer? Not me......

Quote

iun6002.exe (desktop surveillance personal spyware) - Details

Finding a program by the name of iun6002.exe running on your computer is usually a sign that you may have a spyware program known as 'desktop surveillance personal' installed on your computer. This process was potentially installed manually by a user using an installation package (possibly with ANOTHER application). The 'desktop surveillance personal' process may perform actions such as recording your key-strokes and taking screen-shots

I don't think I would download from whatever site you got the Demo from.

Empty the quarantine and you should be OK.I did some search about iun6002.exe
Indigo Rose reports it as a part of their UNINSTALL program, but number of other sites:
http://www.auditmypc.com/process/iun6002.asp
http://www.wilderssecurity.com/showthread.php?t=121402
Quote

It appears that Symantec has it STILL listed as spyware

http://securityresponse.symantec.com...opsurveil.html

They list it as being in 3 products-wiretap,shopnav & desktop surveillance. These appear to be added in 2004.

A search at pest patrol shows it in ZipitPro. This appears to be added 2/20/06.

http://www3.ca.com/securityadvisor/p...x?id=453090779

report it as a dangerous file, so I wouldn't take a risk.

Quote

What if it was a false positive of a system file needed by windows?

But it's not. That's why it's safe to get rid of it.
Im not saying it has anything to do with this, but my eventlog viewer isn't running. I didn't disable it or anything, but it is telling me that the service is unavailable. Thats weird, it always worked just fine before today. I dont like to mess with things that I dont completely understand and dont know what they affect. So i'm pretty sure I didnt do anything to stop the service.Go Start>Run, type in:
services.msc
Hit Enter.
Check what is the status of your "Event Log" service.I'll do that Broni, but first, I was looking around in my PCcillin logs and found the actual name of the virus. It was TROJ_DLOADER.WAH.

The .exe file we talked about was the infected file.

I'm not sure if this is of any use.

Did exactly what you said to do and its not showing any Event Log in the list, NEITHER extended or standard.I checked Trenmicro for TROJ_DLOADER.WAH:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.WAH
but as you can see here:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOADER%2EWAH&VSect=T
it hides under the name of irsetup.exe
You posted before, that infected file was named iun6002.exe, so maybe irsetup.exe comes up when you're silly enough to execute iun6002.exe

Just my guesses.

Solve : First Virus?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment