Author Topic: TrendMicro kicks to desktop...virus? (Read 338 times)

Toad · « **on:** February 15, 2007, 07:09:38 PM »

I'm running Avast full time but every once in a while I disable it while runnning an online TrendMicro scan.

Trend starts to scan and then somewhere in the temporary files it kicks to desktop, shutting down the browser. It does this in normal or safe modes; that makes no difference.

So, I've been running other various scanners trying to find some reason for that.

Here's a HijackThis log I just did after running a couple of scans in safe mode.

Anyone here see anything that might be a problem? I"ve bolded the ones that I don't recognize as anything I might have loaded.

Logfile of HijackThis v1.99.1
Scan saved at 7:02:23 PM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\John\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.hitechcreations.com/forums
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://remote.harrisconst.com
O15 - Trusted Zone: http://www.heartlandmlsweb.com
O15 - Trusted Zone: http://www.hitechcreations.com
O15 - Trusted Zone: http://housecall65.trendmicro.com
O15 - Trusted Zone: http://*.trendmicro.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://remote.harrisconst.com/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Roscoroo · « **Reply #1 on:** February 16, 2007, 10:46:12 AM »

looks like a battle of the AV programs there ... I think thats the conflict

Toad · « **Reply #2 on:** February 16, 2007, 11:33:26 AM »

Well, I didn't have all those installed when the TrendMicro was barfing. I only had Avast then and I had it shut down.

See any strange entries that might be a lurking invader?

Thanks for taking a look, btw.

Roscoroo · « **Reply #3 on:** February 16, 2007, 01:35:14 PM »

i didnt notice anything that looks like a baddie there ... but there could be one masked as one of the av's ...

but remember you can only have one AV program scanning (enabled) at one time or you can get a software conflict .

the best way to scan is to start up in Safe mode and scan from there if you suspect theres a virus.

TequilaChaser · « **Reply #4 on:** February 16, 2007, 03:39:44 PM »

Todd,
I used to use TrendMicro, and using the Java based version, it started doing the same thing, and then using the active-x kernel for Internet Explorer it began doing that, I since have switched to NOD32 and also Spybot.........I have the free version of AVG, but it is not loaded since I have been able to get NOD32 to work in both IE and Netscape 7.2 ( I use NS7.2 for email and it checks both coming and going emails.........

Vulcan · « **Reply #5 on:** February 16, 2007, 03:50:30 PM »

guys historically avast and avg are very poor performers. Investing a little $$$ in a decent bit of software will save you a lot of time and headaches. NOD32 seems to be the pick at the moment (I sell mcafee for a living so theres I'm not being biased!).

Skuzzy · « **Reply #6 on:** February 16, 2007, 04:48:59 PM »

Vulcan, you sell McAfee? Oh man, I am so sorry.

I steer everyone I can away from Symantec and McAfee products. Those applications have gotten to the point they are worse than the viruses they are supposed to protect your computer from.

I hate having to try and help people who are having problems with the game that run those applications. It is sooooo painful.

Roscoroo(work) · « **Reply #7 on:** February 16, 2007, 06:08:08 PM »

here's what my hijackthis file looks like on my XP pc ... I use fixit utilities(trend micro def's) for my AV /spyware ... and adaware for your comparison.

Logfile of HijackThis v1.99.1
Scan saved at 3:56:01 PM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\DOCUME~1\Satan\LOCALS~1\Temp\Temporary Directory 4 for HijackThis.zip\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.comcast.net/online2/bejeweled2/popcaploader_v6.cab
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe

LePaul · « **Reply #8 on:** February 16, 2007, 07:22:39 PM »

Quote

Originally posted by Skuzzy
Vulcan, you sell McAfee? Oh man, I am so sorry.

I steer everyone I can away from Symantec and McAfee products. Those applications have gotten to the point they are worse than the viruses they are supposed to protect your computer from.

I hate having to try and help people who are having problems with the game that run those applications. It is sooooo painful.

Symantec is a huge resource hog. I'm no fan of McAfee but between the two, Id go Symantec.

What else is out there that you do suggest? Because I've read/researched all of these things...and its a crapshoot as to who scores best. Whoever is top today isnt next month, etc.

Vulcan · « **Reply #9 on:** February 16, 2007, 11:56:57 PM »

Quote

Originally posted by Skuzzy
Vulcan, you sell McAfee? Oh man, I am so sorry.

I steer everyone I can away from Symantec and McAfee products. Those applications have gotten to the point they are worse than the viruses they are supposed to protect your computer from.

I hate having to try and help people who are having problems with the game that run those applications. It is sooooo painful.

Its one of the security products I do. But I sell/run corporate which is vastly different to the home user version (home user version uses .net which just blows chunks). Plus I don't 'sell' the AV stuff, I'm more focussed in the IDP products (hardware and software). field.