avast detected virus in panda activescan while downloading the online scan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Skyy

Thread Starter
Joined
Nov 10, 2004
Messages
47
hi skyy here

2 problems

#1
i just tried to run panda activescan and avast wouldn't let it download... it stopped it and said

My computer has been threatened with a virus and not to worry
File Name: http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL
Malware Name: Win32:CTX
Malware Type: Virus/Worm
VPS Version : 0641-4, 10/13/2006

and told me it stopped it before it got into my computer and for me just to abort connection...

So...I just aborted connection and avast went off again... this time it says

VIRUS FOUND
File Name: C:\WIN2K\system32\ActiveScan\pskavs.dll
Malware Name: Win32:CTX
Malware Type: Virus/Worm
VPS Version: 0641-4, 10/13/2006


and recommended me to move it to chest.

i am afraid to do anything and i am just sitting here with that virus warning going off...

~~~> what to do or is it a negative detection? what's up with this please???

~~~~~~~~~~~~~~~~~~~~~

[B]#2[/B]

what prompted me to do this scan is that my YInstStarter Class file is damaged when i checked downloaded files. it was fine yesterday.

can someone please answer these two questions before i go any further?

thank you

skyy
[email protected]
 

Skyy

Thread Starter
Joined
Nov 10, 2004
Messages
47
(it seems like everyone is busy with the msn yinstall virus??? )

so...
i went ahead and moved the virus to the chest and when i did, the pandaactivescan tried to finish downnloading and run...

i selected scan computer but it just sat at 0 % scanned and wouldn't begin, but it wouldn't allow me stop and exit either. so...

i x'd out and found the file and scanned it again with avast and the report was...

Scanning of selected files
Action was completed successfully!
Virus has been detected!
File Name: pskavs.dll
FileID: 4
Virus Description: Win32:CTX

i closed it and am now going to run avast full system virus scan including archives.

i don't know what else to do at this point.

i wonder if my damaged YInstStarter Class file is this msn virus that i've been reading about here while waiting???

i don't remember clicking any links in my mail... but i did just in the last two or three days reinstall msn messenger and opened it last night and today... hmm now what?

i guess i will run avast right now while i wait. i wish i had some direction because i am heavily dependant upon the internet almost 24 hours a day and have only my laptop at the moment. i will be lost without it...

please see what you can do to get back to me??? thanks

skyy
[email protected]
 

Skyy

Thread Starter
Joined
Nov 10, 2004
Messages
47
OK IT LOOK AS IF I'M ON MY OWN - SHOULD THIS BE POSTED UNDER ANOTHER THREAD?? - I NEED THIS HJT READ -

I RAN AVAST THOROUGH SCAN WITH ARCHIVES SCANNED...

clean..

WILL I WILL NEED TO DOWNLOAD EWIDO AND RUN IT IN SAFE MODE AND POST AFTER SOMEONE READS THIS FOR ME>? heck i don' t know what to do here... how do you get someone to help in this forum>>?

pleeeeease...

Logfile of HijackThis v1.99.1
Scan saved at 1:46:25 PM, on 10/13/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN2K\System32\smss.exe
C:\WIN2K\system32\winlogon.exe
C:\WIN2K\system32\services.exe
C:\WIN2K\system32\lsass.exe
C:\WIN2K\system32\svchost.exe
C:\WIN2K\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WIN2K\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WIN2K\system32\cisvc.exe
C:\WIN2K\System32\svchost.exe
C:\WIN2K\system32\hidserv.exe
C:\WIN2K\system32\regsvc.exe
C:\WIN2K\system32\MSTask.exe
C:\WIN2K\system32\stisvc.exe
C:\WIN2K\System32\WBEM\WinMgmt.exe
C:\WIN2K\system32\mspmspsv.exe
C:\WIN2K\system32\svchost.exe
C:\WIN2K\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WIN2K\SYSTEM32\ATIPTAXX.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WIN2K\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN2K\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\WIN2K\SYSTEM32\ATIPTAXX.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\Messenger\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\Messenger\YPager.exe
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F50DDDD-2C69-4C08-8062-54495985A3AF}: NameServer = 66.133.189.215,216.67.192.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WIN2K\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WIN2K\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WIN2K\system32\HPZipm12.exe

thanks for any help

skyy
[email protected]
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top