1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Is this normal?

Discussion in 'Virus & Other Malware Removal' started by Ander, Sep 23, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Ander

    Ander Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    80
    Hi,

    Today I ran a system-check with AVG Anti-Virus 6.0. It gave these strange results:

    - - - - - -

    Results of Complete Test, date and time 9/23/2003 13:33:45 :

    Testing C:\ volume C serial 175F-16F8
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!
    C:\Documents and Settings\Rollo G. Fisk\NTUSER.DAT Cannot open; not checked!
    C:\Documents and Settings\Rollo G. Fisk\ntuser.dat.LOG Cannot open; not checked!
    C:\Documents and Settings\Rollo G. Fisk\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
    C:\Documents and Settings\Rollo G. Fisk\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
    C:\Documents and Settings\Rollo G. Fisk\Application Data\MOZILLA\PROFILES\DEFAULT\J36JSYO2.SLT\parent.lock Cannot open; not checked!
    C:\DL\RamPlayer 2.0 beta 2 (free Real Audio player)\RAMP02B2.EXE repaired
    C:\DL\Booly.zip:\VGAEGA.EXE:pKLITE Suspicion: unknown virus .EXE.COM
    Testing D:\ volume WIN_SWAP serial 3EC9-764D
    Testing G:\ volume G serial 0C7F-B90E
    Testing I:\ volume I serial 3EA0-D717
    Testing J:\ volume J serial 7D41-AE3A
    Testing K:\ volume K serial BBE2-8563

    Test finished, duration 00:32:39.9 s
    78962 objects tested, 4 found infected

    - - - - - -

    BOOLY.ZIP contained a text file and a file called VGAEGA.EXE. I extracted the .EXE and checked it with Norton (by mailing it to myself on Yahoo); it found no virus. I suspect that was a false alarm. Nonetheless, I've removed BOOLY.ZIP and VGAEGA.EXE.

    I'm not worried about MOZILLA\PROFILES\DEFAULT\J36JSYO2.SLT\parent.lock---I think it was just the Mozilla-quick-start icon in my system-tray.

    What about those apparent system files, though? Is it normal for them to be unreadable? If not, what do you recommend I do?

    Thanks! ---Ander
     
  2. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    Yes, it is quite normal,

    as for VGAEGA.exe, could be a false alarm OR an unknown virus

    Could you post what the text file said?

    You should make sure that you have set AVG to check heuristically (Resident Shield | Use Heuristics) that way if it IS an unknown virus but has a significant similarity to an existing virus it will be caught
     
  3. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    Do you do gaming and use a sight called Underdogs? I was able to find that Booly.zip I think is a game download. Look at this site and see if it is familiar.
     
  4. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    Well found BillC, which can only mean you knowingly downloaded it, though I couldn't get it to work and wasn't in zip form ;)
     
  5. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    Putasolution...actually I did not download it, but found it with a great search engine I use along with Google. A tech friend of mine told me about Teoma. They tend to have more techinal stuff and less of the "fluff" you find on Google. Now you know my secret. :D
     
  6. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    I was presuming that ander had actually downloaded it knowingly. It should have read He rather than you ;)

    I went through two screens and a pop up before the download applet appeared ;)
     
  7. Ander

    Ander Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    80
    Thanks, guys (and I must say, that was quick).

    The AVG alarm was nothing to worry about. It was just complaining about an old self-extracting archive kernel (PKLITE), which it thought had two file extensions, which can be a virus characteristic. (It didn't, though, and it wasn't.)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166930

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice