NI Virus?

Alright. So today I noticed that the laptop I use for robotics (as well as personal stuff) was running really sluggishly. I hadn’t really used it since the Hofstra regional so this was the first I noticed. Then I started getting random windows exception messages about something called ringer.exe. A quick google suggested it’s a piece of malware. I then realized that I didn’t have any antivirus on that machine, probably an oversight from when I last reinstalled windows. Anyway I immediately installed AVG and set it on a full scan of C. So far it’s found two things,

C:\d.exe - Trojan horse Downloader.Generic9.BLZP
C:\Program Files\National Instruments\RT Images\Utilities\BIOS Updater\10.3\7063\flashUpdate.exe - Trojan horse Generic12.BRCM

Obviously, the second entry really set off alarm bells. I hadn’t installed LabView until a day during Hofstra, when we needed to quickly switch to something other than Java. That was the first robotics software I had installed on that OS, in fact, as I did all my Java development in Mac OS X. Is it possible that one of the updates or maybe even the National Instruments disk was tainted? I don’t know how else it would get flagged like that.

I just did a google for flashUpdate.exe, something I probably should have done before. NI seems to say it’s a false positive, but I can swear that I wasn’t having any performance issues before the regional. Also I’m not really sure where I’d get malware. I very rarely download things to that computer and all my games come from Steam…

Have you plugged in flash drives used on other computers? Some types of malware spread by infecting other files, and by placing themself onto flash drives.

The NI files might have been clean, but been infected by the malware from somewhere else. Are any other files infected? If that is the only file found to be infected, your computer may not really be infected. Simply having an infected file doesn’t always mean the whole system is infected.

Does anyone else have access to the computer? Perhaps they acidentally downloaded something that was malware?

Try uploading the file to VirusTotal for identification. You may have to briefly disable AVG to be able to do this, as AVG will probably try to stop you from interacting with the file. Uploading this is perfectly safe, as long as you don’t actually run it.

The site is sponsored by 20+ different antivirus utilities (from AVG to McAfee to NOD32 and even ClamAV). It scans the file with all of the engines, and displays the results to you. If AVG is the only one that detects something, it is likely just a false positive.

or just use linux and never worry about virii again (OSX has viruses, yes, im serious)

I don’t want to turn this into an OS war, but OS X and Linux both have multiple pieces of malware targeting them, although not nearly as much as Windows does. It is much harder to be infected in OS X and Linux, as the malware generally needs root “administrator” access to do anything to the system. They are both a distant varient of UNIX, which is why many open-source Linux programs can run on OS X without too many changes.

Either way, the OP’s computer is running Windows, and Mac and Linux malware can’t run on Windows.

In any case, whether it’s a false-positive or really infected, you should report this to NI so they can figure out what’s going on. If it’s a false-positive, why it’s reporting as a malware, and if it’s real, how it got to be there.

I’m sorry about the bump to this (2 years, but I thought it might help somebody), but I’m in the same scenario as you. I just installed LabVIEW. My computer has been running terribly slow. Yes, the file is a false positive. 8/42 Anti-Virus programs on VirusTotal show it as a Trojan Horse. This is obvioulsy not true. So I checked Task Manager. Nothing was really popping out, other than a running AVG scan. So I checked running services and started disabling National Instruments services, and eventually disabled “National Instruments mDNS Responder service”. Instantly regained my speed. Problem Solved!

Again, sorry for the bump. I’m not new to forums, but I thought this was necessary.