You are not logged in.

Friday, April 25th 2014, 2:54am

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "farzan microsoft" started this thread

Date of registration:
Oct 29th 2010

Version:
none
Avira Free Antivirus
Avira Antivirus Premium
Avira Internet Security
Avira Free Mac Security
Avira Free Unix/Linux

Operating System:
all os type

  • Send private message

1

Tuesday, February 28th 2012, 3:04pm

Avira Rescue CD

hi
i always scan my system every week , but now i have one hidden object in my C: and avira warn me : one or more hidden objects that indicate a hidden virus or unwanted program were found.
an analysis of your computer with the avira rescue CD is necessary for exact identification and repair. do you want to cancel the scan ?

I have scan my PC with avira Boo table disk and that was fully update from internet,but couldn't fined any hidden object or rotkit . i have 2 report after scan bye rescue disk

Scan just boot sectors :
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.10.8
VDF Version: 7.11.24.8
Scan start time: Sun Feb 26 19:39:00 2012
configuration file: /etc/avira/scancl.conf
WARNING: [Error opening file. (No such file or directory)] Master boot sector (disk /dev/hda)


WARNING: [Error opening file. (No such file or directory)] Master boot sector (disk /dev/hdb)


Master boot sector (disk /dev/sda)
Master boot sector (disk /dev/sdb)
WARNING: [IO error on file] Master boot sector (disk /dev/sr0)


Boot sector (/dev/sda1)
Boot sector (/dev/sda2)
Boot sector (/dev/sda3)
Boot sector (/dev/sda4)
Boot sector (/dev/sda5)
Boot sector (/dev/sda6)
WARNING: [Error opening file. (No such file or directory)] Boot sector (/dev/sr1)


Boot sector (/dev/sdb1)
Statistics :
Master boot sectors....... : 2
Infected.............. : 0
Boot sectors.............. : 7
Infected.............. : 0
Directories............... : 0
Files..................... : 1
Infected.............. : 0
Warnings.............. : 4
Suspicious............ : 0
Infections................ : 0



Full System Scan :
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.10.8
VDF Version: 7.11.24.6
Scan start time: Sun Feb 26 11:01:11 2012
configuration file: /etc/avira/scancl.conf
WARNING: [Compression method not supported] /media/Devices/sda2/DriverPack Solution 2012/drp/DP_Phone_wnt5_x86-32_1002.7z
WARNING: [All files in archive are encrypted] /media/Devices/sda2/DriverPack Solution 2012/drp/Vista-7-x64/DP_Chipset_wnt6-x64_1112.7z --> x64/C/USB/Fresco/33350INF.7z
WARNING: [Unsupported archive version] /media/Devices/sda2/DriverPack Solution 2012/drp/XP/DP_Monitor_wnt5_x86-32_1005.7z --> D/3/MON/IIY/MA901U.exe
WARNING: [File is encrypted] /media/Devices/sda2/Software/Dic/Setup.exe --> Bin\E_a04084
WARNING: [File is encrypted] /media/Devices/sda2/Software/Dic/Setup.exe --> AriaPolis.cdd
WARNING: [Unexpected end of file] /media/Devices/sda2/Software/iso/ISO/! Clinet Projects/PASS CAPE.iso --> SOURCES/BOOT.WIM --> 1/Apps/K-meleon/uninstall.exe
Statistics :
Directories............... : 35714
Archives.................. : 19497
Files..................... : 6544966
Infected.............. : 7
Deleted........... : 7
Warnings.............. : 678
Suspicious............ : 0
Infections................ : 7
But after restart and scan system in windows with Avira Internet Security , again warn me for hidden object!!! I have scan my system via avira rotkit removal tools and have a report from that
Avira AntiRootkit Tool (1.3.0.1)

========================================================================================================
- Scan started Tuesday, February 28, 2012 - 12:31:48 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 99.51 GB
- Working disk free size : 30.79 GB (30 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/253778
Registry items: 0/688091
Processes: 0/87
Scan time: 00:03:14
--------------------------------------------------------------------------------------------------------
Active processes:
- System (PID 4)
- services.exe (PID 896)
- lsm.exe (PID 940)
- WinServiceOne. (PID 3264)
- svchost.exe (PID 1340)
- svchost.exe (PID 124)
- avguard.exe (PID 680)
- smss.exe (PID 492)
- chrome.exe (PID 6112)
- ASCService.exe (PID 596)
- TrueImageMonit (PID 3512)
- csrss.exe (PID 664)
- wininit.exe (PID 796)
- csrss.exe (PID 816)
- winlogon.exe (PID 860)
- lsass.exe (PID 932)
- svchost.exe (PID 4016)
- svchost.exe (PID 3156)
- chrome.exe (PID 5248)
- vmware-usbarbi (PID 2408)
- rundll32.exe (PID 4284)
- svchost.exe (PID 1764)
- avshadow.exe (PID 1116)
- conhost.exe (PID 1124)
- nvvsvc.exe (PID 1152)
- nvSCPAPISvr.ex (PID 1176)
- taskhost.exe (PID 1128)
- svchost.exe (PID 1220)
- svchost.exe (PID 1404)
- afcdpsrv.exe (PID 2532)
- svchost.exe (PID 1376)
- SearchIndexer. (PID 4328)
- sched.exe (PID 2004)
- svchost.exe (PID 1496)
- nvxdsync.exe (PID 1716)
- audiodg.exe (PID 1508)
- vmnat.exe (PID 2016)
- chrome.exe (PID 3492)
- svchost.exe (PID 1620)
- WLIDSVC.EXE (PID 3016)
- IMFsrv.exe (PID 1664)
- svchost.exe (PID 3124)
- nvvsvc.exe (PID 1740)
- dwm.exe (PID 1784)
- spoolsv.exe (PID 1956)
- explorer.exe (PID 2080)
- OSPPSVC.EXE (PID 6528)
- svchost.exe (PID 3032)
- wmdc.exe (PID 1436)
- sidebar.exe (PID 2360)
- schedul2.exe (PID 2464)
- alg.exe (PID 2580)
- avfwsvc.exe (PID 2728)
- avmailc.exe (PID 2808)
- avwebgrd.exe (PID 2828)
- nlssrv32.exe (PID 2940)
- PassThruSvr.ex (PID 2960)
- vmnetdhcp.exe (PID 3108)
- avgnt.exe (PID 3216)
- vmware-tray.ex (PID 3236)
- WLIDSVCM.EXE (PID 3320)
- svchost.exe (PID 4544)
- taskmgr.exe (PID 3608)
- dllhost.exe (PID 5472)
- IEMonitor.exe (PID 4716)
- Everything.exe (PID 11148)
- svchost.exe (PID 5264)
- wmpnetwk.exe (PID 5392)
- taskhost.exe (PID 10392)
- IDMan.exe (PID 47860)
- YahooMessenger (PID 79972)
- chrome.exe (PID 51684)
- chrome.exe (PID 71940)
- YahooMessenger (PID 84104)
- chrome.exe (PID 71788)
- chrome.exe (PID 87120)
- WmiPrvSE.exe (PID 80468)
- explorer.exe (PID 85072)
- chrome.exe (PID 86960)
- SearchProtocol (PID 86272)
- svchost.exe (PID 87484)
- avirarkd.exe (PID 86860)
- juacivip.exe (PID 85108) (Avira AntiRootkit Tool)
- explorer.exe (PID 87236)
- avira_antivir_ (PID 86368)
- VSSVC.exe (PID 87448)
- SearchFilterHo (PID 87684)
========================================================================================================
- Scan finished Tuesday, February 28, 2012 - 12:35:03 PM
========================================================================================================
I have cheek my system with Emsisoft hijack free and noting I found
what should i do ?

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

2

Tuesday, February 28th 2012, 3:20pm

Hi farzan,

i always scan my system every week , but now i have one hidden object in my C: and avira warn me : one or more hidden objects that indicate a hidden virus or unwanted program were found.
Could you please post the report file from your latest complete system scan?

