Page 1 of 1
Suspicious File/folder in default VM directory:wintruster
Posted: 26. Apr 2015, 20:25
by bobw67
My Internet security Program (Kaspersky 2015) flags the following directory and file that were found in the default VM's directory:
X_vboxDiagTools (folder)
vboxnetadp.sys_error_repair_tool-winthruster.exe ( only file in above folder)
I have Virtual box version 4.3.24 installed
Is this a valid folder and file to be installed by virtual box? or is it possible malware?
Thanks.
regards,
Bob
Re: Suspicious File/folder in default VM directory:wintruste
Posted: 27. Apr 2015, 11:44
by mpack
That tool was not installed by VirtualBox. In fact VirtualBox puts nothing in the VMs folder until you create a VM.
It looks to me like you visited one of those websites that will tell you what "vboxnetadp.sys" is for (in fact it's the host-only NIC driver installed by VirtualBox in the system32\drivers folder), and lets you download a snake oil tool to "repair it" - which is the exe you have there. IMHO you'd be a fool to run that exe.
It would delete it immediately.
Re: Suspicious File/folder in default VM directory:wintruste
Posted: 27. Apr 2015, 20:22
by bobw67
Thanks for your response. I have deleted the file. Since I did not download any file to repair anything, I don't understand how it got on my system. I'm open to any suggestions how to trace this. I wonder if I should install something that traces all files downloaded to the system. Anything that I have downloaded in the past, I immediately scan it with Kaspersky.
Thanks.
regards,
Bob
Re: Suspicious File/folder in default VM directory:wintruste
Posted: 28. Apr 2015, 00:25
by mpack
Sorry, I can only tell you that the .exe file did not come from VirtualBox.