Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 09-30-2012, 14:10   #1
Tvov
Senior Member
 
Join Date: Sep 2000
Location: CT,USA
Posts: 4,899
Possible virus / malware: wrongInf

Hello all,
My son's computer was running a bit slow. He did a boot scan using Avast free version, and it came up with one "positive":

Win32: wrongInf-D [susp]

We can't tell if this is a real problem or a false positive. He uses Windows Vista 64bit. Anyone know what this is, and if we have to worry about it?

Thanks!
Tvov is offline   Reply With Quote
Old 09-30-2012, 15:14   #2
GlockFanWA
Senior Member
 
Join Date: Sep 2012
Location: Washington
Posts: 633
try running Malwarebytes and of course your son isn't running as Administrator and didn't disable UAC? What is being used for real time virus checking?
GlockFanWA is offline   Reply With Quote
Old 09-30-2012, 15:39   #3
GIockGuy24
Bring M&M's
 
GIockGuy24's Avatar
 
Join Date: Jul 2005
Location: With Amber Lamps
Posts: 3,973
That one does seem to be a false positive with Avast. It is the Install Shield engine. It can be reinstalled if removed.

I think this is the right down to reinstall it, if needed.

http://support.installshield.com/kb/...rnelUpdate.exe


Some information here.

http://consumerdocs.installshield.co...8322&sliceId=1

I would only reinstall it if it removed it with Avast.
__________________
Despite some media reports, there were no AK-47s involved in the incident

Last edited by GIockGuy24; 09-30-2012 at 15:39..
GIockGuy24 is offline   Reply With Quote
Old 09-30-2012, 15:57   #4
Tvov
Senior Member
 
Join Date: Sep 2000
Location: CT,USA
Posts: 4,899
We did run Malewarebytes with a full scan, it says the computer is fine.

GIockGuy24, thank you for the links, but do you have any that describe what "wrongInf" actually is?

On another site someone said they thought it was a trojan, and should be removed.
Tvov is offline   Reply With Quote
Old 09-30-2012, 16:49   #5
GIockGuy24
Bring M&M's
 
GIockGuy24's Avatar
 
Join Date: Jul 2005
Location: With Amber Lamps
Posts: 3,973
On the Avast forum (some in German language) it looks to be a fairly common false positive with Avast. Having Avast remove it will disable the Install Shield. If you want to try removing it, you should be able to reinstall a known good version but it does seem to be a false positive.
__________________
Despite some media reports, there were no AK-47s involved in the incident
GIockGuy24 is offline   Reply With Quote
Old 09-30-2012, 16:49   #6
Tvov
Senior Member
 
Join Date: Sep 2000
Location: CT,USA
Posts: 4,899
Oh, I just remembered: When my son clicked on the Avast option to "move to chest" for the file, it came back with with an Error (I forget the details).

I'll see if he wrote it down.
Tvov is offline   Reply With Quote
Old 09-30-2012, 16:50   #7
Tvov
Senior Member
 
Join Date: Sep 2000
Location: CT,USA
Posts: 4,899
Quote:
Originally Posted by GIockGuy24 View Post
On the Avast forum (some in German language) it looks to be a fairly common false positive with Avast. Having Avast remove it will disable the Install Shield. If you want to try removing it, you should be able to reinstall a known good version but it does seem to be a false positive.
Thanks! It was weird looking up info on that, as many links went to German language sites.
Tvov is offline   Reply With Quote
Old 09-30-2012, 18:42   #8
Tvov
Senior Member
 
Join Date: Sep 2000
Location: CT,USA
Posts: 4,899
GIockGuy24, according to McAfee, it is a virus that McAfee sees as "W32/Xpaj.b!43F2805C2C15". Avast recognizes it as "Win32:WrongInf-A [Susp]".

From this link:

http://home.mcafee.com/virusinfo/vir...ey=980823#none

Oh, the difference is we have "-D" instead of "A".
Now I'm not sure what to do?

Last edited by Tvov; 09-30-2012 at 18:46..
Tvov is offline   Reply With Quote
Old 09-30-2012, 19:48   #9
GIockGuy24
Bring M&M's
 
GIockGuy24's Avatar
 
Join Date: Jul 2005
Location: With Amber Lamps
Posts: 3,973
Well you could have Avast try to remove it. Then you can try to reinstall the Install Shield from Microsoft. It may still come up as a false positive or Avast may try to prevent installing it.
__________________
Despite some media reports, there were no AK-47s involved in the incident
GIockGuy24 is offline   Reply With Quote
Old 09-30-2012, 19:52   #10
GIockGuy24
Bring M&M's
 
GIockGuy24's Avatar
 
Join Date: Jul 2005
Location: With Amber Lamps
Posts: 3,973
Here is the McAfee Stinger program.

http://majorgeeks.com/McAfee_Stinger_d4063.html

You could run it and see if anything comes up.
__________________
Despite some media reports, there were no AK-47s involved in the incident
GIockGuy24 is offline   Reply With Quote
Old 10-01-2012, 21:21   #11
Sgt. Schultz
Annoying Member
 
Sgt. Schultz's Avatar
 
Join Date: May 2004
Location: West Columbia, South Carolina
Posts: 2,809
Quote:
Originally Posted by Tvov View Post
We did run Malewarebytes with a full scan, it says the computer is fine.
Did you run the scan in safe mode?


Try scanning with this ...

http://www.superantispyware.com/port...annertech.html

... in safe mode.
__________________
Sgt. Schultz

"I have come here to chew bubble gum and kick ass ... and I'm all out of bubble gum"
Sgt. Schultz is offline   Reply With Quote
Old 10-02-2012, 05:02   #12
Tvov
Senior Member
 
Join Date: Sep 2000
Location: CT,USA
Posts: 4,899
I am not sure if he ran Malewarebytes in safe mode, I know he ran Avast in safe mode.

It is looking like it was a false positive. I didn't realize that he ran Avast with everything turned to "high" ("heuristics" or something) so it was saying all sorts of stuff was possible problems.

Last night the computer seemed fine, and the various anti-virus scans he did on "normal" settings all came through okay. My son is paranoid about his computer getting infected, so whenever anything seems odd he gets all worked up.

Thanks for the responses!
Tvov is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 03:58.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 729
164 Members
565 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31