Virus problem, help please
Discussion
3 of the PC's on the system have come up with a virus warning this morning - details are
Virus identified: REG.EXE (Worm/Generic.Tx - C:l386/REG.EXE)
I cant find any info on any of the standard virus sites, wondering if anyone here could give me some more info. AVG is happily sat there telling me it's infected but cant repair it and I'm sure Reg.exe is a registry edit program shipped with XP? so I cant just delete the file!
Virus identified: REG.EXE (Worm/Generic.Tx - C:l386/REG.EXE)
I cant find any info on any of the standard virus sites, wondering if anyone here could give me some more info. AVG is happily sat there telling me it's infected but cant repair it and I'm sure Reg.exe is a registry edit program shipped with XP? so I cant just delete the file!
I know Reg.exe is a real file, the problem is many virus' hide in "real" files. I wouldn't have been too worried as I know that virus checkers can occasionally mis-identify a file as a virus, but in this case there are 6 machines, all absolutely 100% identical, running exactly the same version, update etc of the antivirus, and only 3 of them are coming up with a problem - cant see why that would be unless there truly is a problem on those 3 computers?
thepassenger said:
BlairOut's suggestion sounds the most sensible way to approach it.
I am aware of viruses deploying their payload in to 'normal' files however generally speaking attacking such a little used file that isn't going to be run by the average user doesn't seem like a good idea if your trying to infect as many PC's as possible. Now attacking explorer.exe that one I can understand
Having said that if reg.exe is bigger/smaller on an infected machine to an uninfected machine with a different date/time stamp then we're on to a winner... if they are identicle in all respects then I suspect anything we do is a temporary patch to a problem that will manifest again at some point in time.
If it is a real infection I'd suggest looking at where those three machines have been to have picked this up from.
I am aware of viruses deploying their payload in to 'normal' files however generally speaking attacking such a little used file that isn't going to be run by the average user doesn't seem like a good idea if your trying to infect as many PC's as possible. Now attacking explorer.exe that one I can understand
Having said that if reg.exe is bigger/smaller on an infected machine to an uninfected machine with a different date/time stamp then we're on to a winner... if they are identicle in all respects then I suspect anything we do is a temporary patch to a problem that will manifest again at some point in time.
If it is a real infection I'd suggest looking at where those three machines have been to have picked this up from.
Edited by thepassenger on Friday 4th August 11:23
sorry if I sounded like I was trying to teach you to suck eggs, slightly stressed at the mo (really didn't need this today!)
I have just checked the file size - on a good machine - 49kb. On the infected machine, 1346kb with date stamp of yesterday
. I'm restarting in safe and duplicating files from an OK machine as we speak - with any luck we are on to a winner!
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff