Hello,
I recently contracted some malware on my WinXP machine and have spent the last day trying to rid my system of it all. I had the ishost.exe and ismon.exe files and used Smitfraudfix to clean those up. Since then I seem to have removed all the malware through various scanners (Ad-Aware, Spybot, Housecall, AVG, F-Prot, ewido), but every F-Prot full scan comes up with this ominous line in the log:
"C:\Program Files\Common Files\{D8822D49-0972-1033-1125-050215060001}\services.dll Infection: Possibly a new variant of W32/Downloader-Sml-based!Maximus
The program cannot yet disinfect viruses of this type."
None of the other programs have found anything and I am perplexed as to why F-Prot cannot remove/clean this file if it is bad; I have heard F-Prot is an excellent anti-viral program.
Here is my recent HT log:
***
***
Here is the F-Prot log from the last full-scan:
***
Task settings:
Path to scan:
<Hard drive> C:\
Which files:
Depending on file content and extensions.
Scan inside archives.
Scan inside compressed executables
Scan inside subfolders.
Action if malware is found:
Disinfect.
How to scan:
Use heuristics.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi420iy.bin could be a corrupted executable file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip->Activate.exe could be a suspicious file (encrypted program in archive)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip->Uninst.exe could be a suspicious file (encrypted program in archive)
C:\Program Files\Common Files\{D8822D49-0972-1033-1125-050215060001}\services.dll Infection: Possibly a new variant of W32/Downloader-Sml-based!Maximus
The program cannot yet disinfect viruses of this type.
The scanning ended successfully, with infected or suspicious object found
Results of virus scanning:
MBRs scanned..........: 1
Boot sectors scanned..: 1
Files total...........: 97529
Scanned objects.......: 443445
Infected objects......: 0
Suspicious objects....: 4
Deleted objects.......: 0
Disinfected objects...: 0
Renamed objects.......: 0
Moved objects.........: 0
Endtime: 08.08.2006 12:50
Scantime: 40:02 min.
------------------------------- END OF REPORT ------------------------------
***
What is this services.dll file and why is it raising a red flag and further, why can't f-prot do anything and <further> why doesn't any other program pick this up? Is this super-new, or is F-prot making a false scan? Any help would be appreciated. Thanks!
-Duncan
I recently contracted some malware on my WinXP machine and have spent the last day trying to rid my system of it all. I had the ishost.exe and ismon.exe files and used Smitfraudfix to clean those up. Since then I seem to have removed all the malware through various scanners (Ad-Aware, Spybot, Housecall, AVG, F-Prot, ewido), but every F-Prot full scan comes up with this ominous line in the log:
"C:\Program Files\Common Files\{D8822D49-0972-1033-1125-050215060001}\services.dll Infection: Possibly a new variant of W32/Downloader-Sml-based!Maximus
The program cannot yet disinfect viruses of this type."
None of the other programs have found anything and I am perplexed as to why F-Prot cannot remove/clean this file if it is bad; I have heard F-Prot is an excellent anti-viral program.
Here is my recent HT log:
***
***
Here is the F-Prot log from the last full-scan:
***
Task settings:
Path to scan:
<Hard drive> C:\
Which files:
Depending on file content and extensions.
Scan inside archives.
Scan inside compressed executables
Scan inside subfolders.
Action if malware is found:
Disinfect.
How to scan:
Use heuristics.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi420iy.bin could be a corrupted executable file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip->Activate.exe could be a suspicious file (encrypted program in archive)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip->Uninst.exe could be a suspicious file (encrypted program in archive)
C:\Program Files\Common Files\{D8822D49-0972-1033-1125-050215060001}\services.dll Infection: Possibly a new variant of W32/Downloader-Sml-based!Maximus
The program cannot yet disinfect viruses of this type.
The scanning ended successfully, with infected or suspicious object found
Results of virus scanning:
MBRs scanned..........: 1
Boot sectors scanned..: 1
Files total...........: 97529
Scanned objects.......: 443445
Infected objects......: 0
Suspicious objects....: 4
Deleted objects.......: 0
Disinfected objects...: 0
Renamed objects.......: 0
Moved objects.........: 0
Endtime: 08.08.2006 12:50
Scantime: 40:02 min.
------------------------------- END OF REPORT ------------------------------
***
What is this services.dll file and why is it raising a red flag and further, why can't f-prot do anything and <further> why doesn't any other program pick this up? Is this super-new, or is F-prot making a false scan? Any help would be appreciated. Thanks!
-Duncan
