I didn't open the executable, do I have a virus?

By jerome_watkins
May 10, 2008
  1. first off, i apologize if this has been covered somewhere else. i've searched for hours but never found the answer.

    i run a Symantec virus scan every morning in the wee hours. this morning it reported finding an infected file (which it successfully quarantined):
    the file kmdupdate.exe was said to be infected with Infostealer.Gampass
    in the location E:\Documents and Settings\Administrator\My Documents
    (my e: drive was an old system disc on an old machine, hence that folder structure there.)

    in a panic, i had symantec delete the file from the system. this was stupid because i didn't get to see when it was created or any other info on it.

    However, as far as i know, i never ran that executable.

    so my question(s):
    1)did my anti-virus catch it before it infected my system?
    2)or does the finding mean that the infostealer.gampass is on my system and infected that file?
    (i found no other instances of it in my rescan after deletion. i ran SpyBot and found the normal cookies, but no malware. i have yet to restart my machine because i've spent the last 6 hours scanning forums for answers)
    3) is my system clean and safe to use online, including entering passwords, online shopping, etc. ?
    4) and the nagging question, where the hell did that file come from? (see below for more information.)

    i had Azureus open last night and downloading some music.

    so, some people will say, "it's obvious, the file came from a download."

    well, a few things that bother me:
    1. i haven't touched that folder for a long time.
    2. my files from Azureus are set to be stored on my F: drive
    3. Azureus is set to move files to a different folder on the same drive
    4. i had not (before finding the notification) and still have not touched any of the files i was downloading.

    i've taken steps to start a full system exploration using the steps listed in the forums.

    sorry for such a long post...

    i just want to know if i never opened the .exe file, can i be infected?

  2. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Not a serious one. Here is what you would have been able to read if you had not moved so fast: Infostealer.Gampass is a generic detection for a Trojan horse that steals online game accounts, such as Lineage, Ragnarok online, Rohan, and Rexue Jianghu.

    Note: Virus definitions dated November 17, 2006 or later may detect this threat as Bloodhound.KillAV.

    You should run a new scan by Norton or Symantec, and also one by the free version of Spyware Doctor download.
    You will likely be fine with what has happened.
  3. jerome_watkins

    jerome_watkins TS Rookie Topic Starter

    Raybay, Thanks for your quick reply!

    I ran a new scan after deleting and it came up clean.

    however, sometime during the night my Symantec flagged the same infopass virus in E:\System Volume Information|_restore( and a whole lotta numbers)\A008873.exe

    i assume this was put in to a system restore point by windows. however, it's odd that it was found AFTER i deleted the original violator.

    i'm not familiar w/ how the system restore works.

    i did run Kaspersky online scanner and it created quite the log file. there are a ton of "Infected: not-a-virus:Adware." type of notifications along with some that do say
    "Infected : Trojan.Krepper"
    but they are ALL in similar locations: "E:\System Volume Information\_restore{ number and more letters)
    i will try to wipe them all out just to avoid confusion.

    So, based on what you said, i'm probably ok. I will run more scans and clean it up.

    But, it seems like my virus scanner did its job and flagged and quarantined a dangerous EXE file before i ran it thus saving me from a much worse experience.

    So, it seems fairly safe to say that as long as i don't open/run an exe file then my system won't get infected.

    Thanks for your help!!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...