.exe sfx file infects itself

Ok, this is weird. I did scans with mrt.exe, Avast! and housecall to find nothing.

I have PeaZip which is an archive maker/manager. I downloaded two files from here a long, long, long time ago. I confirmed they were not threats as nothing went wrong during and after following the instructions.

I decided to re-download, in case these instructions were lost (this is a life-saving solution here). I also decided to make a self-extracting .exe archive with PeaZip, yes, it can do that too.

I had no error messages during the creation of the file. About a minute after, Avast! said that the file contained Win32arite. Coincidentially, this is the same virus that I witnessed Avast! successfully clean up when I copied files from an infected DVD.

I know the main sign of a Parite infection and it is changes in file size, which I noticed, when I re-made the file a second time, with the same two downloaded files. After Avast! deemed the file infected it was 2 times larger than the original.

Also, after Avast! blocked the file and attempted to clean it up, I noticed that this isn't the normal way Avast! blocks. Whenever I right clicked the file, the application used to right-click it froze up. (explorer.exe being the one) this happened with Avast! quick scanner too.

I decided to test PeaZip by making a bunch of other .exe's with it, and they all worked fine, even hours after creation. Only this one does not.

As I said I did thorough scans with no results showing ANY infection whatsoever. But the file still infects itself.

Here is the Virus Chest Results of the file: (size was 261596)


Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\Users\Stil\AppData\Local\Temp\_avast4_\unp258322922.tmp
FileID: 0000000005 Original file name: C:\Users\Stil\Downloads\LAYOUT.exe New folder: C:\Users\Stil\AppData\Local\Temp\_avast4_\unp258322922.tmp\5.exe

Scan files in the temporary folder: C:\Users\Stil\AppData\Local\Temp\_avast4_\unp258322922.tmp
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp258322922.tmp\5.exe\[UPX] -- no virus --
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp258322922.tmp\5.exe\LAYOUT.REG -- no virus --
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp258322922.tmp\5.exe\LAYOUT.DLL -- no virus --
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp258322922.tmp\5.exe Win32arite
------------------------------------------------------------------------------------------
Action was completed successfully!

Virus Chest Results of file before infection: (Size was 83723)

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\Users\Stil\AppData\Local\Temp\_avast4_\unp176495356.tmp
FileID: 0000000009 Original file name: C:\Users\Stil\Downloads\LAYOUT.exe New folder: C:\Users\Stil\AppData\Local\Temp\_avast4_\unp176495356.tmp\9.exe

Scan files in the temporary folder: C:\Users\Stil\AppData\Local\Temp\_avast4_\unp176495356.tmp
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp176495356.tmp\9.exe\[UPX] -- no virus --
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp176495356.tmp\9.exe\LAYOUT.REG -- no virus --
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp176495356.tmp\9.exe\LAYOUT.DLL -- no virus --
C:\Users\Stil\AppData\Local\Temp\_avast4_\unp176495356.tmp\9.exe -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!


Any Explanation to this phenomenon will be appreciated.

 

Why don't you ask the anti-virus software vendor?

 

I did, but still, the file does show evidence of infection...How is it possible for a file to change its size so quickly...And get infected from nowhere.

 

On the Avast forum you wrote that you had copied files of a DVD that also contained at least one virus, you mentioned WIN32Pinfi aka Win32Parite virus.
If I were you I'd ditch the DVD with program backups and re-download them instead if you can't be sure if/which files are infected.
Also, initially Avast didn't work 100% because you had not uninstalled AVG completely if I'm correct right?
I'm not trying to be a smart-ass here but are you sure Avast is running OK now?
You could upload the suspicious file to an AV vendor to have it checked out.

If you want to use online scanning, give Panda ActiveScan 2.0 a try, it scans and removes infections.
The Avira Rescue System CD is also an option to thoroughly scan your notebook.
To scan a specific file in the future, you could use VirusTotal.com, they use multiple AV scanners.
Cheers.

 

Listen, I had a hard disk failure, all traces of previus A.V.'s are gone. The only A.V. I have installed on the new disk is Avast!. Along with SUPERAnti-Spyware, but that's an A.S.


The DVD's files were successfully cleared, when I copied them onto the HDD. I know exeactly which files are infected, and will make a new DVD when I get the appropritate time. I will see what to do with the file.