BleepingComputer.com: Devcon.exe

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Devcon.exe Can I delete it?

#16 User is offline   JannEd 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 141
  • Joined: 27-April 11
  • Gender:Female
  • Location:Lake of the Ozarks, MO

Posted 09 May 2011 - 09:53 PM

View Postcryptodan, on 09 May 2011 - 09:15 PM, said:

Can you please post the logs from all the scans you have done minus the HiJackthis?


I didn't run HJT. NONE of the programs I used caught that virus but Stinger, which I have only a .jpg. I didn't see the save this file button until some time later when it was too late. But if you really want to see them:

Avira AntiVir Personal
Report file date: Sunday, May 08, 2011 15:04

Scanning for 2695179 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JENSYDAL-PC

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/29/2011 18:48:12
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 2/8/2011 14:46:32
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:08:46
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 13:53:15
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 18:48:09
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 18:48:09
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 18:48:09
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 18:48:09
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 18:48:09
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 18:48:09
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 18:48:09
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 18:48:09
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 18:48:09
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 18:48:09
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 18:48:09
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 18:48:09
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 18:48:10
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 18:48:10
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 18:48:10
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 18:48:10
VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 18:48:10
VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 18:48:10
VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 16:17:32
VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 16:17:34
VBASE023.VDF : 7.11.7.138 2048 Bytes 5/4/2011 16:17:34
VBASE024.VDF : 7.11.7.169 126464 Bytes 5/6/2011 16:17:35
VBASE025.VDF : 7.11.7.170 2048 Bytes 5/6/2011 16:17:35
VBASE026.VDF : 7.11.7.171 2048 Bytes 5/6/2011 16:17:35
VBASE027.VDF : 7.11.7.172 2048 Bytes 5/6/2011 16:17:35
VBASE028.VDF : 7.11.7.173 2048 Bytes 5/6/2011 16:17:35
VBASE029.VDF : 7.11.7.174 2048 Bytes 5/6/2011 16:17:35
VBASE030.VDF : 7.11.7.175 2048 Bytes 5/6/2011 16:17:36
VBASE031.VDF : 7.11.7.176 2048 Bytes 5/6/2011 16:17:36
Engineversion : 8.2.4.228
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/26/2011 19:09:13
AESCRIPT.DLL : 8.1.3.61 1253754 Bytes 5/7/2011 16:17:44
AESCN.DLL : 8.1.7.2 127349 Bytes 1/26/2011 19:09:12
AESBX.DLL : 8.1.3.2 254324 Bytes 1/26/2011 19:09:14
AERDL.DLL : 8.1.9.9 639347 Bytes 4/3/2011 17:22:10
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/29/2011 18:48:11
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 5/7/2011 16:17:42
AEHEUR.DLL : 8.1.2.113 3494263 Bytes 5/7/2011 16:17:42
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/8/2011 14:46:25
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/29/2011 18:48:11
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/26/2011 19:09:02
AECORE.DLL : 8.1.20.2 196982 Bytes 4/29/2011 18:48:11
AEBB.DLL : 8.1.1.0 53618 Bytes 1/26/2011 19:09:01
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.9 174120 Bytes 4/29/2011 18:48:13
AVREG.DLL : 10.0.3.2 53096 Bytes 2/8/2011 14:46:28
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/29/2011 18:48:12
AVARKT.DLL : 10.0.22.6 231784 Bytes 2/8/2011 14:46:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 2/8/2011 14:46:25

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Sunday, May 08, 2011 15:04

Starting search for hidden objects.
c:\acer\empowering technology\erecovery\mbrwrwin.exe
c:\acer\empowering technology\erecovery\mbrwrwin.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'avscan.exe' - '74' Module(s) have been scanned
Scan process 'werfault.exe' - '31' Module(s) have been scanned
Scan process 'avscan.exe' - '80' Module(s) have been scanned
Scan process 'avcenter.exe' - '79' Module(s) have been scanned
Scan process 'wuauclt.exe' - '57' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'Apntex.exe' - '40' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '28' Module(s) have been scanned
Scan process 'igfxext.exe' - '22' Module(s) have been scanned
Scan process 'ERAGENT.EXE' - '47' Module(s) have been scanned
Scan process 'ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE' - '130' Module(s) have been scanned
Scan process 'EPOWER_DMC.EXE' - '66' Module(s) have been scanned
Scan process 'ENMTRAY.EXE' - '103' Module(s) have been scanned
Scan process 'vcw.exe' - '66' Module(s) have been scanned
Scan process 'LManager.exe' - '53' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '30' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '48' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '47' Module(s) have been scanned
Scan process 'Apoint.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'hkcmd.exe' - '42' Module(s) have been scanned
Scan process 'igfxpers.exe' - '42' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '83' Module(s) have been scanned
Scan process 'igfxtray.exe' - '43' Module(s) have been scanned
Scan process 'sidebar.exe' - '68' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '78' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '62' Module(s) have been scanned
Scan process 'Explorer.EXE' - '151' Module(s) have been scanned
Scan process 'Dwm.exe' - '55' Module(s) have been scanned
Scan process 'taskeng.exe' - '96' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '56' Module(s) have been scanned
Scan process 'unsecapp.exe' - '31' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '51' Module(s) have been scanned
Scan process 'capuserv.exe' - '69' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '46' Module(s) have been scanned
Scan process 'xaudio.exe' - '17' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'MobilityService.exe' - '36' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '21' