Page 1 of 1

Virus win32\small.ca

Posted: Sun Jun 23, 2013 10:58 am
by sphester
Hi All

A ward clerk computer is showing an action item in the windows action centre. From the date of the message looks like the message has been there for over a month.The message just says we need to remove the win32\small.ca virus.

I did a full sophos scan and nothing showed up. A quick google around the subject and some say it is a vey nasty virus other are saying it could a false positive.

I had look in the windows registry for some of the places that peole suggest the virus makes changes but everthing look normal well as nomal as I can tell. And all in all the computer appears to be running fine.

Any tips ideas anyone else had a similar problem.

Re: Virus win32\small.ca

Posted: Sun Jun 23, 2013 11:08 am
by Biggles
Try running Malwarebytes (Free version) Superantispyware. Trying running them in Safe Mode (F8) with networking. I will PM you a very useful site to obtain these and other useful program's without all the rubbish that sometimes comes with free stuff!

Re: Virus win32\small.ca

Posted: Sun Jun 23, 2013 11:27 am
by sphester
I'll give that a go. hanks for the link i once used that ver site not used in ages thouh.

I did run a microsoft safty scan (a download form micosoft). The acion centre message suggested it but nothing came back.

Will try Malwarebytes now and le you know

Re: Virus win32\small.ca

Posted: Sun Jun 23, 2013 11:28 am
by marianomarini
Biggles wrote:I will PM you a very useful site to obtain these and other useful program's without all the rubbish that sometimes comes with free stuff!

Free or Open stuff?
Seconds are surely free from rubbish!

Re: Virus win32\small.ca

Posted: Sun Jun 23, 2013 12:07 pm
by Biggles
Not sure what you mean, but I'll PM you the website for you to make up your own mind!

Re: Virus win32\small.ca

Posted: Sun Jun 30, 2013 2:56 pm
by JamesAnderson
If Sophos missed it, it's likely a very new version of a known virus. If you can trap it, send the sample to samples at sophos.com and they will tell you in a few hours whether it is a new one and a definition is being pushed out, or whether it's something they have.

The filtering software in use now doesn't even get some malicious website, they rely on external databases rather than live in-house people to find verify stuff as it is or is not, and one of these sites that filter missed in its automated scan of a webpage or other web object is how the PC got infected I think.