Jump to content

Are these .scr screensaver files malware?


Go to solution Solved by David H. Lipman,

Recommended Posts

Hi all,

I downloaded some retro Windows screensavers last December from a website called Screensaver Planet. I know very little about computer science and cyber security, so I had no idea .scr files were executables. Last month, Bitdefender picked up on one of these and I posted about it on these forums but the conclusion was that it was a false positive. Malwarebytes didn't flag any of these files. I've since gone and run the rest of them on VirusTotal and some of them were flagged as malware. They're in my System32 folder, in case that makes a difference. I just don't know how probable it is that these are threats given that only one of the nearly 70 vendors flagged these .scr files as malware. I have pasted the virus total results below.

https://www.virustotal.com/gui/file/32d8b929fe3cf0c55e602e8ba72022545ffc183bb871c9d1475fde73ae982136

https://www.virustotal.com/gui/file/664b4b1da036eb36b13a3bce2fd572e37127223cbf6796adde12cbfb3af0d893

I ran a few as well on a website called hybrid-analysis.com. I don't really know how this website works (again, I am not really savvy with this sort of stuff). Some of the .scr files that were undetected by all Virus Total vendors (0/71) were rated as suspicious or outright malicious by hybrid-analysis.com. The results are pasted below.

http://www.hybrid-analysis.com/sample/2431be0bc278225bab741dae6d27b1f56316d7fb8efb74239712394854b0c946

http://www.hybrid-analysis.com/sample/a4976a58e6a767c13499ad8dddf6beca7f703ab93a2ab746c9254042cded9d9a

http://www.hybrid-analysis.com/sample/cab56df04ff6cc92c563f167739904fe687e13189052e725049a6945fb62c48f

http://www.hybrid-analysis.com/sample/20776bb7d7ddc3d5c8eb59a742e265dde6ccfcbcbaf74f7762642825cf1c1454

http://www.hybrid-analysis.com/sample/32d8b929fe3cf0c55e602e8ba72022545ffc183bb871c9d1475fde73ae982136

http://www.hybrid-analysis.com/sample/664b4b1da036eb36b13a3bce2fd572e37127223cbf6796adde12cbfb3af0d893

Link to post
Share on other sites

  • Solution
14 hours ago, JK11 said:

I just don't know how probable it is that these are threats given that only one of the nearly 70 vendors flagged these .scr files as malware. I have pasted the virus total results below.

You weigh that ageist the First Submission date.  Both First Submission dates are in 2009.  That indicates that the one Detection by Trapmine for each file is a False Positive declaration.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.