Solved

How do you remove the Win/32Heur virus?

Posted on 2011-03-11
11
2,101 Views
Last Modified: 2013-11-22
I have AVG virus protection and on start up I keep getting a Threat Detected warning. It says File name:
c:Program Files (x86)TOSHIBA Games\Bejeweled 2 Deluxe\wtmui_zh-cn\bejeweled2.exe

virus found Win32/Heur
Detected on open.

I have three options, Move to Vault, Go to File and Ignore. I moved it to Vault and it keeps popping up. This is on my laptop, separate from this computer with no internet right now.

I have AVG and Malware by Anti-Malware installed.

How do I get rid of this one?

Thanks,
Art
0
Comment
Question by:artismobile
  • 5
  • 5
11 Comments
 
LVL 17

Assisted Solution

by:CSecurity
CSecurity earned 166 total points
ID: 35108709
Win32 Heur means Heuristic, it means your AV software detected a possible new virus, if you want, upload it to virustotal and let other AVs scan it. But if no infection detected on your system files, it means only that file is possible source of alert, simply delete that file.
0
 
LVL 38

Accepted Solution

by:
younghv earned 334 total points
ID: 35108767
I've seen several references to "Bejeweled" files lately and I think this is a "False Positive".

I have the whole series of games loaded on a couple of computers for my grandsons and am not getting any alerts.

AVG may be over-aggressive on this - and the folks at Bejeweled may have accidently written code that is too similiar to some known malware characteristics.

If you want to download and run a scan from "Malwarebytes" - just as a double-check - it will only take a few minutes...and a lot of peace of mind.

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.
0
 

Author Comment

by:artismobile
ID: 35108781
ok.
That computer doesn't have internet right now but will this evening.

When you say upload to virustotal, what do you mean, please.

Art
0
 

Author Comment

by:artismobile
ID: 35108804
I have Malwarebytes and I'm running a scan right now
0
 
LVL 38

Expert Comment

by:younghv
ID: 35108816
If you need an MBAM update (w/ no Internet connect) download the update file to a USB stick and 'execute' it on the affected computer:

http://data.mbamupdates.com/tools/mbam-rules.exe
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 38

Assisted Solution

by:younghv
younghv earned 334 total points
ID: 35108864
If you want that file scanned (I prefer http://virusscan.jotti.org/en), you can either copy the file to your USB stick or wait until it is on-line.

Go to http://virusscan.jotti.org/en and click on the "Browse" link - that will open up a "Windows Explorer" kind of window and you can just navigate to wherever the file is located and "double-left-click" on it.

I will be evaluated by a variety of tools from Jotti and you will get your results.
0
 

Author Comment

by:artismobile
ID: 35108990
Scan if finished.  Nothing detected.  I don't need the Bejeweled I could just delete the file, I guess. I just re-started the computer and it didn't show this time
0
 

Author Comment

by:artismobile
ID: 35109031
(Younghv)

I am just virus prone aren't I??? LOL
0
 
LVL 38

Expert Comment

by:younghv
ID: 35109307
Hi Art,
I just realized 'who' the asker was.

You probably should delete that file - I 'say' that I installed those games for my grandsons, but I have been known to waste a few  hours beating on those things...addictive!

Deleting it will remove the tempation.

Vic
0
 

Author Comment

by:artismobile
ID: 35109376
<WINK>
I rebooted a few times and it did not show up after I (again) quarantined it in AVG and ran Malwarebytes. I'll remove it and all the temptation that comes with it!
Thanks again!
0
 
LVL 38

Expert Comment

by:younghv
ID: 35109521
Art - a little EE trick that may help.
Whenever you have a similar question, look right below the last post (in any question) and click on the "ask a related question" link...then post your question.

A special notification will be sent to all the Experts who participated in your old question.

It sometimes helps when the Experts are already familiar with the Asker and up-to-speed on prior situations.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trend Micro says it has blocked 9 encryption attempts 6 349
Russian pop up ad virus 8 115
dma locker 3 query 7 164
Ransomware and encrypted backups 5 78
The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now