I just installed CIS 5.8 beta, and on first scan it came up with 17 “infected” files, most of which I do not believe. Some of them are update files for a program I use frequently (and CIS reported the same files the first time I installed the earlier version), and others are on my recovery partition in the i386 folder, such as p2go.exe, deletebundle.exe, google_pref.exe, wtmod.exe, unhide.exe, etc.
I have a hard time believing that all of these essential Windows files got infected in the last 2 days since my last scheduled scan. Unfortunately, when I restore the update files that I know are not infected and have already been reported as false positives, CIS immediately quarantines them as malicious again! I’ve tried to upload them to be checked, but for some reason I’m not allowed access by Win7, even though I am logged in as the administrator.
The Malware names are really ridiculous:
Malware@1uclox6vxbxa0 (it’s a fun little time-waster called stressrelief.exe, and is completely harmless)
These are all on my recovery partition:
Suspicious@2r6yay4khxbbd (D:\i386\Apps\App01185\google_pref.exe )
Suspicious@3cb2sq6m806sq (D:\i386\Apps\App01635\wtmod.exe )
Suspicious@2bylt3xgo6o61 ( D:\i386\Apps\App00614\p2go.exe )
Suspicious@1jnajwt8pnhlj ( D:\i386\Apps\App04153\zprocess.exe )
Suspicious@2bylt3xgo6o61 ( D:\i386\Apps\App14417\p2go.exe )
Suspicious@17zcaazfuyvn ( D:\i386\Apps\App14476\unhide.exe )
Suspicious@253uzjd4ue7z5 ( D:\i386\Apps\App15241\deletebundle.exe )
Suspicious@3u1pklzolwfz5 ( D:\i386\Apps\App20155\aspnet.exe )
Suspicious@21pzbiwwbmmmr ( D:\i386\Apps\App10019\oobe eula text eng us 3402777.exe )
Suspicious@20ibh190n3j0t (D:\MiniNT\system32\start.exe )
MalwareBytes doesn’t detect anything wrong with them. CIS 5.5 didn’t have a problem with them. How do I get CIS 5.8 to quit trying to quarantine these files???
Apparently CIS updated to the final version, as nothing says “beta” and I have version 5.8.211697.2124, virus database version 10426
Well, ■■■■. The first batch of files that I know are simply updates to a software program I use are all fine. The ones from my Recovery partition, on the other hand are all corrupt according to valkyrie. VirusTotal took over 20minutes to analyze one of them, and it never finished, so I don’t know what it says about them. Why did CIS 5.5 miss these files for months on end (scheduled to run AV scan every Saturday night)?
I just ran MalwareBytes, and it found nothing wrong with my D: drive! Why did MalwareBytes miss these files??
Here is my question, though. Upon looking at these files, they are all from 2005 and 2006 when I had XP on this computer. I now have Win7, so do these files even pertain to my current OS? Would it be safe to quarantine/clean/delete them?
OK, I skipped the google_pref.exe file that was hanging up and scanned the rest in virustotal. google_pref.exe, deletebundle.exe, and p2go.exe take forever to scan, so I don’t know what they say. unhide.exe, zprocess.exe, wtmod.exe, oobe eula… .exe come back with 1/40 (2.5%) as the result. aspnet.exe comes back 4/44 (9.1%). It doesn’t say what this means, though.
I finally got google_pref.exe, deletebundle.exe, and p2go.exe to scan in virustotal.com, and they came back either 1/40 or 4/44. What does this mean, exactly? Are they infected or not? MalwareBytes says no, Valkyrie says yes, Virustotal says…??