Marco
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "farzan microsoft" started this thread

Date of registration:
Oct 29th 2010

Version:
none
Avira Free Antivirus
Avira Antivirus Premium
Avira Internet Security
Avira Free Mac Security
Avira Free Unix/Linux

Operating System:
all os type

  • Send private message

3

Tuesday, February 28th 2012, 8:54pm

Avira Internet Security 2012
Report file date: Tuesday, February 28, 2012 10:01

Scanning for 3502423 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : xxxxxxxxxxxxx
Serial number : xxxxxxxxxxxx
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username :xxxxxxxxxxxx
Computer name : xxxxxxxxxx

Version information:
BUILD.DAT : 12.0.0.860 48676 Bytes 01/31/2012 14:36:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 02/15/2012 11:26:00
AVSCAN.DLL : 12.1.0.18 54224 Bytes 02/15/2012 11:26:00
LUKE.DLL : 12.1.0.19 68304 Bytes 02/15/2012 11:26:00
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 02/15/2012 11:26:00
AVREG.DLL : 12.1.0.29 228048 Bytes 02/15/2012 11:26:00
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/06/2009 15:09:30
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:09:32
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 21:45:11
VBASE003.VDF : 7.11.21.238 4472832 Bytes 02/01/2012 10:50:29
VBASE004.VDF : 7.11.21.239 2048 Bytes 02/01/2012 10:50:30
VBASE005.VDF : 7.11.21.240 2048 Bytes 02/01/2012 10:50:30
VBASE006.VDF : 7.11.21.241 2048 Bytes 02/01/2012 10:50:31
VBASE007.VDF : 7.11.21.242 2048 Bytes 02/01/2012 10:50:31
VBASE008.VDF : 7.11.21.243 2048 Bytes 02/01/2012 10:50:32
VBASE009.VDF : 7.11.21.244 2048 Bytes 02/01/2012 10:50:32
VBASE010.VDF : 7.11.21.245 2048 Bytes 02/01/2012 10:50:32
VBASE011.VDF : 7.11.21.246 2048 Bytes 02/01/2012 10:50:33
VBASE012.VDF : 7.11.21.247 2048 Bytes 02/01/2012 10:50:33
VBASE013.VDF : 7.11.22.33 1486848 Bytes 02/03/2012 10:35:40
VBASE014.VDF : 7.11.22.56 687616 Bytes 02/03/2012 16:25:26
VBASE015.VDF : 7.11.22.92 178176 Bytes 02/06/2012 17:17:04
VBASE016.VDF : 7.11.22.154 144896 Bytes 02/08/2012 16:56:00
VBASE017.VDF : 7.11.22.220 183296 Bytes 02/13/2012 17:39:29
VBASE018.VDF : 7.11.23.34 202752 Bytes 02/15/2012 15:25:09
VBASE019.VDF : 7.11.23.98 126464 Bytes 02/17/2012 13:44:50
VBASE020.VDF : 7.11.23.150 148480 Bytes 02/20/2012 06:34:29
VBASE021.VDF : 7.11.23.224 172544 Bytes 02/23/2012 14:35:09
VBASE022.VDF : 7.11.23.225 2048 Bytes 02/23/2012 14:35:09
VBASE023.VDF : 7.11.23.226 2048 Bytes 02/23/2012 14:35:09
VBASE024.VDF : 7.11.23.227 2048 Bytes 02/23/2012 14:35:10
VBASE025.VDF : 7.11.23.228 2048 Bytes 02/23/2012 14:35:10
VBASE026.VDF : 7.11.23.229 2048 Bytes 02/23/2012 14:35:10
VBASE027.VDF : 7.11.23.230 2048 Bytes 02/23/2012 14:35:11
VBASE028.VDF : 7.11.23.231 2048 Bytes 02/23/2012 14:35:11
VBASE029.VDF : 7.11.23.232 2048 Bytes 02/23/2012 14:35:12
VBASE030.VDF : 7.11.23.233 2048 Bytes 02/23/2012 14:35:12
VBASE031.VDF : 7.11.24.36 137216 Bytes 02/27/2012 22:39:35
Engineversion : 8.2.10.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 12/25/2011 21:50:14
AESCRIPT.DLL : 8.1.4.7 442746 Bytes 02/23/2012 19:14:04
AESCN.DLL : 8.1.8.2 131444 Bytes 01/26/2012 22:14:54
AESBX.DLL : 8.2.4.5 434549 Bytes 12/25/2011 21:50:31
AERDL.DLL : 8.1.9.15 639348 Bytes 10/24/2011 15:09:30
AEPACK.DLL : 8.2.16.3 799094 Bytes 02/09/2012 21:00:03
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 12/30/2011 10:40:55
AEHEUR.DLL : 8.1.4.0 4436342 Bytes 02/23/2012 19:13:49
AEHELP.DLL : 8.1.19.0 254327 Bytes 01/19/2012 17:31:42
AEGEN.DLL : 8.1.5.21 409971 Bytes 02/02/2012 22:56:56
AEEXP.DLL : 8.1.0.23 70005 Bytes 02/23/2012 19:14:07
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/24/2011 15:09:30
AECORE.DLL : 8.1.25.4 201079 Bytes 02/13/2012 13:03:10
AEBB.DLL : 8.1.1.0 53618 Bytes 10/24/2011 15:09:30
AVWINLL.DLL : 12.1.0.17 27344 Bytes 09/23/2011 08:43:08
AVPREF.DLL : 12.1.0.17 51920 Bytes 09/23/2011 08:23:51
AVREP.DLL : 12.1.0.17 179920 Bytes 12/25/2011 21:56:04
AVARKT.DLL : 12.1.0.23 209360 Bytes 02/15/2012 11:26:00
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 09/23/2011 08:04:29
SQLITE3.DLL : 3.7.0.0 398288 Bytes 09/15/2011 22:35:53
AVSMTP.DLL : 12.1.0.17 63440 Bytes 09/23/2011 08:33:39
NETNT.DLL : 12.1.0.17 17104 Bytes 09/23/2011 09:28:00
RCIMAGE.DLL : 12.1.0.17 4821200 Bytes 09/23/2011 10:07:20
RCTEXT.DLL : 12.1.0.16 96208 Bytes 09/23/2011 10:07:18

