Okay. So I’m using Avira AntiVir V9 (last update on 18 July 2009) and CIS V3.9.95478.509 (I haven’t yet upgraded it to V3.10) along with Spyware Terminator V22.214.171.1246 (database version is V3.007.017.000).
All these are for real-time and for on-demand I have SUPERAntiSpyware and Spybot S&D. (But these two shouldn’t matter because they weren’t involved since I didn’t use them to scan.)
I ran an on-demand complete system scan using Avira and when it finished, it showed that my kernel32.dll located at “WINDOWS\system32\kernel32.dll” and “WINDOWS\system32\dllcache\kernel32.dll” were infected and identified the infection as “TR/Patched.GR.6 Trojan”.
I set my Avira to automatically quarantine any infected files and delete the original if it cannot clean them. But in this case, since it was kernel32.dll, Avira didn’t do that and just left it there, and showed a warning message in the report saying “[WARNING] ‘Is the TR/Patched.GR.6 Trojan’. This detection is probably an error. Please send us this file immediately for further analysis.”
Well I didn’t send it to Avira since I didn’t know how to.
Now comes my questions.
Is my kernel32.dll really infected? How?! I only surfed the net like usual. I did go to some sites to download cracks and trainers for some games, but I visited those sites with all my security on. My Avira, CIS, and Spyware Terminator all didn’t report anything funny. When I ran the trainers I downloaded, I observed everything they did through the alerts of CIS, but all they did was just accessing the game in memory.
I have also sent my kernel32.dll to VirusTotal for a scan, and this link is the result. Only 3 Antivirus detected something in it. But I still feel unsafe.
What is “TR/Patched.GR.6”? Does this mean the core of my system is infected? (I haven’t yet seen any symptoms. Observable symptoms I mean.)
Can a malware infect my system and command my system to do something funny so that CIS and other security programs would let it pass? Is that possible?
You may think I’m paranoid but that’s because I am! I’ve even set my Defense+ to Paranoid Mode and Firewall to Custom Policy Mode (Safe Mode for both, previously). I disabled the Antivirus in CIS though, since I use Avira.
My OS is Windows XP SP2. I only enabled the Real-time Shield of my Spyware Terminator, but not its HIPS, since CIS’s HIPS is already in place.
So what should I do? Please help!~
A bit off-topic, but is the new free DNS service able to track where I go on the net? I don’t have the knowledge so I’m not sure.