Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Solved: Windows Security Center virus

Reply  
Thread Tools
jasonmelo's Avatar
Computer Specs
Junior Member with 1 posts.
  
Join Date: Jul 2008
Location: Brazil
Experience: Intermediate
27-Jul-2008, 12:07 PM #1
Exclamation Solved: Windows Security Center virus
Hello,

I'm experiencing some problems on my computer.

When systems starts, a dialog is displayed with message "Windows Security Center" title. There is a message in this window saying Virus Protecion NOT FOUND on red.

Also, from time to time (about 1min) an error message is shown saying "Warning! Low performance!" or "Halt! Attacke detected!" or "Attention Security error!" or "Stop! check connection!".

Each of these messages have yes/no buttons. IF I press YES, the message is closed but the browser tries to access the site http://scanner.anvi-scan... (I do not put the entire link due to security reasons and to prevent someone to access this site).

I have a Windows Vista Business Edition, SP1 - 500Gb hd (250 + 250Gb on raid0) and 4,00Gb ram. Processor: Intel Core 2 duo E4570

I tried to find a way to remove this malware, but I couldn't up to now.

Follow the HijackThis log. I hope it helps:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:02, on 27/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Sys58F9.exe
C:\Windows\Sys5A12.exe
C:\Windows\Sys5ADD.exe
C:\Windows\Sys5CEF.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jason\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {7DED6C43-C9A7-4EAE-A6C0-692B27D44EA9} - C:\Windows\nfavxwdblwf.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: fdkowvbp - {CC62551A-9113-48E1-936F-27ABC255A8B4} - C:\Users\Jason\AppData\Local\Temp\ac8zt2\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUKAQhG.dll,#1
O4 - HKLM\..\Run: [Sys58F9.exe] C:\Windows\Sys58F9.exe
O4 - HKLM\..\Run: [Sys5A12.exe] C:\Windows\Sys5A12.exe
O4 - HKLM\..\Run: [Sys5ADD.exe] C:\Windows\Sys5ADD.exe
O4 - HKLM\..\Run: [Sys5CEF.exe] C:\Windows\Sys5CEF.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jason\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SysF305.exe] C:\Windows\SysF305.exe
O4 - HKCU\..\Run: [SysF314.exe] C:\Windows\SysF314.exe
O4 - HKCU\..\Run: [SysF343.exe] C:\Windows\SysF343.exe
O4 - HKCU\..\Run: [SysF372.exe] C:\Windows\SysF372.exe
O4 - HKCU\..\Run: [SysF381.exe] C:\Windows\SysF381.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jason\AppData\Local\Temp\xxyaaaaX.dll,#1
O4 - HKCU\..\Run: [Sys310E.exe] C:\Windows\Sys310E.exe
O4 - HKCU\..\Run: [Sys32E2.exe] C:\Windows\Sys32E2.exe
O4 - HKCU\..\Run: [Sys3320.exe] C:\Windows\Sys3320.exe
O4 - HKCU\..\Run: [Sys3321.exe] C:\Windows\Sys3321.exe
O4 - HKCU\..\Run: [SysDA37.exe] C:\Windows\SysDA37.exe
O4 - HKCU\..\Run: [SysDA47.exe] C:\Windows\SysDA47.exe
O4 - HKCU\..\Run: [SysDA95.exe] C:\Windows\SysDA95.exe
O4 - HKCU\..\Run: [SysDAC4.exe] C:\Windows\SysDAC4.exe
O4 - HKCU\..\Run: [SysDD15.exe] C:\Windows\SysDD15.exe
O4 - HKCU\..\Run: [SysDDA1.exe] C:\Windows\SysDDA1.exe
O4 - HKCU\..\Run: [SysDEC9.exe] C:\Windows\SysDEC9.exe
O4 - HKCU\..\Run: [SysDF85.exe] C:\Windows\SysDF85.exe
O4 - HKCU\..\Run: [Sys1592.exe] C:\Windows\Sys1592.exe
O4 - HKCU\..\Run: [Sys15E0.exe] C:\Windows\Sys15E0.exe
O4 - HKCU\..\Run: [Sys17C4.exe] C:\Windows\Sys17C4.exe
O4 - HKCU\..\Run: [Sys1ADF.exe] C:\Windows\Sys1ADF.exe
O4 - HKCU\..\Run: [Sys58B.exe] C:\Windows\Sys58B.exe
O4 - HKCU\..\Run: [Sys6E2.exe] C:\Windows\Sys6E2.exe
O4 - HKCU\..\Run: [Sys83A.exe] C:\Windows\Sys83A.exe
O4 - HKCU\..\Run: [SysB7F8.exe] C:\Windows\SysB7F8.exe
O4 - HKCU\..\Run: [SysB875.exe] C:\Windows\SysB875.exe
O4 - HKCU\..\Run: [SysB9BD.exe] C:\Windows\SysB9BD.exe
O4 - HKCU\..\Run: [SysBB14.exe] C:\Windows\SysBB14.exe
O4 - HKCU\..\Run: [Sys9DBC.exe] C:\Windows\Sys9DBC.exe
O4 - HKCU\..\Run: [SysA579.exe] C:\Windows\SysA579.exe
O4 - HKCU\..\Run: [SysA6D0.exe] C:\Windows\SysA6D0.exe
O4 - HKCU\..\Run: [SysAA59.exe] C:\Windows\SysAA59.exe
O4 - HKCU\..\Run: [Sys876F.exe] C:\Windows\Sys876F.exe
O4 - HKCU\..\Run: [Sys88B6.exe] C:\Windows\Sys88B6.exe
O4 - HKCU\..\Run: [Sys880B.exe] C:\Windows\Sys880B.exe
O4 - HKCU\..\Run: [Sys89EE.exe] C:\Windows\Sys89EE.exe
O4 - HKCU\..\Run: [SysCC53.exe] C:\Windows\SysCC53.exe
O4 - HKCU\..\Run: [SysCCDF.exe] C:\Windows\SysCCDF.exe
O4 - HKCU\..\Run: [SysCD6B.exe] C:\Windows\SysCD6B.exe
O4 - HKCU\..\Run: [SysD6FD.exe] C:\Windows\SysD6FD.exe
O4 - HKCU\..\Run: [SysD75A.exe] C:\Windows\SysD75A.exe
O4 - HKCU\..\Run: [SysD76A.exe] C:\Windows\SysD76A.exe
O4 - HKCU\..\Run: [SysD789.exe] C:\Windows\SysD789.exe
O4 - HKCU\..\Run: [Sys44FB.exe] C:\Windows\Sys44FB.exe
O4 - HKCU\..\Run: [Sys493F.exe] C:\Windows\Sys493F.exe
O4 - HKCU\..\Run: [Sys4A87.exe] C:\Windows\Sys4A87.exe
O4 - HKCU\..\Run: [Sys4AA6.exe] C:\Windows\Sys4AA6.exe
O4 - HKCU\..\Run: [] ˆexe
O4 - HKCU\..\Run: [SysDBCD.exe] C:\Windows\SysDBCD.exe
O4 - HKCU\..\Run: [SysDC0B.exe] C:\Windows\SysDC0B.exe
O4 - HKCU\..\Run: [SysDC1B.exe] C:\Windows\SysDC1B.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: wnslvxtf - {1179EC03-2CE1-4FF7-ABF7-1857A5635D02} - C:\Windows\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {ADBDFDCB-547E-4466-B167-BEA307809565} - C:\Windows\eqvwamkl.dll (file missing)
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11999 bytes
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

Tags
malware, raid0, windows security, windows vista

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:22 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.