NAV2004 detected some threats. Can help me see if they are false positives?

[yusuke]

Hi. I updated my virus definitions for Norton Antivirus Pro 2004 today and ran a scan. NAV detected 4 threats. The details are as follows:

1) Filename: iun6002.exe Threatname: Spyware.2020search File location: C:\WINDOWS\iun6002.exe

2) Filename: Zip.SFX Threatname:Hacktool.HideWindow File location: My Documents. File is wrar330.exe

3) Filename: Zip.SFX Threatname:Hacktool.HideWindow File location:My Documents. File is also wrar330.exe

4) Filename: Zip.SFX Threatname:Hacktool.HideWindow File location: C:\Program Files\WinRAR\Zip.SFX


I'm not sure what iun6002.exe is. From what I googled, some say it's a threat some say it's a false positive. From the file details, the file was created on 9 Oct. NAV hadn't detected it all these while. When I quarantined the file, I noticed that BitTornado acted weird. When I used it, the window's size was different from before. When I restored iun6002.exe., the problems ceased.

For the 2 wrar330.exe files in different folders, I think they are merely WinRAR setup files. They were also created a few months back. I didn't bother deleting them then.

For the last file, it seems to be part of the WinRAR program. It was created some time back.

The two that bother me the most are the 1st and last file. Can someone using WinRAR please check if the last file is also in the WinRAR program folder? And anyone knows if ius6002 is really a threat?

Thanks!

 

[newbiepcuser]

Its probably just spyware, I believe NAV 2004 does spyware check too. I wouldn't worry to much about it. I ran into similar files after my 1st can with NAV 2004.

 

[DetroitSportsFan]

I think at this point, I'd download spybot S&D and/or Ad-aware SE, update them and give your system a scan. Its quite possible that your BT program is carrying spyware as part of the package. As for your winRAR, if its warez .... I'd BEWARE! Often enough, there are trojans hidden inside warez programs. Since you've already installed winRAR, it wouldn't hurt to delete those just to be safe. As for ZIP.sfx, its part of the installed winRAR program.

Scan with one of those spyware killers I mentioned above and delete what it says to delete. Be sure to have all your browser windows closed when you run them ..... otherwise, it may not remove threats that it finds.

Also, take a trip to HOUSECALL and get a second opinion on the health of your system. TrendMicro tends to find things Norton sometimes will miss.

 

[yusuke]

I did a scan with Ad-aware SE. It didn't detect anything.

Anyway, what do you mean by 'warez'?

 

[Schadenfroh]

Do what DetroitSportsFan said, run housecall.

Anyway, what do you mean by 'warez'?

pirated software, IE Movies, programs, etc. Check this thread out if you want software and dont want to pay for it.

also, did you run the updates on adaware and spybot?

A hijackthis log would also help for us to see if you have any bad apps running on startup and if there are any trojans hidden in there, dont fix anything untill you let us review it.

 

[smeager]

NAV2004 also detected Zip.SFX on my system too, when it has never done so before. I do have a ligit copy of the software that I purchased from the distributor. (It is not warez). I had it for some time and now according to the symentec site it was found back in Jan 04. Why hasen't it been picked up till now.

I deleted the file ran NAV again and it found nothing, then I went to rarlabs and downloaded the SFX pack and re-inserted the file again, ran NAV one more time with the new file and it found nothing. Could it be a false positive.

Additionally neither Ad-Aware SE and Sybot detect this file.