Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

P

pedro_cyber

6 Posts

1427

November 4th, 2006 00:00

How to remove New Poly Win32 trojan virus...

Hi,
 
I can't remove a trojan virus (New Poly Win32) from my system (Windows XP Home Edition SP2).
The reboot of my PC takes more than 5 minutes with the logo 'Intel Inside'.
I use McAfee VirusScan Enterprise 8.00, BitDefender 8 Free Edition, Windows Defender 1.1.1592.0 and EasyCleaner 2.0.5.380.
 
Please, help me.
Thanks.
 
 
Logfile of HijackThis v1.99.1
Scan saved at 1:08:50, on 04-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Network Associates\Common Framework\FrameworkService.exe
C:\Programas\Network Associates\VirusScan\Mcshield.exe
C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\programas\softwin\bitdefender8\bdnagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\Programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHEI~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Pinnacle\Pinnacle PCTV\Vision\Vision.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE
c:\programas\softwin\bitdefender8\bdmcon.exe
C:\Programas\Avant Browser\avant.exe
C:\Programas\Internet Explorer\iexplore.exe
F:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Programas\Network Associates\VirusScan\bho.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O4 - HKLM\..\Run: [BDMCon] "C:\Programas\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programas\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: Add to AD Black List - C:\Programas\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Programas\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Programas\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Programas\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Programas\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Programas\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162034100024
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B895077-2836-4D57-8DC7-E8FBA0E95ACA}: NameServer = 195.245.176.19 194.38.131.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

1972vet

3.3K Posts

November 4th, 2006 01:00

Running more than one antivirus application on board in real time will actually reduce your level of protection. You also run the risk of data loss from a system crash that the instability can cause.

In the event that some malware makes it's way to your hard disk, each antivirus application will wrestle over "access" rights to the offender and will want to zip the file and arrest the application.

This struggle will (in theory) continue infinitely which can culminate in a complete system crash.

Please decide which antivirus application to keep and uninstall any others.

Please download:
Dr.Web Cure it.
Double click on the cureit.exe then click "Start".

During the scan infected files are cured, incurable files are moved to the quarantine directory. When the scanning is finished, the log file and the quarantined item/s will not be deleted. Once you determine that the quarantined file is indeed bad, you must manually delete it/them.

To scan your computer with the most up-to-date Dr.Web virus bases next time you scan, you should download a new Dr.Web CureIt! package. To do this, press the "Update" link on the first utility screen, which leads to the ftp-server where the latest version of CureIt! is located. Download the utility anew and run it again. Be sure to delete the out dated version each time.

Please post back the contents of the log generated during the scan in your next reply.

The process below:
C:\PROGRA~1\FICHEI~1\MICROS~1\Msinfo\OFFPROV.EXE
...could belong to a legitimate Microsoft application...then again, there is a bogus file OFFPROV.EXE that has a bad .dll injected (DLL6WISE.DLL) as determined by Prevx

Please visit this site. Navigate to the file indicated below in Bold and upload the file for a free scan:

C:\PROGRA~1\FICHEI~1\MICROS~1\Msinfo\OFFPROV.EXE

If you're unsure how to do that, follow the instructions below:

  2. Click in the "File" box at the top of the window to put the cursor there then click the Browse button next to it.
  3. In the File Upload window that opens, click the drop down arrow in the "Look in" box and select your Local Disk.
  4. Click the "Program Files" folder and click "Open", use the scroll bar to scroll across and locate the file.
  5. Once you've located the file OFFPROV.EXE click open.
  6. Now click the Send button. Please copy the "Results" to submit with your next reply.

  7. Please run HijackThis again and check the following:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligaes
    O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
    O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)

    Do you use this server:
    ONITELECOM - Infocomunicacoes S.A.
    Lagoas Park, Edificio 12 - 2 Piso
    2740-244 Porto Salvo - Oeiras
    If not, put a check in the box next to this one too:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B895077-2836-4D57-8DC7-E8FBA0E95ACA}: NameServer = 195.245.176.19 194.38.131.19

    Close all windows now except for the HijackThis application window then click Fix Checked.

    Reboot the computer and post a new HijackThis log along with the contents of the log generated during the Cureit.exe scan . How is the computer running now?

pedro_cyber

6 Posts

November 4th, 2006 10:00

At certain time, the Dr.Web craches. This is the report of the error generated by the Windows XP:
 



   
   
   
   
   
   
   
   
   
   
   
   
   
   
   


   

 
Shoul I run Dr.Web from another PC or, for example, Data Box?
 
The results of VirusTotal analisys of my OFFPROV.EXE are:
 
AntiVir 7.2.0.37 11.03.2006 no virus found Authentium 4.93.8 11.04.2006 no virus found Avast 4.7.892.0 11.03.2006 no virus found AVG 386 11.03.2006 no virus found BitDefender 7.2 11.03.2006 no virus found CAT-QuickHeal 8.00 11.03.2006 no virus found ClamAV devel-20060426 11.04.2006 no virus found DrWeb 4.33 11.03.2006 no virus found eTrust-InoculateIT 23.73.45 11.03.2006 no virus found eTrust-Vet 30.3.3176 11.03.2006 no virus found Ewido 4.0 11.04.2006 no virus found Fortinet 2.82.0.0 11.04.2006 no virus found F-Prot 3.16f 11.04.2006 no virus found F-Prot4 4.2.1.29 11.04.2006 no virus found Ikarus 0.2.65.0 11.03.2006 no virus found Kaspersky 4.0.2.24 11.04.2006 no virus found McAfee 4888 11.03.2006 no virus found Microsoft 1.1609 11.04.2006 no virus found NOD32v2 1.1853 11.03.2006 no virus found Norman 5.80.02 11.03.2006 no virus found Panda 9.0.0.4 11.03.2006 no virus found Sophos 4.10.0 10.26.2006 no virus found TheHacker 6.0.1.112 11.03.2006 no virus found UNA 1.83 11.03.2006 no virus found VBA32 3.11.1 11.03.2006 no virus found VirusBuster 4.3.15:9 11.03.2006 no virus found

1972vet

3.3K Posts

November 4th, 2006 17:00

I have no doubts that you have been experiencing system crashes with the various different antivirus scanners you have running on your system.

