First post, by AdamP
Hi,
I've just been scanning my old Compaq Deskpro running Windows 98 (which is connected directly to my Windows 7 laptop) with AVG 2014:
"";"Virus found BAT/Formatx, Z:\WINDOWS\Desktop\Unused Desktop Icons\UltBootDisk98.zip";"Infected"
"";"Virus identified EICAR_Test, Z:\WINDOWS\Desktop\Unused Desktop Icons\eicar.com";"Infected"
"";"Virus found BAT/Formatx, Z:\WINDOWS\Desktop\Unused Desktop Icons\UltBootDisk98.zip:\UltBootDisk98.exe:\unpacked000A.bin:\MENU.BAT";"Infected"
"";"Corrupted executable file, Z:\BIGRED\WINRACE.EXE";"Infected"
"";"Could be a Trojan horse Downloader.Swizzor, Z:\Programme\Creative\CTSND\VIENNA\SFSHELLX.DLL";"Infected"
"";"Trojan horse Dropper.Agent.WJ, Z:\eGames\Blaster_Pack\Tunnel Blaster\tblasterfin.exe";"Infected"
"";"Trojan horse Dropper.Agent.WJ, Z:\eGames\Blaster_Pack\3D Astro Blaster\ASTRO.EXE";"Infected"
"";"Trojan horse Dropper.Agent.WJ, Z:\eGames\Blaster_Pack\Galactic Invasion\EGAMES.EXE";"Infected"
"";"Trojan horse Dropper.Agent.WJ, Z:\eGames\Blaster_Pack\Galactic Patrol\GALACTIC PATROL.EXE";"Infected"
Can these results be relied upon? I have some doubts. I can;t find much info about Dropper.Agent.WJ but as far as I can tell it didn't exist until 2005. Also, I thought Trojans didn't infect other programs, but are "hidden" programs designed to download malware in secret? For 4 (possibly 5, though I doubt it) Trojans, I don't appear to have many viruses.
I'm also curious to know why it thinks Bigred/Winrace.exe is corrupt. I tried running it on the Compaq and it worked fine.
The EICAR file was detected, so my AV appears to be in working order. I have the original disc for the last 4, so I scanned it:
"";"Trojan horse Dropper.Agent.WJ.dropper, E:\setups\drakdemo.exe";"Infected"
"";"Trojan horse Dropper.Agent.WJ.dropper, E:\setups\eggdemo.exe";"Infected"
"";"Trojan horse Dropper.Agent.WJ.dropper, E:\setups\fmdemo.exe";"Infected"
"";"Found Win32/DH{WABnNQ8g}, E:\stub1.exe";"Infected"
"";"Trojan horse Dropper.Agent.WJ.dropper, E:\setups\wcdemo.exe";"Infected"
"";"Trojan horse Dropper.Agent.WJ, E:\setups\rademo.EXE";"Infected"
"";"Found Win32/DH{WABnNQ8g}, E:\stub2.exe";"Infected"
"";"Found Win32/DH{WABnNQ8g}, E:\stub3.exe";"Infected"
"";"Found Win32/DH{WABnNQ8g}, E:\stub4.exe";"Infected"
"";"Found Win32/DH{WABnNQ8g}, E:\stub5.exe";"Infected"
"";"Trojan horse Dropper.Agent.WJ.dropper, E:\setups\Minidemo.exe";"Infected"
"";"Trojan horse Dropper.Agent.WJ, E:\setup.exe";"Infected"
I have no idea what the rest of it is, but I find it hard to believe that a Trojan from 5 years into the future(?) found its way onto eGames Family Friendly game disc. The only other thing about Dropper.Agent.WJ is that some file called glowingbugsdemo.exe is known to be infected. I notice that follows the same naming convention as most of the other infected files on the disc; is that an eGames game too I wonder? I know some marburg viruses got onto some July 1997 (or was it 1996?) editions of a PC gamer disc, but that's different. I used to have that disc, and yes, it was indeed infected with said virus. I remember XEarth, some paint program, and a couple of other programs on the disc were infected.
Could my AV be misidentifying files on my retro computer as threats? Is there any way I can find out if SFSHELLX.DLL is indeed a Downloader.Swizzor? (I don't appear to have its symptoms, so that's a good sign). I don't like the thought of software from that time period being routinely infected with malware and distributed on CD! I thought the PC Gamer incident was a one-off?
Thanks