Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Alureon + More [Closed]


  • This topic is locked This topic is locked

#31
WintryElf

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I can access virustotal.com. :) However, mysteriously, I did not need to reset the modem. I was about to go do it, tried again to see if I was sure and it worked. My apologies, it wasn't working before, but now it is and I don't know why. Would you still like me to reset my router, or not?

Edited by WintryElf, 28 May 2010 - 10:39 PM.

  • 0

Advertisements


#32
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

how is your PC doing now? Do you have any other issues currently? Please upload the file directly, if you have access now. There's no need to reset the router, but it won't harm either if you decide to do it anyways.

regards myrti
  • 0

#33
WintryElf

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
My PC is doing great! Much better than before, I'm very happy with how it's running.

I'll upload the files now.

EDIT: The XDva files are not in my System32 folder. Which file were you referring to?

Edited by WintryElf, 30 May 2010 - 06:58 PM.

  • 0

#34
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

yeah, it seems as if the files might be missing. Can you please upload this file instead:
C:\Windows\System32\ws2_32.dll

regards myrti
  • 0

#35
WintryElf

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
File ws2_32.dll received on 2010.06.03 03:34:24 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.03 -
AhnLab-V3 2010.06.03.01 2010.06.02 -
AntiVir 8.2.2.4 2010.06.02 -
Antiy-AVL 2.0.3.7 2010.06.02 -
Authentium 5.2.0.5 2010.06.03 -
Avast 4.8.1351.0 2010.06.02 -
Avast5 5.0.332.0 2010.06.02 -
AVG 9.0.0.787 2010.06.02 -
BitDefender 7.2 2010.06.03 -
CAT-QuickHeal 10.00 2010.06.02 -
ClamAV 0.96.0.3-git 2010.06.03 -
Comodo 4980 2010.06.01 -
DrWeb 5.0.2.03300 2010.06.02 -
eSafe 7.0.17.0 2010.06.01 -
eTrust-Vet 35.2.7526 2010.06.02 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.02 -
Fortinet 4.1.133.0 2010.06.02 -
GData 21 2010.06.03 -
Ikarus T3.1.1.84.0 2010.06.03 -
Jiangmin 13.0.900 2010.06.02 -
Kaspersky 7.0.0.125 2010.06.02 -
McAfee 5.400.0.1158 2010.06.03 -
McAfee-GW-Edition 2010.1 2010.06.02 -
Microsoft 1.5802 2010.06.02 -
NOD32 5167 2010.06.02 -
Norman 6.04.12 2010.06.02 -
nProtect 2010-06-02.01 2010.06.02 -
Panda 10.0.2.7 2010.06.02 -
PCTools 7.0.3.5 2010.06.03 -
Prevx 3.0 2010.06.03 -
Rising 22.50.03.01 2010.06.03 -
Sophos 4.53.0 2010.06.03 -
Sunbelt 6397 2010.06.03 -
Symantec 20101.1.0.89 2010.06.03 -
TheHacker 6.5.2.0.292 2010.06.03 -
TrendMicro 9.120.0.1004 2010.06.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.03 -
VBA32 3.12.12.5 2010.06.02 -
ViRobot 2010.6.1.2333 2010.06.02 -
VirusBuster 5.0.27.0 2010.06.02 -
Additional information
File size: 179200 bytes
MD5...: b304d47d5744ba20fcb99fb8b2c07b0b
SHA1..: 40ff7bde32ce0e5f5e0fb4283f8c65b66f72b13f
SHA256: 16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8
ssdeep: 3072:x3HvZMUw4WOy04HNF4gHTfGimd40QFW+eIpqPvbG8plrjk/Nj11:t2UTa04
7rGimd4057G8p1k/Nj1
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1434
timedatestamp.....: 0x4791a798 (Sat Jan 19 07:32:40 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x23e0b 0x24000 6.53 fb1ec7d791831e78feb564120f1e026b
.data 0x25000 0xe2c 0xe00 4.51 ace438accfaf763efa64fccc40f5d733
.rsrc 0x26000 0x4e50 0x5000 3.66 b11b749fc580f178f5322a87a0d20986
.reloc 0x2b000 0x1818 0x1a00 6.50 841c9be872a9a158368ff23898435452

( 6 imports )
> msvcrt.dll: _vsnwprintf, _vsnprintf, wcsstr, strtoul, __isascii, strchr, wcschr, _wcsnicmp, memset, atoi, fgets, fopen, fclose, _stricmp, sprintf_s, strcpy_s, towupper, isspace, wcsncmp, _XcptFilter, malloc, free, _initterm, _amsg_exit, _adjust_fdiv, _except_handler4_common, _unlock, __dllonexit, _lock, _onexit, memcpy
> ADVAPI32.dll: OpenProcessToken, IsValidSid, CopySid, GetTokenInformation, EventRegister, EventWrite, EventUnregister, GetSecurityDescriptorDacl, AllocateAndInitializeSid, FreeSid, GetLengthSid, GetAclInformation, GetAce, EqualSid, InitializeSecurityDescriptor, InitializeAcl, AddAccessDeniedAce, AddAccessAllowedAce, SetSecurityDescriptorDacl, RegGetKeySecurity, CreateServiceA, ChangeServiceConfigA, ImpersonateLoggedOnUser, RevertToSelf, OpenSCManagerA, OpenServiceA, CloseServiceHandle, StartServiceA, QueryServiceStatus, OpenThreadToken, CheckTokenMembership, TraceMessage, RegQueryValueExW, RegCreateKeyExA, RegCloseKey, RegOpenKeyExA, RegSetValueExW, RegSetValueExA, RegLoadMUIStringW, RegQueryValueExA, RegDeleteKeyA, RegEnumKeyExA, RegNotifyChangeKeyValue
> KERNEL32.dll: LocalAlloc, HeapReAlloc, lstrcmpA, InitializeCriticalSectionAndSpinCount, IsWow64Process, GetCurrentProcess, CreateEventW, GetCurrentThread, GetCurrentThreadId, DuplicateHandle, QueueUserAPC, GlobalFree, GetModuleFileNameA, GlobalAlloc, ResumeThread, GetModuleHandleA, DeviceIoControl, GetCurrentProcessId, InterlockedExchangeAdd, PulseEvent, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, DelayLoadFailureHook, GetTickCount, SetLastError, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, SetEvent, EnterCriticalSection, InterlockedIncrement, FreeLibraryAndExitThread, CloseHandle, WaitForSingleObject, FreeLibrary, CreateThread, GetModuleHandleExA, CreateEventA, GetProcAddress, LoadLibraryA, LoadLibraryExW, ExpandEnvironmentStringsW, lstrlenW, HeapDestroy, TlsFree, GetProcessHeap, HeapCreate, GetSystemInfo, TlsAlloc, SwitchToThread, LocalFree, GetCommandLineW, GetModuleFileNameW, InterlockedExchange, LoadLibraryW, GetHandleInformation, TlsSetValue, ResetEvent, WaitForMultipleObjectsEx, GetWindowsDirectoryA, GetSystemDirectoryA, ExpandEnvironmentStringsA, GetVersionExA, GetComputerNameA, GetEnvironmentVariableA, HeapFree, HeapAlloc, InterlockedCompareExchange, lstrlenA, Sleep
> ntdll.dll: RtlGetNtProductType, NtOpenFile, NtQueryDirectoryFile, NtCreateNamedPipeFile, NtFsControlFile, NtWaitForSingleObject, NtCreateFile, RtlNtStatusToDosError, RtlImpersonateSelf, RtlAdjustPrivilege, NtLoadDriver, NtDeviceIoControlFile, NtClose, NtDelayExecution, RtlCompareMemory, RtlIpv6StringToAddressExW, RtlIpv6AddressToStringExW, RtlIpv4AddressToStringExW, RtlIpv6AddressToStringExA, RtlIpv4AddressToStringExA, RtlIpv6StringToAddressW, RtlIpv4StringToAddressW, RtlIpv6StringToAddressA, RtlIpv4StringToAddressA, RtlInitUnicodeString
> RPCRT4.dll: RpcEpRegisterW, RpcServerInqBindings, RpcServerUseProtseqW, RpcServerUnregisterIfEx, RpcServerUnregisterIf, RpcServerRegisterIfEx, RpcServerListen, RpcRevertToSelf, RpcImpersonateClient, RpcBindingInqAuthClientW, I_RpcBindingInqTransportType, NdrAsyncServerCall, NdrServerCall2, UuidCreate, RpcBindingVectorFree, RpcBindingInqObject, RpcAsyncCompleteCall, RpcEpUnregister
> NSI.dll: NsiSetAllParameters, NsiGetParameter, NsiGetAllParameters

( 167 exports )
FreeAddrInfoEx, FreeAddrInfoExW, FreeAddrInfoW, GetAddrInfoExA, GetAddrInfoExW, GetAddrInfoW, GetNameInfoW, InetNtopW, InetPtonW, SetAddrInfoExA, SetAddrInfoExW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAdvertiseProvider, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSAConnectByList, WSAConnectByNameA, WSAConnectByNameW, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersExA, WSAEnumNameSpaceProvidersExW, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAPoll, WSAProviderCompleteAsyncCall, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendMsg, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnadvertiseProvider, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetApplicationCategory, WSCGetProviderInfo, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallNameSpaceEx, WSCInstallProvider, WSCInstallProviderAndChains, WSCSetApplicationCategory, WSCSetProviderInfo, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahCloseSocketHandle, WahCloseThread, WahCompleteRequest, WahCreateHandleContextTable, WahCreateNotificationHandle, WahCreateSocketHandle, WahDestroyHandleContextTable, WahDisableNonIFSHandleSupport, WahEnableNonIFSHandleSupport, WahEnumerateHandleContexts, WahInsertHandleContext, WahNotifyAllProcesses, WahOpenApcHelper, WahOpenCurrentThread, WahOpenHandleHelper, WahOpenNotificationHandleHelper, WahQueueUserApc, WahReferenceContextByHandle, WahRemoveHandleContext, WahWaitForNotification, WahWriteLSPEvent, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, inet_ntop, inet_pton, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Socket 2.0 32-Bit DLL
original name: ws2_32.dll
internal name: ws2_32.dll
file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
  • 0

#36
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

how is your PC doing? Still great?

I would like to run a scan with Eset to check for possible leftovers:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

regards myrti
  • 0

#37
WintryElf

WintryElf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi, I'm sorry, I actually forgot about this thread for a day or two because of how well my PC was running. :)
Running ESET now.
  • 0

#38
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

I'm still waiting on the log from Eset. Was it clean?

regards myrti
  • 0

#39
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP