sioban, on Apr 29 2009, 12:51 PM, said:
Gedrean, on Apr 29 2009, 01:30 PM, said:
How, exactly, did you download this particular item "VipreRescueScanner.exe" ?? The plugin for Vipre PC Rescue included in UBCD4W has a different exe name.
Also, the update downloads "VIPRERescue.exe" - no mention of "Scanner"...
I was wondering the same thing when I've read the getupdate.cmd.
I need to investigate that.
Alright I figured it out - sorry.
VipreRescueScanner is extracted from VipreRescue.exe -
And here is the current report as extracted from a download just a minute ago:
http://www.virustota...be9e4c2eb3b6de9
It indicates it was last scanned Apr 27th. 0 of 40 reports.
Here's my expectation: You already had the virus, and as it downloaded and wrote the file the virus found an exe and implanted into it.
That being said, it is VERY Possible that, yes, you received a virus through that download, and the VIPRE people had a virus in one of their distributions.
Problem: A virus CANNOT spread from an EXE without the EXE being run or launched ... or worked upon in SOME WAY by a program or function that is susceptible to that virus.
What did you do with that EXE when you were advised it was a virus?
And I really doubt that unzip was infected by a virus it extracted from the viprerescue.exe - as it just inspects the self-extracting exe and finds the archive within, then extracts from that.
I would expect the virus would not bother allowing itself to be extracted, and instead overflow or somehow exploit a problem in unzip, thus infecting it and bypassing the waste of time that is extracting VipreRescueScanner.exe - and then infecting your system.
Leaving you wonder why unzip just locked out in the middle of your config.
Thus why I think the system was already infected.