Trojan/Virus Help

Hey Guys -

I just did an online virus scan, and it came from panda security...

it says this trojan/virus is on my computer... but wanted to make sure its safe to delete, since alot of stuff report false positives (example:spybot, adaware, avg, and several others)

------02900532 Trj/Nabload.DAE Virus/Trojan C:\Windows\SysWOW64\OEM\OSCust.exe

AVG Free doesnt find this when i scan my computer? shouldnt of i have been protected from anything
thanks guys

 

No, not necessarily. Not one antivirus/antimalware program catches everything.
Risky behaviour or simply bad luck can always result in an infection.
You can upload (a copy of) the file OSCust.exe to VirusTotal.com and have it checked with 30+ scanners to see how many AV's flag it as malware.

 

That's obvicously a virus just look at that name, only a virus would have some dumb name like that with a folder called WOW.

 

thanks basark +REP
EDIT: Just read on a forum that this is indeed a thing from alienware, and is not a virus/tojan... it was answered by an alienware tech support person on tentonhammer .com just wanted to tell you since others might have this on their alienware computer http://forums.tentonhammer.com/showthread.php?t=34992
Ive just checked this file

However, when i was looking into this file, it has the alienware logo and alienware stuff in here... Could this just be a false positive?
... these are the results

a-squared 4.0.0.101 2009.05.07 Trojan.Nabload.DAF!IK
Avast 4.8.1335.0 2009.05.06 Win32:Trojan-gen {Other}
BitDefender 7.2 2009.05.07 Trojan.Downloader.Banload.GEE
Comodo 1154 2009.05.06 Unclassified Malware
eSafe 7.0.17.0 2009.05.05 Suspicious File
GData 19 2009.05.07 Trojan.Downloader.Banload.GEE
Ikarus T3.1.1.49.0 2009.05.07 Trojan.Nabload.DAF
K7AntiVirus 7.10.723 2009.05.05 Trojan.Win32.Malware.1
McAfee 5607 2009.05.06 Generic.dx
McAfee+Artemis 5607 2009.05.06 Generic.dx
NOD32 4059 2009.05.07 probably a variant of Win32/Agent
Panda 10.0.0.14 2009.05.06 Trj/Nabload.DAE
PCTools 4.4.2.0 2009.05.07 Trojan-Downloader.Banload!ct
Sophos 4.41.0 2009.05.07 Mal/Generic-A
TrendMicro 8.950.0.1092 2009.05.07 PAK_Generic.001
VBA32 3.12.10.4 2009.05.05 Trojan-Downloader.Win32.Banload.gee

 

That sounds suspiciously like one of the files that's used to do remote installations of the OS; for example, there's a file called OSCust.osc that's used when installing Windows Server 2003, which is briefly mentioned in Microsoft KB article KB891128.

That doesn't mean that it's not actually malware (I don't have the file so I can't do any internal analysis); however, if it is related to a remote installation procedure - it sounds like something related to customizing the OS during (or after) a remote network installation - that could very well be why it's being flagged as malware - installation apps get very up-close & personal with the guts of the OS, and that gives many A/V apps the willies.

 

The OSCust.exe from Alienware probably has some functions like making itself a part of the start-up programs and perhaps automatically contact some Alienware server for updates on boot-up.
I guess this behaviour is probably the reason why it's being flagged as malware.
Maybe you can download the program from the Alienware website, uninstall the current version, reboot and then install the downloaded version?
Also, if you contact Alienware support about this, you could ask them to upload their file to AV companies to have it whitelisted.

And SysWOW64 is a standard folder in Windows Vista 64 bit versions.
It's used to run 32-bit code by using an emulator named Windows on Windows 64 (WOW64)
That's no reason for alarm for anyone.