system31.exe
Friday, 28 October 2011 09:04
Here is a suspicious file system31.exe, You can see the report on this link
The virus installer creates these files in C:\Windows\system32\Windupdt which is a malicious folder.
Just because a virus writer decides to give a name to a virus file, that does not make the name itself outlawed. So you need to take necessary precautions while deciding whether a file on your computer is legitimate or not. Read this Disclaimer
- It creates these files at
C:\Windows\system32\Windupdt\system31.exe - And these folders
C:\Windows\system32\Windupdt - The installer is of about 828 Kilobytes.
- It creates a startup registry entry so that the files system31.exe run each time windows starts.
- Registers a Winlogon notification package so that the installed module is loaded into the address space of winlogon.exe.
- It could be used to download malicious files on the computer
Can Antivirus programs detect it?
Some antivirus programs may detect this virus file as
Trojan.Win32.Menti.ikcu [Kaspersky Lab]
VirTool:Win32/VBInject [Microsoft]
Trojan.Win32.Menti [Ikarus]
What is a TrojanVBInject
A page on Microsoft's website provides following description: "A malicious file is generally encrypted/and or compressed and stored inside another program (written in Visual Basic), which decodes the malicious file and loads it. The malicious program may be injected into a clean process or loaded in a new process of its own. Unlike a "dropper", the malicious executable is never written to disk as a separate file."
How do I get infected? Can it be avoided?
Small files like these can enter a computer unnoticed while browsing on the net. It is called a drive by download. And there are ways to prevent it from happening. You can read them on this link here
So what should I do now?
You need to delete this or any other suspicious files that could be seen running in Task manager. Also do not forget to run a scheduled boot scan using the antivirus program on your computer. A good firewall can prevent and help you to block or detect if there is any hidden communication between a file on your computer and someone else on the internet. So keep a close eye on these activities through your Firewall.
Don't you write detailed Step by step instructions?
Yes, I do. But in order to avoid looking cumbersome, I have grouped all the commonly followed steps that can be applied to any or all of the viruses. In case you need them they are here on this link.
The above information is based on Automated virus analysis report form Threatexpert.com.
(copyright attribution statement: "Reprinted with permission from ThreatExpert.")
If you come across any difficulties in removing the above virus, send your queries in the Help Forum
Search within this site
Read in your language
Main Menu
| Home |
| ----Sections---- |
| Harmful Files |
| Virus Removal |
| Trojan Removal |
| Worms Removal |
| Rogues Removal |
| Unwanted Apps |
| Removal Tools |
| Current News |
| ----Articles---- |
| Warning/ Disclaimer |
| Common Folders |
| Preventive Measures |
| Removal Instructions |
| Video Tutorials |
| ----Site Info---- |
| Sitemap |
| About/Contact |