Did you uninstall all but one of them as the instruction suggests? Then, after that, did you run the Dr. Web Cureit.exe...or did you skip the uninstallation of your multiple antivirus scanners and run the Dr. Web Cureit.exe scan while all of them were running?

Regardless, did you finish with the rest of the instructions and post a new HijackThis log. I don't see it. Did you by chance create it on a new thread? If so, please delete it from the new thread and post it here. Thanks!

pedro_cyber

6 Posts

November 4th, 2006 21:00

Here you have my most recent a new HijackThis log:
 
Logfile of HijackThis v1.99.1
Scan saved at 23:42:18, on 04-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Network Associates\Common Framework\FrameworkService.exe
C:\Programas\Network Associates\VirusScan\Mcshield.exe
C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programas\Symantec\WinFax\WFXMOD32.EXE
C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Softwin\BitDefender8\bdmcon.exe
C:\Programas\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Internet Explorer\iexplore.exe
J:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Programas\Network Associates\VirusScan\bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Programas\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programas\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162034100024
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B895077-2836-4D57-8DC7-E8FBA0E95ACA}: NameServer = 195.245.176.19 194.38.131.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
The reboot is not slow [more than 5 minutes] anymore, but i think that something remains the same... What kind of anti-virus do you recommend [regarding those i have, not the Dr.Web... which i never heard about]?
 
Regards.

Message Edited by pedro_cyber on 11-04-2006 05:49 PM

Message Edited by pedro_cyber on 11-04-2006 10:15 PM

1972vet

3.3K Posts

November 5th, 2006 01:00

Quote:
What kind of anti-virus do you recommend regarding those i have, not the Dr.Web... wish Did you mean to type the word "which" here instead? i never heard about?

Dr. Web Cureit.exe is not an antivirus that is going to cause you any conflict problems regarding any real time protection. It is one of the very best free stand alone scanners on the web. If I were you, I'd keep it and scan with it from time to time.

It is always a good idea to scan for viruses using various different scanners...just not having more than one installed and running in real time.

Keep McAfee Security . Uninstall BitDefender.
Reboot. Disconnect from the internet and disable the McAfee Real time protection.
Run Dr. Web Cureit.exe again and post that log. Thanks!

pedro_cyber

6 Posts

November 5th, 2006 12:00

The first time i run Curit.exe, and after it has detected an infected .dll, the program blocked itself during the scanning of a .doc file. Here it is the error report:
 



   
   
   
   
   
   


   

 
Than i deleted that .doc file for security reasons and moved Curit.exe to my [external] Data Box and i run it from there. It detected the same infected .dll, but this time it didn't crash. Here it is the virus report:
 
A0015156.dll
C:\System Volume Information\_restore{6D7218DA-C8F6-40BB-BA69-181B71F5F364}\RP63
Adware.SafeBar
Incurável.Eliminado.
 
Because it was uncurable, i had to delete it.
 
Regards.

Message Edited by pedro_cyber on 11-05-2006 08:44 AM

1972vet

3.3K Posts

November 5th, 2006 14:00

OK, the infected file was in your system's restore point which basically is harmless where it sat. Windows will eventually remove old restore points by making room for new ones. Removing the infected file from the restore point is not a bad idea as some malware CAN respawn itself from the restore points.

It's not actually necessary to remove it in this case but no harm done by removing it either.

Did you ever complete the rest of the instructions from post #2?
How is the computer running now? Are you having any more issues?

pedro_cyber

6 Posts

November 5th, 2006 17:00

Yes i did. Right now, everything is fine... except some conflicts between my TV board (Pinnacle PCTV Pro 5.50 Build 143) and the video driver (NVIDIA GeForce PCX 5300).
 
Thank you very much.
Regards.

1972vet

3.3K Posts

November 5th, 2006 18:00

Congratulations!

Now that your system is clean, let's create a new restore point.
Please click "Start > Programs > Accessories > System Tools > System Restore"
In the new window, check the 'Create a restore point' in the right pane and click "Next".
In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean)
Click "Create" and reboot your computer.

In the future, there are some things you can do to prevent spyware infections:

Install the following freeware programs:
SpywareGuard
Spywareblaster

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

If you do not have a firewall, here are a couple freeware firewalls you can install:
Kerio Personal Firewall
Zone Alarm


Stay updated with the most recent Windows patches using
Microsoft's Windows Update.

Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. Download the Basic or Slim version unless you WANT the Yahoo Toolbar.
Or if you just want to run your on board Disk Cleanup ("Start > Programs > Accessories > System Tools > Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files

So how did I get infected in the first place?
Regards, and Happy Surfing!

pedro_cyber

6 Posts

November 5th, 2006 19:00

Ad-Aware SE Professional Build 1.05 is not enought?...
 
Regards.

1972vet

3.3K Posts

November 6th, 2006 00:00

No. Not only is that not enough as described previously with scrupulous detail, it is also out of date. The latest build for Ad-Aware Se Personal is 1.06

As a home user, you need at the very least these four things:

1) Antivirus software
2) Antispyware/adware software
3) Fireall (third party) software
4) Antitrojan software

View More

View All

No Events found!

Top