1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus or not a virus?

Discussion in 'Virus & Other Malware Removal' started by Bh0y, Jan 30, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Bh0y

    Bh0y Thread Starter

    Joined:
    Dec 11, 2003
    Messages:
    33
    hi guys, i during a scan with my free avg virus scan software it found this irc/BackDoor.SDBot.109.bl
    it was in asa.dbx in my folder, windows/security/templates/asa

    It promtly repaired/deleted it and said everything was fine. i ran a few other virus scans with panda and trend micro and they said i was clean, but i used the great website http://virusscan.jotti.org/ to upload the things in my windows/security/templates/asa folder to check and here is what it found when i uploaded the file sman.dbx

    Service load: 0% 100%

    File: sman.dbx
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain in the *** -, results will not be stored in the database.)
    Packers detected: PE_PATCH.MORPHINE, MORPHINE

    AntiVir No viruses found (0.36 seconds taken)
    Avast No viruses found (3.01 seconds taken)
    BitDefender Backdoor.Ibounce.A (0.46 seconds taken)
    ClamAV No viruses found (0.40 seconds taken)
    Dr.Web No viruses found (0.64 seconds taken)
    F-Prot Antivirus No viruses found (0.33 seconds taken)
    Kaspersky Anti-Virus not-a-virus:RiskWare.Tool.Hideout (1.14 seconds taken)
    mks_vir Win32.4 (probable variant) (0.33 seconds taken)
    NOD32 No viruses found (0.45 seconds taken)
    Norman Virus Control No viruses found (0.90 seconds taken)


    I am confused by this, is it a virus or not? can i delete it or do i need this file, do i even need the asa folder in the first place?

    here is my hijack this log

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\PROGRA~1\BTVOYA~2\oamSender.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [Booster] C:\PROGRA~1\BTVOYA~2\oamSender.exe
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CAF7C7A9-2B28-4C32-9518-6EFCC7509210}: NameServer = 194.74.65.69 194.72.9.34
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    i will wait to here your advice before i start deleting things willy nilly. thanks alot for any help you can give me.
     
  2. Bh0y

    Bh0y Thread Starter

    Joined:
    Dec 11, 2003
    Messages:
    33
    i would also like to ask more about the asa folder in windows/security/templates/asa

    im really starting to think this asa folder should not be there, it has 2 files in it, asa.bat and sman.dbx

    i have googled both these files names and there is absolutly no info for any of them, im freaking out here man, should i delete these asap?
    please help me with this?

    *edit* i should also mention that this asa folder is a hidden folder
     
  3. Bh0y

    Bh0y Thread Starter

    Joined:
    Dec 11, 2003
    Messages:
    33
    can somebody just look in there C:windows>security>templates folder and see if there is a sub folder titled asa?
    and tell me one way or the other?
     
  4. Bh0y

    Bh0y Thread Starter

    Joined:
    Dec 11, 2003
    Messages:
    33
    well dont seem to be getting any help here so i just went and deleted the folder
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324842

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice