Avira/comodo virus

C

caboose73

New Member
Hi i keep getting pop up windows from Aviria and Comodo on my parents Dell Dimension 4600 running XP saying i have viruses and asking if i want to remove them.I click remove which it says it does then a few minutes later i get the same pop up message.Now when i run Comodo,Avira and malwarebytes scans and everything comes up clean so i need help to figure out whats going on. Heres my Hijackthis log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:57:53 PM, on 9/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\IProsetMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Mine\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" -nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -update plugin
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\system32\IProsetMonitor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 4738 bytes
 
I'm not getting much to go on here. Are you running the latest version of malwarebytes? Can you tell me what files are being classified as viruses/malware?
 
Sorry i got ahead of my self a little bit yes everythings up to date.Avira gives me this:
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20110923-194958-B263477C\AVSCAN-00000004.exe12.
Action performed: Deny access

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AVSCAN-00000004.exe12.
Action performed: Allow access

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\CAVD7.tmp.
Action performed: Allow access

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20110923-194958-B263477C\AVSCAN-00000003.exe4.
Action performed: Deny access

And Comodo says this:
TrojWare.Win32.TrojanDownloader.FraudLoad.ebl@19704015 H:\System Volume Information\_restore{657091AC-F23B-4155-8DEA-E9FF77991D7D}\RP28\A0008333.exe
 
Ok, the problem you have is that you have more than one antivirus program installed. You need to decide which one to keep. Comodo has quarantined what it has found and I assume avast did the same thing. So once you uninstall one then rescan your system and see what it finds. Whatever is left should be quarantined or deleted and you shouldn't get any more notices about it.

When you have 2 antivirus programs installed at the same time, the 2 conflict with each other.
 
Ic so which one would you recommend uninstalling? Also i have the same setup on my computer thats in my sig why hasnt the same thing happened? or is it just a matter of time?
 
Most likely just a matter of time. If you paid for commodo then you probably should keep that one. But would probably go with avast when your subscription runs out for commodo.
 
Comodo was free so no big deal to uninstall and switch over.Now your saying Avast should i uninstall Avira and Comodo and install Avast?
 
Another quick question when i run Defraggler on my C drive it wont get any better then 39% no matter how many times i run it.Is there something i can do to fix this?
 
Last edited:
I've had issues like this before with some of my clients systems, the percentage wasn't that high though. You can try using windows 7 disk defragmenter and then retry defraggler to see what happens.
 
Ok so i ran windows 7 disk defragmenter which said it was 1% and after the run it was down to 0% then i ran Defragglerright afterwards it now says its at 44% and wont go any lower.
 
(C:), NTFS, Capacity: 698.5 GB, Used: 35.2 GB (5%), Free: 663.3 GB (95%)
---------------------------------------------------------------------------
Total size: 15.4 GB, Fragmented Files (2), Total Fragments (89)
---------------------------------------------------------------------------
Filename Fragments Size Path
---------------------------------------------------------------------------
{a0134430-e62e-11e0-9deb-406186647368}{3808876b-c176-4e48-b7ae-04046e6cc752} 33 8865361920 C:\System Volume Information\
{2233c944-e6e1-11e0-b48f-406186647368}{3808876b-c176-4e48-b7ae-04046e6cc752} 21 7482630144 C:\System Volume Information\
History Index 2011-09 1 3473408 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
data_1 1 11542528 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
Cookies 1 208896 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
Favicons 1 184320 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
thumbcache_96.db 1 10485760 C:\Users\sawyer\AppData\Local\Microsoft\Windows\Explorer\
Last Session 1 1185077 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
History 1 233472 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
data_0 1 487424 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
TranscodedWallpaper.jpg 1 68874 C:\Users\sawyer\AppData\Roaming\Microsoft\Windows\Themes\
Safe Browsing Download 1 251712 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\
f_0005b0 1 10801935 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
data_2 1 13639680 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
Current Tabs 1 182515 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
Profiles.xml 1 51145 C:\Users\sawyer\AppData\Local\ATI\ACE\
f_0005e2 1 15021922 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0005cf 1 7664177 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0005b4 1 8533749 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
Web Data 1 75776 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
thumbcache_idx.db 1 25880 C:\Users\sawyer\AppData\Local\Microsoft\Windows\Explorer\
Safe Browsing Bloom 1 6272552 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\
Last Tabs 1 438638 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
data_3 1 25174016 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
Top Sites 1 147456 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
Safe Browsing Bloom Filter 2 1 1651953 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\
f_000828 1 1567955 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_000827 1 1516344 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0007ba 1 2005174 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_000645 1 2088050 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0005da 1 3489156 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0005ac 1 1792681 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0005a3 1 2115382 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0005a2 1 2645863 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
f_0005a1 1 3687331 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\Cache\
Current Session 1 155753 C:\Users\sawyer\AppData\Local\Google\Chrome\User Data\Default\
 
Actually it looks like its only 2 files that won't defrag and those would the restore points unless i'm reading the log wrong and you didn't post the full list. You can shut off system restore to delete the restore points and then turn it back on to see if the issue is resolved.
 
Whys that on my C drive cause the back up save points are supposed to be on my external F drive also can i just delete the 2 files from Defraggler or is there some other way i should do it?
 
Last edited:
You must log in or register to reply here.
Back
Top