Infected .dll execute code without opening??

_dawn_chorus_

Prominent
Aug 30, 2017
13
0
560
0
So, I have been transferring old music projects from a hard drive to the new build and I just ran into a personal nightmare.
I copy pasted the .exe file from an old version of my music application so I could work on old projects. Here is EXACTLY what happened next:
-I went to open the .exe file and was prompted by the "do you want to allow this to make changes.." and thought I better scan first, even though the external drive its on had been scanned many times and come up with nothing, so I select "No"
-I then slect scan file with Kaspersky; it runs through many files contained in this one .exe and comes up with an adware.opencandy alert and asks me if I want to disinfect the file. I select yes.
-After operating normally for a moment it appears to be doing nothing, the loading wheel is spinning but everything else has frozen. I try start menu, no response, I try task manager, wont open, I try to delete the folder on my desktop containing the .exe and it prompts me with a "you need administrative privileges to..." I back out. I assume that was because Kaspersky was scanning it or attempting to clean it.
-So I hot boot it....
-After the restart Kaspersky has the .exe file in quarantine. A full system scan brings up nothing, likewise for Malwarebytes, and likewise for some manual searching of any opencandy related .dll's, and no pop ups or any signs of anything yet.

So that all seemed VERY sketchy to me.... It appears nothing got executed, but I have read some malicious code can be triggered to execute from a virus scan and exploit vulnerabilities in the virus protection.

Can a malicious code execute if I haven't "installed" or opened the infected .exe?? Would clicking on it then opting out at the "do you want to allow this file to make changes to the harddrive on this computer" prompt be enough for it to open?

If it seems like I am being paranoid I am, I have been keeping this comp squeaky clean since I built it so this is a frustrating blow..
 

voxic

Prominent
Oct 20, 2017
11
0
570
1
I'd recommend running this program. And then deleted all of the files. If it's that bad, and Malewarebytes can't help you I'd recommend formatting.

https://www.bleepingcomputer.com/download/rkill/
 

_dawn_chorus_

Prominent
Aug 30, 2017
13
0
560
0


As I mentioned, I have not seen any sign of a virus. Nothing is unusual, except that Kaspersky seemingly froze while attempting to clean the file. I want to avoid formatting at all costs because I've spent the last 1.5 months since I built it getting it all in order...
 

voxic

Prominent
Oct 20, 2017
11
0
570
1


The whole point of Rkill is to close out any suspicious program / service that running that may be keeping you from deleting that file.
 

_dawn_chorus_

Prominent
Aug 30, 2017
13
0
560
0


Right, but the file has been deleted, after the hot boot, Kaspersky had it in quarantine and had a record of dealing with it. The .exe file is no longer on the computer, and all scans have run smoothly and come up clean.
My real question is more about whether a malicious code can execute without being permitted to run in the first place.
 
Thread starter Similar threads Forum Replies Date
P Antivirus / Security / Privacy 2
T Antivirus / Security / Privacy 4
S Antivirus / Security / Privacy 4
Astralv Antivirus / Security / Privacy 9
A Antivirus / Security / Privacy 2
C Antivirus / Security / Privacy 5
M Antivirus / Security / Privacy 1
N Antivirus / Security / Privacy 2
J Antivirus / Security / Privacy 4
D Antivirus / Security / Privacy 5
G Antivirus / Security / Privacy 2
T Antivirus / Security / Privacy 16
A Antivirus / Security / Privacy 5
G Antivirus / Security / Privacy 7
P Antivirus / Security / Privacy 31
G Antivirus / Security / Privacy 3
P Antivirus / Security / Privacy 6
C Antivirus / Security / Privacy 6
B Antivirus / Security / Privacy 2
F Antivirus / Security / Privacy 1

ASK THE COMMUNITY