stopping antivir

Networking/Security Forums -> Viruses // Worms

Author: RetchedMonkey PostPosted: Tue Dec 21, 2010 1:21 am    Post subject: stopping antivir
    ----
Hi guys, im new to the forums here, hopefully I can get an idea of how to stop this. Im using Windows XP Pro SP3.

Lately I have been getting redirects in google from chrome and firefox.

I use VIPRE antivirus premium, it says there is nothing wrong. Should I try download and install malware bytes just to be safe?

However even more suspiciously, at startup VIPRE has been alerting me to a "setup.exe" file attempting to execute, I block it everytime, but TODAY it came up with "antivir.exe" wants to run "setup", I assume its trying to trick me... I block it also.

Here is what VIPRE is telling me about the executable.

-------------------------
Event Type 2 -- Notify
Timeout 0(s)
Monitor Source 2003 -- On File Access
Message ID {A6F11A19-1B9B-4055-9B34-707C3DE8C8F6}
Monitor Type 2 -- File
Recommend System Scan No
AP SDK Version 4.0.3904
Threat Definitions Version 7626
Event Actor Enum 2 -- Object
Event Date/Time 2010-12-13T12:07:26



Application Information
File Path C:\WINDOWS\system32\svchost.exe
Process ID 1564
File Size 14336(B)
CRC8 C96A6AA5213B0000
Application Rating 1 -- Known Good
Added To Always Allow List No
Company Microsoft Corporation
File Version 5.1.2600.5512 (xpsp.080413-2111)
Product Name Microsoft® Windows® Operating System
Product Version 5.1.2600.5512
Description Generic Host Process for Win32 Services
Copyright © Microsoft Corporation. All rights reserved.



Attempted to modify the following file
File Path C:\WINDOWS\Temp\dqhx\setup.exe
MD5 a58c72164420470df5a8c77d306af8cd
CRC8 6E51DADFE1D20000
Application Rating 2 -- Known Bad
Threat ID 4729607
-----------------------
Everytime it is trying to open C:\WINDOWS\Temp\XXXX\setup.exe where XXXX is different each time.

Since I got the "antivir.exe" I went googling for some solutions and found this.

http://www.precisesecurity.com/rogue/antivir/#relfile

THIS doesn't solve my problem though, I havn't actually installed the file because I block setup.exe everytime, so it doesn't actually help me with removing it ^^ Is it hiding in an svchost? Either way how can I stop it?

Hope someone has a clue better than I do! Off to work so Ill be back later today if there are any questions, thanks guys.



Networking/Security Forums -> Viruses // Worms


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group