Solved

How do you remove the Win/32Heur virus?

Posted on 2011-03-11
11
2,100 Views
Last Modified: 2013-11-22
I have AVG virus protection and on start up I keep getting a Threat Detected warning. It says File name:
c:Program Files (x86)TOSHIBA Games\Bejeweled 2 Deluxe\wtmui_zh-cn\bejeweled2.exe

virus found Win32/Heur
Detected on open.

I have three options, Move to Vault, Go to File and Ignore. I moved it to Vault and it keeps popping up. This is on my laptop, separate from this computer with no internet right now.

I have AVG and Malware by Anti-Malware installed.

How do I get rid of this one?

Thanks,
Art
0
Comment
Question by:artismobile
  • 5
  • 5
11 Comments
 
LVL 17

Assisted Solution

by:CSecurity
CSecurity earned 166 total points
ID: 35108709
Win32 Heur means Heuristic, it means your AV software detected a possible new virus, if you want, upload it to virustotal and let other AVs scan it. But if no infection detected on your system files, it means only that file is possible source of alert, simply delete that file.
0
 
LVL 38

Accepted Solution

by:
younghv earned 334 total points
ID: 35108767
I've seen several references to "Bejeweled" files lately and I think this is a "False Positive".

I have the whole series of games loaded on a couple of computers for my grandsons and am not getting any alerts.

AVG may be over-aggressive on this - and the folks at Bejeweled may have accidently written code that is too similiar to some known malware characteristics.

If you want to download and run a scan from "Malwarebytes" - just as a double-check - it will only take a few minutes...and a lot of peace of mind.

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.
0
 

Author Comment

by:artismobile
ID: 35108781
ok.
That computer doesn't have internet right now but will this evening.

When you say upload to virustotal, what do you mean, please.

Art
0
 

Author Comment

by:artismobile
ID: 35108804
I have Malwarebytes and I'm running a scan right now
0
 
LVL 38

Expert Comment

by:younghv
ID: 35108816
If you need an MBAM update (w/ no Internet connect) download the update file to a USB stick and 'execute' it on the affected computer:

http://data.mbamupdates.com/tools/mbam-rules.exe
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 38

Assisted Solution

by:younghv
younghv earned 334 total points
ID: 35108864
If you want that file scanned (I prefer http://virusscan.jotti.org/en), you can either copy the file to your USB stick or wait until it is on-line.

Go to http://virusscan.jotti.org/en and click on the "Browse" link - that will open up a "Windows Explorer" kind of window and you can just navigate to wherever the file is located and "double-left-click" on it.

I will be evaluated by a variety of tools from Jotti and you will get your results.
0
 

Author Comment

by:artismobile
ID: 35108990
Scan if finished.  Nothing detected.  I don't need the Bejeweled I could just delete the file, I guess. I just re-started the computer and it didn't show this time
0
 

Author Comment

by:artismobile
ID: 35109031
(Younghv)

I am just virus prone aren't I??? LOL
0
 
LVL 38

Expert Comment

by:younghv
ID: 35109307
Hi Art,
I just realized 'who' the asker was.

You probably should delete that file - I 'say' that I installed those games for my grandsons, but I have been known to waste a few  hours beating on those things...addictive!

Deleting it will remove the tempation.

Vic
0
 

Author Comment

by:artismobile
ID: 35109376
<WINK>
I rebooted a few times and it did not show up after I (again) quarantined it in AVG and ran Malwarebytes. I'll remove it and all the temptation that comes with it!
Thanks again!
0
 
LVL 38

Expert Comment

by:younghv
ID: 35109521
Art - a little EE trick that may help.
Whenever you have a similar question, look right below the last post (in any question) and click on the "ask a related question" link...then post your question.

A special notification will be sent to all the Experts who participated in your old question.

It sometimes helps when the Experts are already familiar with the Asker and up-to-speed on prior situations.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now