TechSpot

W32 in vimicro program file

By glennbahai
Jan 15, 2014
  1. Running numerous scans on a used Toshiba Satellite A300D-13G running on Windows 7 (originally Vista) that I just bought. Pandas Active Scan 2.0 found W32/Autorun.KAN in this file: C:\program files\vimicro\driverautoinstall\actionfiles\sign.exe I called Toshiba tech support and the technician remotely accessed the computer but he couldn't say if I could delete the file as the computer is a European model and he is only familiar with US models. He wasn't sure if this vimicro driver was original driver or installed in a later modification, nor if it would screw up the webcam if I deleted. I ran a Virustotal scan and here is the result:
    SHA256: 14981e35c7417be9a980d4d7e172b05558fcf3f2c633ccbfadff2bcc444b08e2
    File name: file-3163210_exe
    Detection ratio: 14 / 46
    Analysis date: 2013-02-21 19:51:57 UTC ( 10 months, 3 weeks ago )
    [​IMG]
    0

    0

    Antivirus Result Update
    AVG Worm/Generic2.UYR 20130221
    Agnitum Worm.AutoRun!5iAHhSGqw3U 20130221
    ClamAV Worm.Autorun-4752 20130221
    Commtouch W32/MalwareF.FUUC 20130221
    F-Prot W32/MalwareF.FUUC 20130221
    Ikarus Worm.Win32.AutoRun 20130221
    Jiangmin Worm/AutoRun.vte 20130221
    K7AntiVirus Riskware 20130221
    McAfee Artemis!C8FA70DEDC17 20130221
    McAfee-GW-Edition Artemis!C8FA70DEDC17 20130221
    Norman Smallworm.QRV 20130221
    Panda W32/Autorun.KAN.worm 20130221
    TheHacker W32/AutoRun.bkcx 20130221
    VIPRE Worm.Win32.AutoRun 20130221
    AhnLab-V3 20130221
    AntiVir 20130221
    Antiy-AVL 20130221
    Avast 20130221
    BitDefender 20130221
    ByteHero 20130221
    CAT-QuickHeal 20130221
    Comodo 20130221
    DrWeb 20130221
    ESET-NOD32 20130221
    Emsisoft 20130221
    F-Secure 20130221
    Fortinet 20130221
    GData 20130221
    Kaspersky 20130221
    Kingsoft 20130204
    Malwarebytes 20130221
    MicroWorld-eScan 20130221
    Microsoft 20130221
    NANO-Antivirus 20130221
    PCTools 20130219
    Rising 20130205
    SUPERAntiSpyware 20130221
    Sophos 20130221
    Symantec 20130221
    TotalDefense 20130221
    TrendMicro 20130221
    TrendMicro-HouseCall 20130221
    VBA32 20130221
    ViRobot 20130221
    eSafe 20130211
    nProtect 20130221 Delete or not to delete that is the question, I want a clean computer before I start logging into my accounts
     
  2. glennbahai

    glennbahai TS Rookie Topic Starter

    Funny how ideas come to you in the middle of the night I didnt want to use any passwords until all scans came up clean but decided to open skype and test the webcam, then I checked which programs were running when the webcam was on using the task manager and Emsisoft HijackThis the webcam program was a Windows file and not the vimicro in
     
  3. glennbahai

    glennbahai TS Rookie Topic Starter

    Funny how ideas come to you in the middle of the night I didnt want to use any passwords until all scans came up clean but decided to open skype and test the webcam, then I checked which programs were running when the webcam was on using the task manager and Emsisoft HijackThis the webcam program was a Windows file and not the vimicro in programfiles and I went ahead deleted the suspect file, closed and reopened Skype turned on the webcam and it was working.Probably the vimicro program was downloaded but not the original driver or ever drove the webcam. As a warning to others, I should mention that on my previous laptop also a Toshiba but a very different model a Satellite A-135 (broken) I was having a problem with the OS (Vista) recognizing the driver software running the webcam which was an external Logitech with the Logitech software installed. The Windows kept asking to download software to run the camera not detecting the Logi software was installed. Finally in frustration I allowed it to redirect to download the software and if I recall correctly it was from Vimicro and was infected with a virus. Hmmm, Chinese webcam manufacturer and offers free software. A word to the wise is sufficient
     
  4. glennbahai

    glennbahai TS Rookie Topic Starter

    Correction I used Emsisoft Hijackfree to check the processes running the webcam Hijackthis is from Trend Micro
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    It may be very legit file but since you deleted it already we have no way to take a look at it.
    Unless you have some other issues I'll mark this topic as inactive.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...