Annoying virus (I think)

[netmaestro]

I have a bunch of zip files in my Windows 7 downloads folder and a bunch of folders as well where I unzipped them. The other day I noticed I had quite a few folders and while I still have the zip files I don't really need the folders for now. So, with a view to freeing up space on my c: drive I deleted all the folders and left the zips. The next time I used the Purebasic 4.61 final ide, I got a message box saying: "Windows cannot find c:\users\netmaestro\Downloads\hv\hv.exe" which was an unwelcome surprise. No other apps cause this trigger, just the PB ide. I did some research on the web and found where hv.exe is a trojan masquerading as a windows system file. I updated the virus definitions for msse and defender and ran scans with both. Neither found anything. So I did a system restore to the one restore point that was available, from 2 days earlier, and the problem went away. A couple days later I found why the problem seemed to go away: the restore had put the folders back. ugh. So I found the registry key that identified hv.exe with that path and deleted it. And deleted the folder. And rebooted. Problem still existed. So I downloaded AVG antivirus, restored the hv folder (cause I wanted to see if AVG would find it and do something) and ran a scan. It identified hv.exe as a trojan and said it had cleaned it up. I ran the PB ide, shut it down and same damn thing. AVG said they had a registry cleaner you could use free for 24 hours so I removed the folder and ran that. It said it cleaned up some 3000 null or useless registry entries and that I was good to go. Except the problem persists. So I deleted hv.exe from the hv folder, created a one-line program in Purebasic containing only the keyword END, compiled/saved it as hv.exe in the hv folder and now the ide closes silently. It is running that program and I know the program is now doing nothing malicious but I would still like to repair the thing properly.

Thanks for listening, does anyone have an idea or info about this trojan? I don't want to reinstall my OS, but this is tempting me.

p.s. Sorry for the fleeting moment of doubt, team but I did a hex search of PureBasic.exe (the ide) for hv.exe and found nothing. I feel like a traitor for even looking.

[ts-soft]

Here you can found hv.exe: http://www.purebasic.fr/english/viewtop ... 06#p349006
But is definitiv no virus or trojan

[netmaestro]

Ah, excellent, thanks! I remember now downloading that and installing it, that's what it is. Definitely not a problem. Perhaps hv.exe isn't the best name for it though as an internet search for hv.exe turns up many results about a malicious trojan.

[culita]

TOVARISH i think you may consider virtual sessions:

http://www.faronics.com/en-uk/standard/ ... eze_en-uk/


or


http://www.comodo.com/home/backup-onlin ... covery.php
time machine for spies



get happy or die trying

[Fred]

We do build the final package on a regular PC (ok, with Antivirus activated) so it could be possible than a virus goes into PB, as AV aren't perfect. Better report this, even if it's a false alarm.

[culita]

yeah is better if you didn't think about viruses and anti-viruses ... better if you are using OPERATING SYSTEMS like virtual session (a copy of the ORIGINAL) see my first post

cheese !



TOVARISH CULITA

[HeX0R]

Was it an older version of history viewer?
At the beginning i had problems with false positives (see here inside the above mentioned thread), which was totally gone, when sending the hv.exe to some of the antivirus-companys.

At least all of my later released versions didn't had any alarm on virustotal (which of course could have changed since then...)

And about the name:
Well o.k., almost any name has been used as a virus i guess, renaming it now, will be a pain in the ass for all of the users of history viewer out there.

[Zebuddi123]

@ netmaestro

Been through same problem with hv.exe but realised what it was.
Try using "sysinternals procmon" http://technet.microsoft.com/en-us/sysi ... s/bb896645 and filter the exe you want to watch then search in results for suspected file saves a lot of time

Zebuddi.

[culita]

@nemaestro Zebuddi123 works on microsoft , and that tool is for check and infect your computer with Microsoft's inactive/active worms and viruses against piracy.so be cool install it to check if your friends are using os cracked versions

TOVARISH CULITA DIMITRI , the last shield against Billy-cycle-Gates-of-looser`s-house-MicroTHEFT

@Zebuddi123 : give a that looser ,sorry- i mean "TO Billy" a beer ,for a thieve like him is enough!

[Zebuddi123]

@ culita

I gather english is not your native language, therefore i am not sure what the context or what you are implying

@nemaestro Zebuddi123 works on microsoft and that tool is for check and infect your computer with Microsoft's inactive/active worms and viruses against piracy

As that statement is utter cobblers(rubbish).

@Zebuddi123 : give a that looser ,sorry- i mean "TO Billy" a beer ,for a thieve like him is enough!

as for this i have no idea?

I dont wish to start any flame war or what ever they are called, Anything i put on the forum is with good intentions to the pb community and i certainly do not wish for anyone to have trouble from the things i Suggest.

As for billy (greedy guts) gates i am absolutely not a fan

Zebuddi.