TechSpot

F-prot confusion: Malware or not?

By duncan idaho
Aug 9, 2006
  1. Hello,

    I recently contracted some malware on my WinXP machine and have spent the last day trying to rid my system of it all. I had the ishost.exe and ismon.exe files and used Smitfraudfix to clean those up. Since then I seem to have removed all the malware through various scanners (Ad-Aware, Spybot, Housecall, AVG, F-Prot, ewido), but every F-Prot full scan comes up with this ominous line in the log:

    "C:\Program Files\Common Files\{D8822D49-0972-1033-1125-050215060001}\services.dll Infection: Possibly a new variant of W32/Downloader-Sml-based!Maximus
    The program cannot yet disinfect viruses of this type."

    None of the other programs have found anything and I am perplexed as to why F-Prot cannot remove/clean this file if it is bad; I have heard F-Prot is an excellent anti-viral program.

    Here is my recent HT log:

    ***


    ***

    Here is the F-Prot log from the last full-scan:

    ***

    Task settings:

    Path to scan:
    <Hard drive> C:\

    Which files:
    Depending on file content and extensions.
    Scan inside archives.
    Scan inside compressed executables
    Scan inside subfolders.

    Action if malware is found:
    Disinfect.
    How to scan:
    Use heuristics.


    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi420iy.bin could be a corrupted executable file
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip->Activate.exe could be a suspicious file (encrypted program in archive)
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip->Uninst.exe could be a suspicious file (encrypted program in archive)
    C:\Program Files\Common Files\{D8822D49-0972-1033-1125-050215060001}\services.dll Infection: Possibly a new variant of W32/Downloader-Sml-based!Maximus
    The program cannot yet disinfect viruses of this type.
    The scanning ended successfully, with infected or suspicious object found

    Results of virus scanning:

    MBRs scanned..........: 1
    Boot sectors scanned..: 1
    Files total...........: 97529
    Scanned objects.......: 443445
    Infected objects......: 0
    Suspicious objects....: 4
    Deleted objects.......: 0
    Disinfected objects...: 0
    Renamed objects.......: 0
    Moved objects.........: 0

    Endtime: 08.08.2006 12:50

    Scantime: 40:02 min.
    ------------------------------- END OF REPORT ------------------------------


    ***


    What is this services.dll file and why is it raising a red flag and further, why can't f-prot do anything and <further> why doesn't any other program pick this up? Is this super-new, or is F-prot making a false scan? Any help would be appreciated. Thanks!


    -Duncan
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your HJT log is clean.

    However, the file services.dll is dangerouse see HERE.

    Download the Pocket killbox programme from HERE.

    Extract it, then follow these instructions.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to enter into killbox.

    C:\Program Files\Common Files\{D8822D49-0972-1033-1125-050215060001}\services.dll

    Once you system has rebooted, check to make sure the file has been deleted.

    I also suggest you boot into safe mode and turn system restore off. Run a complete system scan with your antivirus programme and delete whatever it finds.

    Reboot into normal mode and turn system restore back on.

    Regards Howard :wave: :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...