What to do if virus not detected by current anti virus program?

Question

I'm running Windows 7 Ultimate 64-bit.

I found a file in c:/Users/name/AppData/Local called shanjou.dll

I noticed it when I ran msconfig and had a look through why my startup was taking a long time and this is where I noticed an entry for RunDll32 being executed against shanjou.dll

I ran a few searches on the name but nothing came up. MS Security Essentials doesn't detect anything wrong with it. What should I do next? I have already moved it out of it's location into my own self-made quarantine folder.

You could try to do a start-up virusscan (Avast is capable of this) so the OS doesn't have the file in lockdown. Otherwise, try Combofix which is a more agressive scanner. — Matthias, Jan 17 '13 at 12:55
I've already removed it from the boot sequence, I'm just wondering about what else I can do if it's not recognized as a virus. There's every chance it's harmless, but then why would someone copy it to an inconspicuous place like the /AppData/Local folder and add it to the startup programs running with RunDll32. It stinks of virus. — warsong, Jan 17 '13 at 13:06
The accepted answer to this question might be worth your time: http://superuser.com/questions/100360/how-do-i-get-rid-of-malicious-spyware-malware-viruses-or-rootkits-from-my-pc — Joel Coehoorn, Jan 17 '13 at 15:32

score 5 · Accepted Answer · edited Jan 17 '13 at 13:29

5

Try to upload it to virustotal.com . It will get scanned by 44 different antivirus products. Normally some of the scanners should find it...

edited Jan 17 '13 at 13:29

warsong

515
2
12
27

answered Jan 17 '13 at 13:12

Offler

270
2
14

That worked. It's a backdoor trojan. I'm kind of worried now about what else MSE has missed. I thought it was reliable up until today. – warsong Jan 17 '13 at 13:15
3

MSE is quite reliable. You won't find any antivirus thing which does not have false positives and misses some real viruses. (I would not trust for example every positive from ClamAV, it detects too much) – Offler Jan 17 '13 at 13:23
Well, it missed it today. One miss is enough to lose my trust. – warsong Jan 17 '13 at 13:25
There is also a broad range of free antivirus online scanners, maybe you can use some of them additionally (to find additional problems). – Offler Jan 17 '13 at 13:29
1

@warsong - Which is the reason using a single product is never a good idea. There are lots of ways to expand your security lots of resources you should read also. – Ramhound Jan 17 '13 at 15:16
1

@warsong I think you misunderstand how anti-virus software works. It is your _last_ line of defense, not your first. It's much more important that you keep your machine fully patched, that you don't run as an administrator by default, and that you use common sense when browsing. There will always be a gap between when a virus is released and when AV products are able to detect it. – Joel Coehoorn Jan 17 '13 at 15:22
@JoelCoehoorn I think you're making a lot of assumptions about me. – warsong Jan 17 '13 at 15:38

Dave · Answer 2 · 2013-01-17T18:23:28.840

2

This is an interesting question.

You can't really install another AV program as they often conflict with each other, may be having to uninstall one for another isn't a desirable option.

There are online tools, McAfee used to also let you download a program like Stinger which I've had some success with when sharing this with other AV programs. The question arises of why you should have to, especially if you had paid for an AV.

You also need to be careful of false positives.

edited Jan 17 '13 at 18:23

answered Jan 17 '13 at 14:19

Dave

25,297
10
57
69

Malwarebytes is a good supplement to a standard AV program. – Bigbio2002 Jan 17 '13 at 14:21
Professional pay because the free tools aren't licensed for corporate environments where the professionals work. – Joel Coehoorn Jan 17 '13 at 15:23
@joel that is not quite right. there are some tools like comodo which have the statement that they can be used in prof. environments. – Offler Jan 17 '13 at 16:24

score 0 · Answer 3 · answered Jan 17 '13 at 12:55

0

That could be anything to do with anything, but its good to check it out to be on the safe side. You can upload files you think are suspicious to Kaspersky via this how to guide http://www.ehow.com/how_8528328_submit-files-kaspersky-lab.html

answered Jan 17 '13 at 12:55

Simkill

1,637
11
15

It looks like the link in that article is outdated, it doesn't have whatever it's describing, but I'll look for something similar. – warsong Jan 17 '13 at 13:09
1

Oh sorry, it looks like they have changed their procedure since I last had to do this. You can try the free virus scan utility labeled 'Kaspersky Security Scan' here http://www.kaspersky.com/virus-scanner or ESET's version here http://www.eset.com/us/online-scanner/ You really need a better piece of AV software running than MSE. It's not robust at all. Programs like Kaspersky has a heuristics scanner that can detect infections that have never been identified before and is far more proactive. – Simkill Jan 17 '13 at 13:32
Already running ESET;s online scanner to see what else MSE missed. – warsong Jan 17 '13 at 13:41
@Simkill - I have lots of malicious files that MSE would detect that ESET didn't. MSE is pleanty robust has one of the best engines on the market. – Ramhound Jan 17 '13 at 15:15
@Ramhound MSE is almost completely geared towards anti-malware with a poorly crafted anti-virus element. It's not a good all round solution as its OK with anti-malware but viruses slip in all the time. ESET isn't designed to fight malware, so MSE is always going to pick up on those infections better than ESET as they are more common, but less dangerous. You're better off running Malwarebytes alongside Kaspersky as they won't interfere with each other and will both do what they are designed for very well. – Simkill Jan 18 '13 at 12:07
@Simkill - What a bunch of lies. MSE has found infections that even Malwarebytes was unable to detect. Furthermore there is no reason you cannot use Malwarebytes and MSE together. Your claims of MSE being designed to find malware is false, since the Windows 7 version, is an anti-virus and Windows Defender is the anti-malware product. – Ramhound Jan 18 '13 at 12:22
@Ramhound Please see these articles http://www.microsoft.com/en-gb/security/pc-security/mse.aspx and http://www.av-comparatives.org/images/docs/avc_sum_201212_en.pdf The first link clearly says it's an antimalware product for xp, vista and win7, then later says it also includes spyware and viruses, making it an all round solution. AV comparatives featured it in all of its tests in 2012 that the product could handle, but had to miss out on a lot, such as anti-phishing for example, because the product doesn't have these advanced features. Kaspersky out performed and won far more awards than MSE- – Simkill Jan 18 '13 at 13:35
So a dedicated AV in Kaspersky + a dedicated malware removal tool in MBAM is considerably better protection than MSE alone, especially since MBAM Pro was released. – Simkill Jan 18 '13 at 13:37
I don't trust anything that av-comparatives.org puts out based on past results with their highest rated product failing to detect stuff that MSE detected without a problem. In other word I had to remove the product I purchase and replaced it with MSE. I use to be an ESET user, so when I say MSE found infections that ESET didn't, it actually did find infections that were not found by ESET Smart Security product. Furthermore you should use Malwarebytes no matter what product you use. Kaspersky is over priced. – Ramhound Jan 18 '13 at 14:19

What to do if virus not detected by current anti virus program?

3 Answers3