• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

stopping antivir

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
RetchedMonkey
Just Arrived
Just Arrived


Joined: 21 Dec 2010
Posts: 0


Offline

PostPosted: Tue Dec 21, 2010 1:21 am    Post subject: stopping antivir Reply with quote

Hi guys, im new to the forums here, hopefully I can get an idea of how to stop this. Im using Windows XP Pro SP3.

Lately I have been getting redirects in google from chrome and firefox.

I use VIPRE antivirus premium, it says there is nothing wrong. Should I try download and install malware bytes just to be safe?

However even more suspiciously, at startup VIPRE has been alerting me to a "setup.exe" file attempting to execute, I block it everytime, but TODAY it came up with "antivir.exe" wants to run "setup", I assume its trying to trick me... I block it also.

Here is what VIPRE is telling me about the executable.

-------------------------
Event Type 2 -- Notify
Timeout 0(s)
Monitor Source 2003 -- On File Access
Message ID {A6F11A19-1B9B-4055-9B34-707C3DE8C8F6}
Monitor Type 2 -- File
Recommend System Scan No
AP SDK Version 4.0.3904
Threat Definitions Version 7626
Event Actor Enum 2 -- Object
Event Date/Time 2010-12-13T12:07:26



Application Information
File Path C:\WINDOWS\system32\svchost.exe
Process ID 1564
File Size 14336(B)
CRC8 C96A6AA5213B0000
Application Rating 1 -- Known Good
Added To Always Allow List No
Company Microsoft Corporation
File Version 5.1.2600.5512 (xpsp.080413-2111)
Product Name Microsoft® Windows® Operating System
Product Version 5.1.2600.5512
Description Generic Host Process for Win32 Services
Copyright © Microsoft Corporation. All rights reserved.



Attempted to modify the following file
File Path C:\WINDOWS\Temp\dqhx\setup.exe
MD5 a58c72164420470df5a8c77d306af8cd
CRC8 6E51DADFE1D20000
Application Rating 2 -- Known Bad
Threat ID 4729607
-----------------------
Everytime it is trying to open C:\WINDOWS\Temp\XXXX\setup.exe where XXXX is different each time.

Since I got the "antivir.exe" I went googling for some solutions and found this.

http://www.precisesecurity.com/rogue/antivir/#relfile

THIS doesn't solve my problem though, I havn't actually installed the file because I block setup.exe everytime, so it doesn't actually help me with removing it ^^ Is it hiding in an svchost? Either way how can I stop it?

Hope someone has a clue better than I do! Off to work so Ill be back later today if there are any questions, thanks guys.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register