View Full Version : pod383.exe virus found

05-30-2010, 04:02 PM
every other day or so i get this from antivira.

It's found in temp files for IE and also directly under my users folder


however, nothing seems to happen. Both get caught, quarantined and deleted.

I cannot find anything on the internet about it though. All Avira says is trojan dropper and when i click on vius info, again, nothing happens.

ever hear of it?

06-01-2010, 04:43 PM
guess not... :o

06-02-2010, 01:04 PM
perhaps it's a false positive.
i sent it to avira. who knows if i will get a reply ;p

06-04-2010, 03:47 PM
Probably not a false positive. Nothing with an .exe extension should be at C:\users\<username>

Sounds like something exploited a hole on your system that allowed it to write a file to the drive, but probably not good enough to execute it. Consider yourself lucky, or you secretly have a rootkit.

Most common entry these days is by exploiting the PDF web browser plugin that comes with Adobe Reader, and via Java, from not doing the regular updates that popup in your taskbar every few weeks.

06-07-2010, 12:30 PM
rootkits for a win7 64bit system are extremely rare, are they not?

06-07-2010, 12:38 PM
But you are very special!

06-07-2010, 01:13 PM
time to play the lotto!

06-07-2010, 10:20 PM
rootkit isn't rare. finding a rootkit that executed and installed would be.

so the fact you actually found it ... and it never installed .... speaks volumes.

06-08-2010, 08:54 AM
I thought I heard 10 cubic feet!

06-08-2010, 02:55 PM
assuming this is a rootkit.

i think it might have been from one of the programs i *cough*torrented*cough*
I uninstalled said program soon after i started receiving those alerts (btw, antivira is awesome) and I havent gotten them since.

I wish avira would send me some info back though

06-08-2010, 10:56 PM
use their web submission to submit it for review.


06-09-2010, 11:37 AM
i have to wait until i get home.
i think i deleted it from quarantine, but i used their submission form from the program itself and it looks exactly the same.

06-10-2010, 08:23 PM
interesting. if you punch in your email, they will update you pretty religiously to give you status on it, tell you what it is.