Question Windows defender detected a virus from my handycam camcorder

Parroty69

Great
Oct 27, 2021
217
7
95
1
I plugged in my old camcorder and selected the usb connect hdd option but windows defender detected a virus. The virus is autorun.inf and windows defender detected it as a Worm:Win32/VB.HA!inf, the second virus is forever.exe and windows defender detected it as Worm:Win32/VB.HA . I have accidentally restored the autorun.inf file and I have disconnected the camera from the pc.

Does anyone know what this is?
What should I do?
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
thats a virus which spreads itself over removable devices, its dated to 2009...so any antivirus is able to catch it
The forever.exe virus was in a hidden folder in the camera. What is this virus?
I have accidentally removed the autorun.inf from quarantine and it is restored.
What should I do? I have installed kaspersky and ran a quick scan but it didn't detect anything.
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
Question:

Make and model "old camcorder"? Sony? (Handycam perhaps?)

Any removable media installed in the camera? A 8cm DVD-R or DVD-RW?
That is right, it is a Sony Handycam DCR-SR45E with a 30gb HDD but it doesn't have have removable media like memory sticks.

I suspect that I had a virus on one of my old computers all those times ago and plugged it in and the virus got spread to my Handycam. I accidentally allowed the autorun.inf in Windows defender but I didn't let forever.exe out of quarantine. I plugged the camera into a different computer and it also detected a virus, and I ran a virus scan and it detected autorun.inf and forever.exe as a virus and I deleted those.
 
Last edited:

Ralston18

Titan
Moderator
So, the viruses have been caught (per @kerberos_20's comment) and both are now deleted from the camera - correct?

Just run additional follow-up AV scans on all other devices and media with the targeted device/media as isolated as possible.

Are you able to wipe and reformat the Handycam's HDD? I would do that as well.
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
So, the viruses have been caught (per @kerberos_20's comment) and both are now deleted from the camera - correct?

Just run additional follow-up AV scans on all other devices and media with the targeted device/media as isolated as possible.

Are you able to wipe and reformat the Handycam's HDD? I would do that as well.
Yes and I have backed up the files on the Handycam. Even though I have backed up the Handycam files, I would not want to format the HDD because I am afraid that I will lose some of my data.
I have ran a full Kaspersky scan and it didn't detect anything on the first computer and a Defender quick scan on the second computer. I have also ran a Kaspersky scan on the usb drives that I have plugged in afterwards of connecting in the the Handycam.
 

Ralston18

Titan
Moderator
Certainly a judgement call and no one wants you to lose data.

And you scanned the backups as well - correct?

As long as you are aware of and/or comfortable with the risks then continuing full use of the HDD is your choice.

One option may be to remove and simply archive the HDD and install a replacement.

May or may not be viable but apparently something that could be done:

https://www.ifixit.com/Guide/Sony+Handycam+DCR-SR68+Hard+Disk+Drive+(HDD)+Replacement/55731

The trade-offs are not all that appealing and the probably of further virus infections spreading likely very low....

All in all just run additional AV scans to keep an eye out for additional infections or spreading.
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
Certainly a judgement call and no one wants you to lose data.

And you scanned the backups as well - correct?

As long as you are aware of and/or comfortable with the risks then continuing full use of the HDD is your choice.

One option may be to remove and simply archive the HDD and install a replacement.

May or may not be viable but apparently something that could be done:

https://www.ifixit.com/Guide/Sony+Handycam+DCR-SR68+Hard+Disk+Drive+(HDD)+Replacement/55731

The trade-offs are not all that appealing and the probably of further virus infections spreading likely very low....

All in all just run additional AV scans to keep an eye out for additional infections or spreading.
Yes, I have scanned all the backups. Does this mean that I am safe?
What free antivirus do you recommend?
 

Ralston18

Titan
Moderator
I use Windows Defender/Security.

I do have Malwarebytes (free) but not running in the background. Generally I use Malwarebytes to run a scan after hitting one of those bogus sites that pop-up when I am researching some problem or looking for related information.

As for "safe" - that is not something to expect. That is why regular and frequent backups are needed.

A "zero day" virus could appear any time and the only recovery possible is yesterday's backup.

There may be other thoughts and comments offered. I have no problem with that.
 

