Solved How to handle Names of detection signatures in EXTRA.DAT .

December 21, 2014 at 20:28:40
Specs: Windows 7, 8 Gb
Hello,

I'm scanning my small set of PC's for a few weeks and today firtst time I hit this error: " Names of detection signatures in EXTRA.DAT = Trojan-Wiper (ED)"

Could someone please explain me whant means EXTRA.DAT? Is it addition to .DAT? In my case I am using xdat.exe to get latest .DAT and then command line for scanning. How should I handle the issue? I only have OnDemandLog.txt file at the end of scan. Should I open Console and analyze what McAfee did with that malware Trojan-Wiper. BTW is it a virus? What measures should I take to get rid of it?

I will attach a small log that I got from my scan.

Thanks

P.S. After first detection of Trojan-Wiper in 2 hours I ran again with a newer version of .DAT and it again detected the same issue.
The biggest confusion is that when I scan the same PC using VirusScan Console and the same Task it didn't find any issue. I used for VirusScan all default values and for command line scan I used this command:
"%PATH_%\scan32.exe" /Task {D6531881-7E64-491E-95E8-29369DCBC3F5} %* /ANALYZE /MANY /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /STREAMS /UNZIP /THREADS=4 /TIMEOUT=15 /APPEND /AUTOEXIT


See More: How to handle Names of detection signatures in EXTRA.DAT .

Report •


#1
December 21, 2014 at 20:53:45
Lets get another opinion.

Best you print or write the instructions & check the steps off as you do them.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

message edited by Johnw


Report •

#2
December 22, 2014 at 04:28:46
Thanks for reply BUT my PC's are located on VLAN and does not have access to Internet. Also my orgsnisation policy does not allow me to do that.
Hence I have to deal with what I have 😀
Thanks anyway

Report •

#3
December 22, 2014 at 04:41:45
✔ Best Answer
I'd never heard of extra.dat and was inclined to feel it "might" be a nuisance item; and thus not at all surprised when JohnW suggested an initial look-see for pests...

Meanwhile I dun a wee google trawl using the string:

extra.dat

and found this - amongst other hits...

http://www.mcafee.com/us/threat-cen...

Possibly it relates to what you are describing?


Report •

Related Solutions

#4
December 22, 2014 at 04:45:35
More googling.

McAfee Labs Threat Advisory
Trojan-Wiper
https://kc.mcafee.com/resources/sit...


Report •

Ask Question