Jump to content


Photo

Please help what was this virus?


  • Please log in to reply
4 replies to this topic

#1 Vortex322

Vortex322

    New Member

  • Members
  • Pip
  • 4 posts

Posted 06 February 2013 - 05:20 PM

U just ran a sacn today it found
Exploit.Drop.GS

I never heard of it before I hear it makes your PC go slow but my PC has been running fine. False positive maybe it was removed so I guess it doesn't really matter just a little paranoid I hate viruses












Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Charres :: CHARRES-PC [administrator]

2/6/2013 2:53:30 PM
mbam-log-2013-02-06 (14-53-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 476866
Time elapsed: 1 hour(s), 22 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Charres\AppData\Local\Temp\conhost.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)

#2 Vortex322

Vortex322

    New Member

  • Members
  • Pip
  • 4 posts

Posted 06 February 2013 - 05:21 PM

Sorry for any spelling erros english is not my first lanugague

#3 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,256 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 06 February 2013 - 05:36 PM

It is NOT a virus.

It exploit code related.

That means conhost.dll is associated with code that can be used to exploit a vulnerability in the computer OS or in a application or software installed within that OS.

Usually the word "drop" in the name would be indicative of a dropped exploit and the GS is either a version such as GS vs GT or GR but it could also be an acronym associated with the type of exploitation performed by the DLL file (Dynamic Link Loader).

All viruses are malware but not all malware are viruses and viruses actually make up a small fraction of the malware seen in the wild. It is a common, public, misperception that all bad software are viruses. All bad software are malware where mal is short for MALicious as in Malicious Software.

HTH
David H. Lipman
DLipman@Verizon.Net

#4 Vortex322

Vortex322

    New Member

  • Members
  • Pip
  • 4 posts

Posted 06 February 2013 - 05:51 PM

So I basically have nothing to worry about once it was remvoed correct?

#5 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,256 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 06 February 2013 - 05:56 PM

For the most part - yes.

Since it is associated with code that can be used to exploit a vulnerability, is it incumbent upon you to make sure that ALL software is up-to-date.

Prevention is always better than cure.
David H. Lipman
DLipman@Verizon.Net




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users