Virus 7za.exe Trojan.ExeShell.Gen


#1

According to Malware Bytes I got a virus called 7za.exe Trojan.ExeShell.Gen in the following path c:\users\hank\appdata\local\7za.exe Trojan.ExeShell.Gen. You go there and you don’t see the virus. Quarantine failed on this virus. I found out that when I click on Dell Document Viewer (Product Docutation Launcher) Malware instantly pops up a windown telling me I got the virus. I think, but not sure that Document Viewer icon is telling the computer to go to Dell and retrieve the manual. I took a copy of program I had on CD and clicked on Document Viewer there. Instantly I got the Popup window from Malware Bytes telling me I got the virus. Now this is on my E: drive not the C:drive my system is on. Is the manual being downloaded actual what has the virus or what. Is that why Malware Bytes can’t get rid of virus because its being reinfected. Anybody agree with this and how do I inform Dell to fix it! Any help would be appreciated!


#2

Do you know how to use Process Monitor and how to use filters in it? You can find what happens internally behind-the-scene and is the Dell software only cause for the virus.

BTW, the executable 7za.exe is associated with the 7zip which is a compress/decompress utility like WinRAR (with some difference). Generally it may be in program files folder not in LocalAppData folder. Did you install the 7zip software or any program that use it?


#3

Biswapriyo:

I never heard of this Process Monitor for Vista32. In the Windows 3.11 days they had some type of Process Monitor. I don’t know how to use it. I haven’t downloaded much lately. I usually check the download with Malware Bytes before running the setup file. I run a search for 7za.exe in my file system including a advance search. No 7za.exe found. Do you really think it might be in the Dell Product Documentation folder? What you think is that I am click on a ZIP files actually when I click to open manual and that activates the virus. That why the virus doesn’t doesn’t show itself until you click on document manual. Don’t know why it should do same thing on my CD copy I made years ago. Anyway I might just delete whole Utilities Program or figure out what program file has the virus and copy from CD to replace that file. Thanks for the help!


#4

I can not say the Dell program is the reason for that virus? You have to analyze with some process analyzer like I mentioned with Process Monitor. Go through the mentioned link.


#5

Well I solved the problem. Dell Product Documentation was full of 7Za.exe files. Malware Bytes was giving false positive on it being a virus. I deleted the Dell Production Document files and replaced it with a PDF file of the same name. No more virus or imitation virus:)
Thanks for Biswapriyo help to get me thinking correctly.strong text


#6

Glad to see that you solve the problem yourself. That’s the power of a true geek. :heart_eyes:

You may recover the quarantine file of 7za.exe and check it in VirusTotal. And also check the SHA/MD5 hash to make sure.

You would like to inform the details of that false positive to Malwarebytes company.


#8

HOTO GEEK:

Please answer my question. Where is directions for going to your open topic and having to go a email from HOWTOGEEK to get to my Topic.

Also How to Mark topic closed.

                                                                      Thank Henry Selden

#9

Customer care Link: