TechSpot

Is my computer infected with the virus Luder.A?

By kollo23
Jul 24, 2007
Topic Status:
Not open for further replies.
  1. Hi,
    I might have been fooled by a fake Adobe Shockwave player update site. I use Windows XP and normally run with a non-admin account but a couple of days ago I logged in as admin and got a message that I should update Shockwave player since it was an old version. I was stupid and did that without checking the site properly and the day after when I was searching for a file on the computer my antivirus program Antivir said that the file C:\Windows\system32\Macromed\Shockwave 10\download.exe was infected with a virus. I think Antivir called it Luder.A.42.
    I uninstallled Shockwave player and installed it again and this time I went to the Adobe site manually to download it. Now I don't have a download.exe file in the Shockwave 10 directory anymore. Antivir has also detected the virus in System restore files so I am going to disable/enable System restore.

    But I am still not sure if my computer really was/is infected with a virus. I ran Kaspersky online scanner on the file that Antivir said contained a virus but Kaspersky didn't find any virus in it. I deinstalled Antivir and installed AVG Free instead and AVG doesn't think the file contains a virus. Is it possible that Antivir is wrong and there is no virus? I have sent the possible "virus" to Antivir through their Send function but I haven't got any reply.

    I have run HijackThis and as far as I can tell it looks fine. I have attached hijackthis.log. There is one entry in the log file that might look suspicious, KnurtLogoutHandler.dll, but this is no virus. It is part of an application I have written myself.

    Should I be worried and reinstall my computer or am I safe?

    Regards,
    kollo23

    Attached Files:

  2. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Please go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Remember to rename HJT as per the instructions.

    Regards :)

    This thread is for the use of kollo23 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  3. kollo23

    kollo23 TS Rookie Topic Starter

    Thank you for your reply kitty500cat. I haven't followed your instructions yet since I am pretty sure that the virus was a false positive in Antivir.

    Today I uploaded A0049920.exe (system restore copy of the Shockwave file download.exe) to analysis.avira.com and got this result:
    "The file 'A0049920.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 6.39.0.178. "
    Version 6.39.0.178 of the Antivir VDF was released July 23 and I got the virus warning from Antivir July 22. There has been some discussion about this false positive in the Avira (Antivir) forum. I have also uploaded the file to www.virustotal.com and only "Fortinet" claims that the file contains a virus. I found in this thread (http://www.hwupgrade.it/forum/showthread.php?t=1518047) that someone else uploaded the Shockwave file on July 23 and by then four virus scanners claimed that it contained the virus Luder.A/Luder.A.42.

    The last days I have tried AVG instead instead of Antivir and maybe I will now switch to AVG instead. It seems to be popular and the free version includes a mail virus scanner not available in the free version of Antivir.

    Regards,
    kollo23
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.