Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32 / Heur from AVG

Started by Murlai , Sep 07 2009 10:25 AM

  • Please log in to reply

#1
Murlai
Posted 07 September 2009 - 10:25 AM

Murlai

    New Member

  • Member
  • Pip
  • 2 posts
AVG reports a Win32/Heur detected. However, Mcafee and Dr CureIt don't report anything. Dr Cureit instead reports a Ddos.Netcare.6 infection and has moved it to quarantine.

All of a sudden, I had browser crashes on IE/FF/Chrome, but then they miraculously disappeared. I'vent been able to get americanexpress.com (however, all other sites are perfectly accessible).

I'm worried I have something weird, and only Amex has put in the technology to detect some kind of keystroke logger.

Anyhelp would be appreciated.

RootRepeal doesn't seem to even want to start on Windows 7

(I have since in my infinite wisdom uninstalled AVG when installing McAfee, since Mcafee didn't want to work with Avg. But now I'm left wondering which is a better product.)
  • 0

Advertisements

#2
Murlai
Posted 07 September 2009 - 11:16 AM

Murlai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
On my Windows XP machine, I ran the RootRepeal software and it found the following Stealth Items

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/07 13:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP Tablet PC Edition SP3
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x85fa6298 Size: 3002

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86047658 Size: 2250

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x858fcc88 Size: 890

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8605ba30 Size: 1489

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858d1360 Size: 3234

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x857c9c98 Size: 354

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85e467f8 Size: 2056

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x85994838 Size: 114

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x857f8ed8 Size: 298

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8581a368 Size: 384

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8585cae8 Size: 1186

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86dcb440 Size: 3008

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x861107f8 Size: 2058

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85822110 Size: 2078

==EOF==
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP