Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Win32 / Heur from AVG

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
AVG reports a Win32/Heur detected. However, Mcafee and Dr CureIt don't report anything. Dr Cureit instead reports a Ddos.Netcare.6 infection and has moved it to quarantine.

All of a sudden, I had browser crashes on IE/FF/Chrome, but then they miraculously disappeared. I'vent been able to get americanexpress.com (however, all other sites are perfectly accessible).

I'm worried I have something weird, and only Amex has put in the technology to detect some kind of keystroke logger.

Anyhelp would be appreciated.

RootRepeal doesn't seem to even want to start on Windows 7

(I have since in my infinite wisdom uninstalled AVG when installing McAfee, since Mcafee didn't want to work with Avg. But now I'm left wondering which is a better product.)
  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
On my Windows XP machine, I ran the RootRepeal software and it found the following Stealth Items

ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/09/07 13:06
Program Version: Version
Windows Version: Windows XP Tablet PC Edition SP3

Stealth Objects
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x85fa6298 Size: 3002

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86047658 Size: 2250

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x858fcc88 Size: 890

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8605ba30 Size: 1489

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858d1360 Size: 3234

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x857c9c98 Size: 354

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85e467f8 Size: 2056

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x85994838 Size: 114

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x857f8ed8 Size: 298

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8581a368 Size: 384

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8585cae8 Size: 1186

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86dcb440 Size: 3008

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x861107f8 Size: 2058

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85822110 Size: 2078

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP