Looks like I've been infected by a virus, namely NSIS:Downloader-BX [Drp],
in a file named DpiSca.exe
, but...
I wasn't visiting any usual suspect sites (warez, pr0n etc) and nobody else was using my computer.
I'm not getting any usual symptoms.
It's been more than 5 years since I've been infected last time, so I'm pretty confident that I know how to take care of myself.
I'm unable to find any information on the Internet about the virus I'm infected with.
According to VirusTotal, only avast! considers it a virus.
Sysinternals Process Explorer, which seems to be well respected program, does not show any suspicious processes.
After running most thorough scan available in free avast! several times, it found no infections. I'll be purging a friend's computer tomorrow and once it is secured, I plan on using it to scan my hard drive just to be safe.
The file seems to be a NSIS installer.
Once extracted, it contained only two .dll
files –
ExecPri.dll
and inetc.dll
–
and neither of them seems to be infected according to VirusTotal and avast!.
File intec.dll
appears to be standard part of NSIS,
but I was unable to find information about ExecPri.dll
.
After analyzing the installer file, the only suspicious strings are related to RichEdit, which appears to be JavaScript editor, which I'm not using. The rest seems to be standard NSIS boilerplate.
I'm using OpenDNS and it doesn't report any suspicious connections DNS resolutions.
On the other hand:
The file appeared several times in my \Windows
directory
even after being deleted and I have no idea what's creating it.
(Any tools which can determine what file is made by what process?)
Only reference I could find about it was on Google cache of a forum dealing with malware infections, and was marked as virus agent.
My question is how do I check if this file is or isn't a part of a virus?