[RTAGuy]

Hello,

This morning AVG found the cisvc.exe in the C:\WINDOWS\System32 folder and the C:\WINDOWS\System32\dllcache folder (not sure about the dllcache but it is not on my computer or was hidden). It was found and deleted from 2 spots with popup warning that certain windows files were replaced with unrecognized ones(undoubtedly from having to delete the process file cisvc.exe) and I was asked to put in the Windows CD to replace them.

The virus it was found to have is the trojan "dropper.agent.8.b" or something like that. I am just wondering if anyone has had that happen and know what it is. A while back AVG found my "hijack this" zip file and exe file to have some trojan after I had it on my computer forever. I am not sure how hijack this would have been infected or the cisvc.exe file as I had run a complete AVG scan the day before and found nothing and do not know of anything I could have done that was out of my normal routine.

Is this a sign of a bigger problem?

I run AVG, online panda software scan, trend microscan and bit defender and the only program to have found anything other than AVG is the panda scan. I have not had a chance to run those today because I am not at home.

If I insert the CD like it wants me to would it just put the 2 files that were deleted back?

I did not have a chance to make a Hi Jack this log (from the new one I got) but if that would help I can do that. At a first glance when I ran Hijack this after it deleted the files everything seemed normal. I had no weird entries just 02,03,04,09,16,23(I am pretty sure those numbers are right) which I have checked to be normal.

If anyone has had experience with this or have any suggestions please let me know. If a HiJack This log would help then I can post one. I would have already but had to head off to work so I am going from memory in case someone does recognize this and has a solution.

Thanks

PS Windows OS is Windows XP Home Edition if that helps.

[Advertisements]

I had that virus to, same exe but in the folder:

c:\windows\$NtservicePackUninstall$\

Im sure that was the folder, I allowed AVG to Delete is, but as Rdsok on the AVG forum has suggested is not to delete anything out of the Virus Vault UNTILL you are 100% sure that your computer is not running into problems since its been removed

[RTAGuy]

Thanks for the fast reply.

My problem is the file out of the C:\Windows\system32 folder and the dllcache in the system32 folder.

AVG has it quarantined/deleted for now and it is in the vault but does anyone know how it would be corrupted? Is there something else on the computer no other antivirus is finding?

I got a message saying some stuff may not work right with it because I clicked no to fixing the problem with the CD(I did not have time) but I am not using/testing it right now.

When it asked to put in the CD would it replace those 2 files where they should be with good ones? Can I just dump that file into those folders and it be ok again after a reboot?

Thanks

In case is shows me as a guest this is RTAGuy with the original question

[RTAGuy]

Heuristics on AVG?

I think so. Could that be what is triggering it? Could that be why it flagged the HiJack this program before to?

Hmmmmmm. I tried to restore the file from the vault and it immediately flagged it again.

Maybe it only thinks it is a virus.

It came up out of the blue though. I wonder why it did not do it before.

Any thoughts?

[RTAGuy]

Thanks for the suggestion. I will try that when I get home and with luck that will be the reason. I know the heuristics goes by patterns but aside from this issue the only other odd thing was the Hijack This trojan issue and it would seem to make sense that they may not be infected but rather thought to be. Like even the Hijack This log from this morning did not have anything weird and looked like the last clean one I had.

I hope anyway.

I will let you know when I find out.

Thanks for your help. I did not even think of the heuristics side of it. I know I turned it on in hopes of catching suspicious stuff but I might keep it off now whether it fixes this problem or not.

[RTAGuy]

Hey Tony_1983,

I just got home and turned off the heuristics. I restored the file and it did not do anything. When I tried earlier before turning off heuristics it flagged it immediately and sent it back. This time it did not. I then went to the folder and did an individual file scan with AVG and it said there was no virus so it seems that it was the heuristics. I am wondering if when it flagged the hijack this zip and exe if it was the same thing because that was out of the blue to.

Will the program work as normal again after reboot(cisvc.exe)? It was a start up thing right?

Thanks