Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Anti-virus scan problems - AVG, Malware bytes Anti-malware,

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 30th, 2010, 10:04 pm

Thanks. I appreciate your patience Melboy.

Ok, none of those four files were still on the PC.

Hijack This log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:23 PM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

The PC seems fine apart from a few little things like the Sleep mode not working but that I realize may be a general problem not due to malware. I'm going to run an AVG scan to see if it is now going to report the date of the latest scan because that was one of the signs (and MBAM not working well) that there was something wrong.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm
Advertisement
Register to Remove

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 31st, 2010, 6:18 am

Hi Rachel

The HijackThis log is incomplete.

Navigate to C:\Program Files\Trend Micro\HijackThis

Open HijackThis.log

Go to Edit > Select All and with the text highlighted go to Edit > Copy and paste the full contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 31st, 2010, 5:32 pm

Hi,
Here it is complete.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:23 PM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6448 bytes

I did run an AVG scan yesterday and the program still says it hasn't run a scan since December. I'm wondering since you didn't see any malware if there is a bug in the AVG free program then. It's just odd that MBAM also doesn't work well.

I'll wait for your diagnosis.
Thank you, Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 31st, 2010, 5:56 pm

Hi Rachel.

Ok, that looks better.

Registry Cleaners & Tweak Tools

RE: Tuneup Utilities

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies can speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

Discussion on reg cleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html

And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html


=====================================================================


For any problem with AVG, I would suggest you uninstall AVG and then re-install it.
http://www.avg.com/gb-en/download-tools

My recommendation would be to uninstall AVG and install one of the alternatives below.

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for non-commercial users.
3) Microsoft Security Essentials - Free anti-malware solution that helps protect against viruses, spyware, and other malicious software

[Please note that trial pay is not needed to get any product for free.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.

=========================================================


For any other problems you may be having, as this forum specializes in malware removal I think the best and fastest solution for you is to post on a general PC troubleshooting forum.

These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.

Below are some recommended sites, registration is free, it only takes a few minutes. :)

Links: The Elder Geek on Windows
BleepingComputer.com
WhattheTech


======================================================================

Lastly, failing all else and if you are facing insurmountable problems, the final option would be to reinstall your Operating System.

Link: How to Reformat & Reinstall your Operating System

Make sure you back up any personal files or documents you wish to save before you reformat. (photo's, music, e-mails etc).

After formatting the HDD and reinstalling the OS, Install an antivirus, straight away before connecting to the internet. Have the installer file for your chosen AV handy on a form of removable media (Flash Drive/CD etc) if at all possible.

Once you have installed an AV and when you connect to the internet, check for updates for your AntiVirus straight away and then make getting Windows updates a priority.

====================================================================


Any questions? If not, please let me know that you have read this topic so it can be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 31st, 2010, 7:23 pm

Ok, I'll uninstall AVG and install one of your recommended ones instead.

Melboy, thank you very much for your guidance and help over the last couple of weeks. I really appreciate your knowledge and the time you took to help a stranger. Even though we didn't find any malware, I'm sure my machine is much cleaner and I'm glad to know it.

God bless you.
Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 31st, 2010, 9:52 pm

Oh, quick question...would I need Winpatrol with Avast or would Avast do the same thing as Winpatrol? If you know the answer, I'd like to know if I should uninstall Winpatrol as I realize too many of these programs slow down the PC. Thanks again.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » April 1st, 2010, 2:42 am

I would keep WinPatrol with Avast!

Any future questions you could ask in the General forum.
viewforum.php?f=26

:thumbup:
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » April 1st, 2010, 8:24 am

Hi Melboy, I just thought you should know that Avast scanned and picked up a high security threat. Perhaps we should have changed anti-virus scanners earlier or maybe it's a false alarm. It's called Win32:malware-gen and was found in c:documents and settings/owner/desktop/downloads/new folder(Johann)/123 Copy DVD update.exe./>mcldecrypt.dll.
Shall I click on repair or put it in the quarantine chest?
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » April 1st, 2010, 12:06 pm

I'm pretty sure it's a false positive. Upload it to VirusTotal and see what other scanners make of it.


Check a file
  • Go to VirusTotal or Jotti's
  • Click browse and when the window opens, navigate to the file to be scanned
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programs.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
    • File has been scanned before(Jotti), click Scan again.
  • After a while, a window will open, with details of what the scans found.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » April 1st, 2010, 5:36 pm

Hi Melboy, Here are the results from VirusTotal about that file. It's odd if there is a virus here because when we bought the program it came in a box; we only had to register the licence on-line to activate it. Seemed tamperproof. And yet, lots of results seem to say it's got a trojan or virus. This program is no longer sold so if we uninstall it we won't be able to re-install because of the need to register and the product is off the shelf now. But if it truly has malware encoded in it, we'll get rid of it. Please advise.
Thank you.
Rachel

File 123_Copy_DVD_update.exe received on 2010.04.01 21:28:38 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 16/42 (38.1%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.01 Gen.Trojan!IK
AhnLab-V3 5.0.0.2 2010.04.01 -
AntiVir 7.10.6.16 2010.04.01 -
Antiy-AVL 2.0.3.7 2010.04.01 -
Authentium 5.2.0.5 2010.04.01 W32/Dropper.6!Generic
Avast 4.8.1351.0 2010.04.01 Win32:Malware-gen
Avast5 5.0.332.0 2010.04.01 Win32:Malware-gen
AVG 9.0.0.787 2010.04.01 -
BitDefender 7.2 2010.04.01 Gen:Trojan.Heur.fq4@IvrKhWk
CAT-QuickHeal 10.00 2010.04.01 -
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4464 2010.04.01 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.04.01 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7402 2010.04.01 -
F-Prot 4.5.1.85 2010.04.01 W32/Dropper.6!Generic
F-Secure 9.0.15370.0 2010.04.01 Gen:Trojan.Heur.fq4@IvrKhWk
Fortinet 4.0.14.0 2010.04.01 -
GData 19 2010.04.01 Gen:Trojan.Heur.fq4@IvrKhWk
Ikarus T3.1.1.80.0 2010.04.01 Gen.Trojan
Jiangmin 13.0.900 2010.04.01 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.01 -
McAfee 5937 2010.03.31 Generic.dx!da
McAfee+Artemis 5937 2010.03.31 Generic.dx!da
McAfee-GW-Edition 6.8.5 2010.04.01 -
Microsoft 1.5605 2010.04.01 -
NOD32 4993 2010.04.01 -
Norman 6.04.10 2010.04.01 Malware.DUMS
nProtect 2009.1.8.0 2010.04.01 -
Panda 10.0.2.2 2010.04.01 Trj/CI.A
PCTools 7.0.3.5 2010.04.01 -
Prevx 3.0 2010.04.01 -
Rising 22.41.03.04 2010.04.01 -
Sophos 4.52.0 2010.04.01 Mal/Generic-A
Sunbelt 6126 2010.04.01 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.04.01 -
TheHacker 6.5.2.0.250 2010.04.01 -
TrendMicro 9.120.0.1004 2010.04.01 -
VBA32 3.12.12.4 2010.04.01 -
ViRobot 2010.4.1.2256 2010.04.01 -
VirusBuster 5.0.27.0 2010.04.01 -
Additional information
File size: 182848 bytes
MD5...: d8421d09572032c9399a2b325a48aaf2
SHA1..: f68cf5f84511680e73758fe54310a511b433daa0
SHA256: 1877bddcb698777033f0e5e20b19ae167abb9e94cbbad3526b91e3a47821f899
ssdeep: 3072:6s9MrvA351A3lEiRKp+G20+ZHRQo6NaGOgO//VRG63gBFZHicccf:srvb3l
bYgG20+Jio6IG4VRG63gpHvccf
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3190
timedatestamp.....: 0x3368b182 (Thu May 01 15:06:42 1997)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3cf4 0x3e00 6.42 e3157426aef5e649e000adc03b199f8e
.rdata 0x5000 0x3a9 0x400 4.85 99fe09c45d2dbe16457096f47ad0adc5
.data 0x6000 0x1568 0x1400 1.66 a18b56ceea531f9df5d73942c1d76cc2
.idata 0x8000 0x7c2 0x800 4.99 344aa34f7dbbc6e77811a1e444516c3a
.rsrc 0x9000 0x39c 0x400 3.18 dbae79736ed7f00930f10a661c4f90c6
.reloc 0xa000 0x67c 0x800 5.31 7b5151e87f25f434c55f776704c54e96

( 3 imports )
> KERNEL32.dll: _llseek, lstrcpyA, GetModuleFileNameA, SetErrorMode, GlobalAlloc, _lread, GlobalFree, GlobalHandle, _lwrite, GlobalUnlock, _lopen, GlobalLock, _lcreat, GetProcAddress, _lclose, LoadLibraryA, lstrlenA, GetWindowsDirectoryA, WinExec, ExitProcess, HeapFree, WriteFile, GetStdHandle, GetFileType, SetHandleCount, GetOEMCP, GetACP, GetCPInfo, WideCharToMultiByte, GetEnvironmentStringsW, FreeLibrary, TerminateProcess, FreeEnvironmentStringsA, GetEnvironmentStrings, RtlUnwind, VirtualAlloc, UnhandledExceptionFilter, HeapCreate, HeapDestroy, GetLastError, DeleteFileA, GetFileAttributesA, HeapAlloc, FreeEnvironmentStringsW, VirtualFree, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion
> USER32.dll: ExitWindowsEx, LoadCursorA, MessageBoxA, RegisterClassA, SetWindowPos, LoadIconA, UpdateWindow, ShowWindow, ReleaseDC, wsprintfA, PostQuitMessage, BeginPaint, EndPaint, DefWindowProcA, SendMessageA, InvalidateRect, GetClientRect, CreateWindowExA, GetDC
> GDI32.dll: DeleteObject, GetDeviceCaps, RealizePalette, GetStockObject, SelectObject, PatBlt, SelectPalette, CreatePalette, CreateSolidBrush

( 2 exports )
_MainWndProc@16, _StubFileWrite@12
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ 4.x (69.2%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
Win16/32 Executable Delphi generic (1.0%)
packers (F-Prot): ZIP, nameless
packers (Authentium): ZIP
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » April 1st, 2010, 6:29 pm

Hi Rachel

The number of generic detections makes me still suspect this is a false positive. The best thing to do is submit the file to Avast for further analysis.


The best way to do this is to send a password-protected zip file to virus@avast.com making sure the password is included in the body of the email. Instructions on how to do this are below.

Also in the body of the e-mail explain that you believe the detection of the file is a false positive and give them any relevant information about the program you can.


  1. Locate the file you want to zip.
  2. Right click on the file and select Send To and Compressed (zipped)Folder. This will create a new compressed folder with the same name as the file, except with the extension .zip
  3. Right click on the compressed folder and select Explore.
  4. Go to File at the top and select Add a Password. Enter the password Infected and confirm the password.
  5. Attach to an email and send to virus@avast.com



Alternatively, Send the file to the Virus Chest.

From there, open the Virus Chest, right-click on the entry for the file, and select Email to ALWIL Software.
http://support.avast.com/index.php?_m=k ... 99&nav=0,1

Periodically after updating, re-scan the file to see if it is still detected and then restore it when it is no longer detected.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » April 3rd, 2010, 5:57 am

Hi Rachel


I believe we are done here now. Please follow the instructions below to remove some of the tools I had you download.

OTM by OldTimer

  • Double-click OTM.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

You can also maually delete the Sysprot and RootRepeal Files & folders.


Please let me know that you have read this topic so it can be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » April 3rd, 2010, 12:37 pm

I've sent it off. Just want to thank you again Melboy. Happy Easter to you.
Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » April 4th, 2010, 10:11 am

And Happy Easter to you too, Rachel. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby Gary R » April 4th, 2010, 11:53 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware