I recently downloaded OS 98SE updates for a friend burned them to a CD and gave them to him. I kept the original files on my HDD in case he needed further copies as he does not have a burner and only a dial-upconnection.
Yesterday did an online scan with BitDefender which claimed to find trojan.bat.restart.a in file wupg98en-jul.exe (this file being one of the upgrades for 98SE).
I scan my machine regularly (and on the day after the download of the file) with AVG (free), Defender, Ad-Aware, SpyBot S&D ans a-squared free. None of these showed a problem. I also ran SysClean with the latest update and that picked up nothing.
Is this likely to be a false positive or could his system be at risk?
I`m running XP Pro SP2 and understand my OS is fairly resistant to this malware?
However the trojan was only in a downloaded update file for OS 98SE which I downloaded from a site recommended in PCA for October 2006. I downloaded the file last week but obviously had no need to unpack it.
My main concern is for the friend I gave the CD to. Is it likely to be a real threat to him? There seems to be very little on this trojan on the web but what I can find doesn`t seem to rate it a high magnitude.
I can resolve any risk to myself easily as you recommend but for the person who wanted the data.....
Not as yet. There were two sites mentioned in the article in PCA (page 92) as I remember I went to the first (exuberant) as I figured PCA`s recommendation would be good. Still might be but the attachment of the malware does concern me. I`ll do a Google and look at the other site.
I checked the file size on the website (24.7MB) and it`s the same as I have on HDD. I would have thought that if it was integral with the file mine would now be smaller as BitDefender said it had `deleted the file` as it couldn`t remove/negate the trojan.
Since you are having a grasp at straws I may as well have a go. Is it possible this was a false positive based on BitDefender being overcautious and/or wanting to sell software? I diod check for the file rundll16.exe which I understand is associated with this malware but couldn`t find it on my HDD using Search.