• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1196
  • Last Modified:

Possible Virus undetected by Trend & AVG

I have a client that is running Windows XP Pro and has an executable that shows up in the task manager that appears to have the characteristics of a virus.  The executalbe is in the c:\windows\temp directory and has the same icon (a little dog running) but changes names.  It has been running with the names gh5896.exe, xzf05.exe and ona32e.exe.  The properties of the file say that is was created on 5-16-2006 but the modified date is 7-6-2004.  When I right click on the desktop I get a window that says explorer has encounter a problem and then a Dr. Watson error window opens.  The only way to get back to the desktop is to kill the Dr. Watson process.  I have ran both Trend's Office Scan with the latest updates and AVG Network edition with the latest updates.  Neither one detect a virus on the computer, but I am still suspicious that there is a virus or worm that is placing these executables on the computer.  What should I try next to determine what keeps putting this executable file on the computer and running it?

Thanks
0
BryanRSmith
Asked:
BryanRSmith
  • 3
1 Solution
 
rpggamergirlCommented:
Don't worry they are legit.

Those files c:\windows\temp directory that has a dog icon and changes are legit and they belong to TrendMicro.
They are TrencMicro's watchdog in order to trick the viruses/trojans which wants to disable antivirus.

I think it's pretty clever for TrendMicro to think that way.
0
 
rpggamergirlCommented:
Unless I'm wrong of course! :)

0
 
BryanRSmithAuthor Commented:
thanks
0
 
rpggamergirlCommented:
You're welcome.

I was going to say contact TrendMicro I'm sure they can explain it better than I do.
In order for TrendMicro's watchdog to stay undetected by viruses/trojans it has to behave like one and look like one, hence the random files that changes.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now