USAFRet

Titan
Moderator
Mar 16, 2013
149,628
9,854
175,890
23,390
Yes, I have scanned all the backups. Does this mean that I am safe?
What free antivirus do you recommend?
I also use the built in Windows Defender, and an occasional scan with MalwareBytes.
The 3rd and 4th layers are:
  • The squishy grey stuff between your ears. Use common sense, and don't click on malicious stuff.
  • A comprehensive backup routine, just in case.
"safe" is a sliding scale. The only truly "safe" PC is powered off, in a deep hole, filled with cement.
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
I also use the built in Windows Defender, and an occasional scan with MalwareBytes.
The 3rd and 4th layers are:
  • The squishy grey stuff between your ears. Use common sense, and don't click on malicious stuff.
  • A comprehensive backup routine, just in case.
"safe" is a sliding scale. The only truly "safe" PC is powered off, in a deep hole, filled with cement.
Would you recommend using kaspersky security cloud free? TPSC did a review of it and it passed with flying colours. I have used kaspersky Anti-virus a long time ago back in 2010 and was very pleased with it's disinfection feature.
The squishy grey stuff between my ears? Do you mean my brain? I don't click on suspicious links unless I know that it is safe.
I use Google Drive and an external drive to back up my data.
 

DimkaTsv

Great
Nov 7, 2021
156
23
95
3
Personally use Windows Defender with real time protection limited until i turn one slider on(but manual protection working fine) and Malvarebytes turned off (only if i need to deepcheck something based on suspictions)
Should be more than enough for daily use.

Never saw any need in AV unless you already have suspictions about any of actions you made in last time or PC behaviour
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
I can't say yea or nay, because I've never used Kaspersky, in any of its variants.


Yes, your brain is the first and most important line of defense.
Kaspersky requires me to turn off memory integrity to turn on "Protection using hardware virtualization". Is this a deal breaker?
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
Personally use Windows Defender with real time protection limited until i turn one slider on(but manual protection working fine) and Malvarebytes turned off (only if i need to deepcheck something based on suspictions)
Should be more than enough for daily use.

Never saw any need in AV unless you already have suspictions about any of actions you made in last time or PC behaviour
I thought Defender turned the real time protection back on after a few minutes? Are you using third party software to turn on off?
You're using malwarebytes but not turning it on? I thought that I should turn malwarebytes on and then setup Defender to do a scan once every while.
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
For me it would be.
An AV tool should not be intrusive. Run in the background.

If it wants me to turn off other things...thats a no go for me.
Here is the support site for kaspersky: https://support.kaspersky.co.uk/common/safemoney/13713?cid=SAAS_21.3&utm_source=interceptor&utm_medium=product&utm_campaign=SAAS_21.3
It says that I would have to turn off VBS which is a virtualization based security feature (maybe a similar thing to kaspersky's virtualization security?)

Also, should I turn on periodic scanning for Defender if I use a third party security software?
 

USAFRet

Titan
Moderator
Mar 16, 2013
149,628
9,854
175,890
23,390
Here is the support site for kaspersky: https://support.kaspersky.co.uk/common/safemoney/13713?cid=SAAS_21.3&utm_source=interceptor&utm_medium=product&utm_campaign=SAAS_21.3
It says that I would have to turn off VBS which is a virtualization based security feature (maybe a similar thing to kaspersky's virtualization security?)

Also, should I turn on periodic scanning for Defender if I use a third party security software?
It seems that Kaspersky and Windows are trying to do the same thing.
Kaspersky wants you to turn off the Windows one so its similar function can run.


You should have only ONE antivirus tool running.
 

DimkaTsv

Great
Nov 7, 2021
156
23
95
3
I thought Defender turned the real time protection back on after a few minutes? Are you using third party software to turn on off?
You're using malwarebytes but not turning it on? I thought that I should turn malwarebytes on and then setup Defender to do a scan once every while.
No, just 2 group policy edits:
Disable Microsoft Defender - off
Disable Real-time protection - on

And one slider in Microsoft defender settings "Enable tamper protection"
But you now cannot even try to edit Defender registry though, only group policies

I guess i can write an instruction, but i am not an autority
 

Parroty69

Great
Oct 27, 2021
217
7
95
1
It seems that Kaspersky and Windows are trying to do the same thing.
Kaspersky wants you to turn off the Windows one so its similar function can run.


You should have only ONE antivirus tool running.
Between Memory Integrity and kaspersky's virtualization which security feature do you think is the best?

Windows defender says the scanning is a feature: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus?view=o365-worldwide
 

ASK THE COMMUNITY

TRENDING THREADS