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:, G:, W:, X:, Y:, Z:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Skipped files.......................: Shank2.exe, Win2k8r2 21011.iso,
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Tuesday, February 28, 2012 10:01

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting search for hidden objects.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'IDMan.exe' - '1' Module(s) have been scanned
Scan process 'Everything.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'IEMonitor.exe' - '1' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned
Scan process 'WinServiceOne.exe' - '1' Module(s) have been scanned
Scan process 'vmware-tray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned
Scan process 'vmnat.exe' - '1' Module(s) have been scanned
Scan process 'PassThruSvr.exe' - '1' Module(s) have been scanned
Scan process 'nlssrv32.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'afcdpsrv.exe' - '1' Module(s) have been scanned
Scan process 'IMFsrv.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ASCService.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '690' files ).


Starting the file scan:

Begin scan in 'C:\' <Windows 7 X64 SP1>


End of the scan: Tuesday, February 28, 2012 12:29
Used time: 2:28:31 Hour(s)

The scan has been canceled!

3461 Scanned directories
111970 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
111970 Files not concerned
780 Archives were scanned
0 Warnings
1 Notes
29452 Objects were scanned with rootkit scan
1 Hidden objects were found

This post has been edited 1 times, last edit by "Chess2008" (Feb 28th 2012, 9:08pm) with the following reason: Personal data deleted.


marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

4

Tuesday, February 28th 2012, 10:37pm

Hi farzan,

Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.
This is usually associated with Daemon Tools or some other software installed to emulation CD/DVD emulation. It's scheduled to be fixed in the next product updates.

Marco
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "farzan microsoft" started this thread

Date of registration:
Oct 29th 2010

Version:
none
Avira Free Antivirus
Avira Antivirus Premium
Avira Internet Security
Avira Free Mac Security
Avira Free Unix/Linux

Operating System:
all os type

  • Send private message

5

Monday, March 5th 2012, 6:17am

Hi
i have stile problem with the Hidden objects ! after many updates
the new problem is : Rescue disk dos not support Raid disk on servers ! what is your Purpose to scan servers ? ? ?