Hi All. I have been fighting a trojan (or series of trojans) for 3 days now in my 64bit Windows 7 machine and think I may be at the end of the road. The only remaining threat still identified by CCE is listed as Malware:Heur.corrupt.pe and is located in Windows\syswow64\mfc45.dat. I have verified it is malware using valkyrie but it will not clean. Any advice would be very much appreciated.
Identified threat Malware:heur.corrupt.pe in mfc45.dat will not clean. Help!
As long as you’re sure it’s malicious, and removing it won’t destroy the system, you can use FileAssassin.
Unfortunately I don’t know whether deletion will crash the system. It is a small file (73kb) but I can’t find any info on the web on it’s function and whether, or not, the file would be re-created by windows after deletion.
Can you please upload the file to VirusTotal and post a link to the results?
Ok here is the virus total link www.virustotal.com/file/842453a757f5e934bc37a62e6140f7fe7090718bc2484aaffdfe4ccfb440a8b1/analysis/1344384691/ Only about a half dozen programs flag the file. How do you interpret something like this?
Please report it as a false positive to Comodo. You can submit it on this page. Comodo analysts will contact you with the results of their analysis and let you know whether it is malicious or not. That way you’ll know for sure.
Please keep us informed.
File Submitted. Looking forward to the report. I’ll keep you posted. Thanks for the help.
I would fight a trojan infection for not longer than two hours.
Then the operation system reinstall would be finished and it would look like before.
And i can be sure that the machine is not infected anymore. No backdoors, no post-downloaded undetected malware.
While you are wasting days, and you even can not be sure after that.
You are doing it wrong.
Here is the final false positive report on mfc45.
This is to inform you that false-positive with mfc45.dat (SHA1:a2d199ba1f7acc9bd870cd768856327c76bb353f) was fixed. You can update to AV database Version 13182 of Comodo Internet Security 5.10.228257.2253 and confirm it.
Comodo AntiVirus Lab
Clockwork Do you reinstall your OS after any malware infection? I have been infected only a couple of times in 20 years but have rarely reinstalled the OS. It’s too much of a pain in the @#$,
My computer is never infected
But if, of course i would make a reinstall !
Reinstalls are allways the same. And they are a sure try.
On the opposite, (3) days of tryings, postings in a forum, reading in forums… and this doubt “is everything ok now?”, thats a pain instead
Think about it:
An infection took place. The antivirus wasnt effective for (time) in that case. And now it finds “3” threats.
How do you know that there arent 5 initally? Two still undetected? Fresh downloaded?
How do you know that the active malware didnt do smart stuff with your security layer, with the settings of your computer?
I remember the day very well when i convinced a friend to use an antivirus. “No, i dont need it. Thats bullsh1t. Dont annoy me!”
Soon after i finally installed the antivirus, he understood.
I started the scan.
“Before the scan starts, do you wish to erase (insert several worm names here) first?”
I pressed “yes”.
Then the scan started.
And for at least the next 15 minutes i rapidly pressed the erase button with the mouse, like a heavy metal drummer would hit the snare drum on fast passages,… no, faster! Because there have been hundreds of malwares on this computer.
That was very convincing to use an antivirus.
You ask yourself, why i am telling this story even though you are using an antivirus allready?
Using no antivirus is dangerous, no question.
But to trust in an antivirus (that it will clean 100%) is like using no antivirus, when you keep the undetected danger in mind.
The most worse is:
You feel safe falsely.
The computer in my story was running well, looked clean. “Nothing wrong with it!”
After the scan it was an untrusted machine!
A malware writer could insert a payload into his malware that will be detected one day. And if he is lucky, the person will just clean it, and feel safe. While the main program is undetected. And from then on the malware writer has a “happy and permanent victim”.
Actually, it’s for this reason that I wrote my article about How to Know If Your Computer Is Infected. This method will find both files known to be bad and those which are not yet known bad. Thus, even unknown zero-day infections cannot escape this method.
When i see your walls of informations…
i am happy to have comodo firewall and defense+ next to my antivirus
I see it that way:
If your computer got infected, you lost.
It doesnt matter then if you “win” later by getting it cleaned out “manually”.
I dont waste time. I dont want to have doubts. I dont want that my head is turning.
I suggest reinstalls
And i avoid infections. Or, if infections are normal, i had just luck