Windows XP bug, or Virus? Text moves from "All or part of file name" field to the "A word or phrase in the file" field

07
2014-07
  • user199340

    This would be too big a bug to not be on Google, one would think.

    Repeatable problem. (click) Start -> (click) Search -> (click) Pictures, Music, or Video -> (check) Pictures and Photos -> (type text: testing) All or part of the file name -> (click) Use advanced search options -> !! "testing" has now been moved from the "All or part of file name" field to the "A word or phrase in the file" field." !! This happens every time. (I finally stepped through this as my image searches kept searching inside of files instead of for matching file names. I thought at first I kept putting it in the wrong field, but I couldn't have been, as that field hadn't even appeared yet.)

    Windows XP SP3 w/all updates (updating is enabled).

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    anti virus - How do I find information about a particular trojan? "W32/Smalltroj.XVGT", as reported by Norman
  • Lasse V. Karlsen

    I tried checking the Norman antivirus page, Virus-descriptions, but sadly it seems Norman has intentionally obfuscated their search results (I tried clicking on W, and it seems they just list viruses with a W somewhere in the description, instead of more typical, all viruses with a name starting with a W.)

    Is there a common virus-list somewhere, or is it as I suspect, every antivirus manufacturer is free to come up with their own identification tags for each virus?

    Several "vshost32.exe" files, related to Microsoft Visual Studio 2008, has been quarantined on our server today, probably related to a test-deployment of some internal software. Some developer machines that have grabbed that latest version of our program has also had the same files quarantined. Now, these files should not have been deployed in the first case, so I'll be looking into that, but whenever any developer now builds a program locally and attempts to debug, the same file is placed in the build output directory, and promptly quarantined.

    Does anyone have any clues as to how I can go about verifying this before I pointedly ask the antivirus software to go take a hike on this particular virus?

    Edit: I've copied one of the quarantined files manually to a machine over the network that doesn't have antivirus installed, and compared the file on that machine with a local copy (on that machine) of the vshost32.exe template file, and they're bit-for-bit identical. I guess this is a false positive.

    I still would like to know if it would be possible for me to verify this in any other way though, since next time such a trojan might be reported in a compiled file that we won't have a pristine copy of.


    • Related Answers
  • alex

    Most antivirus manufacturers have their own databases including their own naming rules for the viruses they know are out there. Instead of trying to find out what Norman antivirus thinks the file is, try installing a different antivirus (Microsoft Security Essentials comes to mind, it's really good and free) with a good track record instead of Norman antivirus.

    Odds are you'll also find more information about the virus (if it really is that) if you look up the name it's been given by Microsoft, Symantec or Kaspersky.