Win32/VMalum.BXRF ?? [False detection in CA signatures]

Same

Noticed a CA warning after rebooting the PC (slowed down dramatically after running Diskeeper).

Reported not finding a DLL then diskeeper crashed while modifying the MFT of a large volume.

Had four CA warnings, two 'quarantined', two 'deleted').

Emptied Undelete basket then went manually to all recovery bin and recycler folders and deleted all files in there.

Ran CA full scan, no report of virus.

Did not upgrade Live messenger to 8.5

Problem seems to have cleared.

 

Bloody Computers

Having read all the posts, I clicked on updates in CA screen 11 am 5th March Australia time, two updates were downloaded, and I am fairly sure that will be the end of it. This is the CA description of virus. Good luck.

http://www.ca.com/securityadvisor/virusinfo/virus.aspx?id=41829

 

Hi All

Thanks to everyone that responded here, It is very appreciated.

Good that it is a false/positive, also good that CA seems to have fixed it in short order.

Arie was correct though, they should have posted something on their web forums.

I also use CA and messenger but received no warning that I know of, was away from my computer most the day.

Again Thank you all.

Geri

 

Win32/VMalum.BXRF ??

Thanks to everyone else on this thread for all the useful info relating to the CA Anti-Virus software detection of "infection" by Win32/VMalum.BXRF in Windows Live Messenger, and (2) INI/Helpud.CL "infection" of desktop.ini in the "My Pictures" backup folders.

Also started experiencing this problem with CA Anti-Virus detecting Win32/VMalum.BXRF infection in the Windows Live Messenger 8.1 file "msmngr.exe" (C:/Program File/MSN Messenger/msnmsgr.exe) at 12:26 GMT, Tues 4 March after the automatic update of the virus signature file to 5585.

I also experienced problems with my laptop refusing to go into "Standby Mode ", and taking inordinately long to "shutdown" and "startup ", possibly as a result of the CA Anti-virus software interferring with the "startup" and "shutdown" of windows Live messenger.

The msnmgr.exe file was not quarantined until 2.33 am GMT, Wed 5 March, just after I booted up my laptop, probably as result of the automatic update to Virus Signature file 5587.

A further update to virus signature file 5588 occurred at about 2.38 am GMT, Wed 5 March, and several hours later I restored the msnmsgr.exe file from the CA Anti-Virus Quarantine Box to the C:/Program File/MSN Messenger folder. I then scanned the "msnmsgr.exe" file and the MSN Messenger Folder with CA Anti-Virus, Signature File 5588, and it did not report any infection with V.Balum.BXRF, or any other virus.

Therefore, as noted by others on this forum, it would appear that detection of VMalum.BXRF was a false positive, due to a glitch in the CA Ant-Virus software/signature files 5585 - 5587.

My laptop is now behaving normally with regard to going into "Standby Mode ", and with regard to "Shutdown" and "Startup" times. So it seems(fingers crossed) that those problems have also been rectified.

In conclusion, there does not appear to be any need to update Windows Live Messenger to version 8.5. Just ensure that you are using the latest CA Anti-Virus signature file, 5588 and upwards.

I also experienced the problem of an INI/Helpud.CL infection being detected by CA Anti-Virus/signature file 5585 in the "desktop.ini" files in 3 backups of "My Picture" folders on my laptop's F: partition. All 3 desktop.ini files were deleted by CA Anti-Virus. However CA Anti-Virus did not detect any INI/Helpud.CL infection in the "original" My Pictures folder on the C: partition (which is puzzling). Therefore I suspect that this may also have been a false positive related to virus signature file 5585.

 

I've had all sorts of trouble getting rid of Win32/VMalum.BXRF

I've had a terrible time getting this to go away. My CA has a firewall problem always asking ccupdate.exe to be allowed so it hasn't updated to the new version. (problem for another day and thread )

Managed to update CA versions after deleting the quarantined files. I then had to go to ADD/DELETE PROGRAMS in XP and 'REPAIR' Windows Live Messenger. After it rebooted I got Messenger back and it all appears to be good.

Thanks to everyone for your posts - it helped me find a starting place to remove it from my system I certainly couldn't find this on CA website or anywhere else!

Sally

 

Win32/VMalum.BXRF

Yesterday, I hit this problem. It must have something to do with "CA" catching it. Window opened saying it saw the virus, but did not do anything with it. Then I rebooted and found CA quarantined it. I deleted it in the quarantine.
MSN messenger was totally gone on the reboot.
Then I keep a zipped version of msn in a "zipped" folder. Reopened msn messenger again and it seemed to all work fine today. I have done three full scans and CA picks up nothing. Although, yesterday when the virus window kept opening, a full scan showed no virus. duh.
I found nothing on this viruse at : nortons, mcaffee, or ca.
and so it goes.

 

CA Virus notice problem

I did run my Antivirus and scanned my C: drive and cleaned what was on it. Then I ended up uninstalling MSN Messenger and reinstalling it to get rid of the pop up virus thing. I couldn't log into MSN and spent over an hour with one of their tech who first kept asking me about the time on my computer and then about my antivirus. I finally gave up and said that I would contact CA.

On my own I went to the Parental Controls that comes with CA and disabled it and TADA everything worked again. I have never liked it anyway. It came with almost no instructions.
Myraone

 

Good Luck

I also had the same problem... I use avg and Zone Alarm Suite.
The wins32 virus detection pop up windows couldnt be shut down.
They both detected this when I had signed into windows live messenger msnmsgr.
My computer slowed right down and kept rebooting itself.
In safe mode I uninstalled windows live messenger... When I tried to download the new version.. I got a message saying that I HAVE to update my OS because it isnt compatible.
Being as it was compatible the day before.. I will NOT be told when I have to install anything I dont need.
I installed Trillian and have had NO problems .
Good luck thats my story.
Toxigenic