Netupdate.exe - suspect file

Dear Team,

I recently found that a lot of my day to day applications are loosing their icon. They are running fine but before that a cmd windows opens with c:\windows\system32\netupdate.exe (221 kb). ( I attached a screenshot)

Comodo antivirus checked the file but not virus found.

I also submitted the file netupdate.exe to you guys…

Hope this helps.

Regards,
Elmi Sergiu

=======

Using Windows XP SP3

http://camas.comodo.com/cgi-bin/submit?file=b38b56919e54f68d2b98b478f61c9f729f2f8c1d8e46ffd9c3fd0b4eac92ff39

https://www.virustotal.com/analisis/b38b56919e54f68d2b98b478f61c9f729f2f8c1d8e46ffd9c3fd0b4eac92ff39-1274093051

=======

[attachment deleted by admin]

Hello Sergiu,

Please send the file using the following link: Comodo Antivirus Database | Submit Files for Malware Analysis

Best regards,
FlorinG

File sent.

Thank you,
Elmi Sergiu

Hello Sergiu,

We have received the file you have sent and found it to be a malware application. Detection for the submitted file will be available in our next updates.

Best regards,
FlorinG

Dear Florin,

Thank you very much for the update.

Have a nice day,
Elmi Sergiu

Dear Florin,

Should I also send a file that links with the malware? ( the ones without icon that sends me to netupdate.exe as in the screenshot)

I have this files all over my hard drive (initially uninfected applications). If needed I’ll search for one and send it to you.

Thank you very much,
Elmi Sergiu

Hi Sergiu,

Yes, you can also send that file (or files) and we’ll check it.

Best regards,
FlorinG

Hello again,

O.k. I will send you the files tomorrow in the morning.

These files keeps spreading in my computer as we speak so it would be great to stop or desinfect them somehow.

If it helps, there are some files that was not accessed but still looks infected.

Thank you very much,

i have doubts that your pc will ever be clean whatever antivirus you will use. as you said, uncountable things are modified, so maybe even a operating system reinstall wouldnt be enough to fix everything. who knows what changes have been done.
good luck.

Hi Clockwork,

I have the same doubts, but in hope of a cleaner future for me and others I will upload some of the files.

In case some good luck strikes me, and those files can be disinfected after this, then I’ll buy the ■■■■ :slight_smile:

Cheers,

Hello Florin,

I Uploaded 3 Random files in the link you provided and below:

==============
http://camas.comodo.com/cgi-bin/submit?file=460927b14a8b61c3841d743b96361b85292bc222af6ef5fa732b81a0df958a7b

http://camas.comodo.com/cgi-bin/submit?file=0fe0e740fe14f3c769a370244d75fbed857536426667067bba05fc0db1c1b127

Happy to see that Comodo AV deleted Netupdate.exe but found 0 threads in all the files I mentioned and uploaded.

In case any other action is needed from my side, please reply.

Thank you for your support,

just for an example, use on demand “anti-malwarebytes free edition”. only as the “second opinion”. you will be surprised, but i am sure, it will find something.
even after that, the pc may not be clean. even if you have used all available antivirus programs, even the paid ones :wink:

Dear All,

The infected files are now removed, and system works fine.

Thank you very much for your support,

Hello again,

After the updates was changed to detect this virus, I got some new mp3 and jpeg files with the same infection.

These files are new and I think is just a false positive.

Can you please check?

Thank you,

================

Uploading the files through Comodo Antivirus Database | Submit Files for Malware Analysis

The jpg file looks uninfected in virustotal:

https://www.virustotal.com/analisis/2f286b2cb4503a73b98fb8d78e0d82121161284b91f9aae02f288423bb6601c1-1280701606

================

Hi elmisergiu,

We are going to have a look at it and will get back to you after investigation.

Thanks and Regards,
Guoqiang.

Hello Guoqiang,

I just received an email from you guys saying they could not find any virus with comodo and the current update (5613) on those files. And indeed, now when I scanned it’s not showing any detections.

The virus was detected when I copied those files on my computer ( and I clicked Ignore)

I see that the AV was last updated 30 minutes ago, was this false detection removed in the meantime or it was just something from my side?

Anyway, it seems to be ok now.

Thank you,