Jump to content

I need of some help or advice


Recommended Posts

I recently purchased a new laptop and when browsing the internet I caught a virus which seems to have got into my C: & D: Drive. I've checked a description of what the virus is and apparently it can't be removed with any anti-virus software ie: AVG or Antivir PE. I've also tried restoring my laptop to its factory settings and that hasn't worked either. I'm really worried that this is causing harm to my new laptop and would really appreciate any help or guidence anyone can give me. Someone has looked at it already and thinks i'm just being paranoid, but I ran a scan and had 2 warnings.

I have attached below a copy of the scan report hoping somene using this forum will now what it all means as i'm not too clued up. As I say any help or advice would be greatly appreciated.

Thanks,

Michael

Scan Report

Avira AntiVir Personal

Report file date: 24 January 2009 08:12

Scanning for 1268668 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: ________________________

Platform: Windows Vista

Windows version: (Service Pack 1) [6.0.6001]

Boot mode: Normally booted

Username: SYSTEM

Computer name: MICHAEL-PC

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 09:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36

ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 19:23:15

ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 20/01/2009 08:28:27

ANTIVIR3.VDF : 7.1.1.171 486912 Bytes 23/01/2009 15:12:31

Engineversion : 8.2.0.60

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56

AESCRIPT.DLL : 8.1.1.32 340347 Bytes 23/01/2009 15:12:36

AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 16:06:41

AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 14:58:38

AEPACK.DLL : 8.1.3.5 393588 Bytes 09/01/2009 14:42:36

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 09/01/2009 14:42:34

AEHEUR.DLL : 8.1.0.86 1552759 Bytes 23/01/2009 15:12:34

AEHELP.DLL : 8.1.2.0 119159 Bytes 09/01/2009 14:42:30

AEGEN.DLL : 8.1.1.10 323957 Bytes 17/01/2009 10:40:24

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56

AECORE.DLL : 8.1.5.2 172405 Bytes 09/01/2009 14:42:27

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 13:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, F:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: 24 January 2009 08:12

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'FlashUtil9f.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned

Scan process 'ieuser.exe' - '1' Module(s) have been scanned

Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned

Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned

Scan process 'CCC.exe' - '1' Module(s) have been scanned

Scan process 'MOM.exe' - '1' Module(s) have been scanned

Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned

Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'sidebar.exe' - '1' Module(s) have been scanned

Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned

Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned

Scan process 'acevents.exe' - '1' Module(s) have been scanned

Scan process 'VolCtrl.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned

Scan process 'sidebar.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'CoreShredder.exe' - '1' Module(s) have been scanned

Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'pthosttr.exe' - '1' Module(s) have been scanned

Scan process 'accrdsub.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'asghost.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'rpcnet.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'pdfsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned

Scan process 'PTChangeFilterService.exe' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'acevents.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned

Scan process 'AEADISRV.EXE' - '1' Module(s) have been scanned

Scan process 'accoca.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'wlanext.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'hpservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SLsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'HpFkCrypt.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'HPFSService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

90 processes with 90 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '58' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Windows\System32\drivers\SafeBoot.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <HP_RECOVERY>

D:\resycled\boot.com

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '49e9d68b.qua'!

Begin scan in 'F:\' <HP_TOOLS>

End of the scan: 24 January 2009 08:49

Used time: 36:50 Minute(s)

The scan has been done completely.

20410 Scanning directories

422761 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

422758 Files not concerned

2335 Archives were scanned

2 Warnings

1 Notes

Link to comment
Share on other sites


First thing welcome. :)

You may want to give a meaningful title to your post, compare with Rule #12:

http://www.msfn.org/board/index.php?showtopic=18408

Check this:

http://www.scanforfree.com/06/tr.crypt.xpa...en-removal.html

jaclaz

Thanks for the help, appreciate it.

I will have a good read of the rules so i know not to repeat the mistake. Apologies.

Can I just ask also, the two warnings I have, will they be cleared up after running this removal tool. The reason I asl is because I want to run AVG as my primary Anti-virus, but when I download it, it won't or can't connect to the internet to run updates.

Edited by micky045
Link to comment
Share on other sites

Can I just ask also, the two warnings I have, will they be cleared up after running this removal tool. The reason I asl is because I want to run AVG as my primary Anti-virus, but when I download it, it won't or can't connect to the internet to run updates.

To be picky ;) "after running this removal tool" (or any other one) successfully, you won't have the warning again. (at least until you re-doenload the virus somehow)

But you should not need to run the removal tool at all, AVira already fixed that, did you try re-scanning system after the log you posted? :unsure:

The two warnings you had are different:

  • in the first a Trojan was detected
  • in the second a file could not be opened

Avira reported to have actually fixed the problem, by renaming the offending file.

It is possible that Avira detected a "false positive", you should recheck the renamed file 49e9d68b.qua on an online scan, like:

http://www.kaspersky.com/scanforvirus

There is a warning about SafeBoot.sys because the AV could not open the file, that does not mean that it is a problem.

Safeboot.sys appears to bee part of "HP security tools" or soemthing like that, it is well possible that it is "in use" and cannot be accessed by the AV.

More generally

You should never run/install two antivirus concurrently.

If you use Avira it's OK, if you use AVG, OK if you use Avira and AVG conflicts may occur.

jaclaz

Link to comment
Share on other sites

Can I just ask also, the two warnings I have, will they be cleared up after running this removal tool. The reason I asl is because I want to run AVG as my primary Anti-virus, but when I download it, it won't or can't connect to the internet to run updates.

To be picky ;) "after running this removal tool" (or any other one) successfully, you won't have the warning again. (at least until you re-doenload the virus somehow)

But you should not need to run the removal tool at all, AVira already fixed that, did you try re-scanning system after the log you posted? :unsure:

The two warnings you had are different:

  • in the first a Trojan was detected
  • in the second a file could not be opened

Avira reported to have actually fixed the problem, by renaming the offending file.

It is possible that Avira detected a "false positive", you should recheck the renamed file 49e9d68b.qua on an online scan, like:

http://www.kaspersky.com/scanforvirus

There is a warning about SafeBoot.sys because the AV could not open the file, that does not mean that it is a problem.

Safeboot.sys appears to bee part of "HP security tools" or soemthing like that, it is well possible that it is "in use" and cannot be accessed by the AV.

More generally

You should never run/install two antivirus concurrently.

If you use Avira it's OK, if you use AVG, OK if you use Avira and AVG conflicts may occur.

jaclaz

thats excellent, thanks for looking into that for me. I ran that fix and seems to have resolved all issues I had

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...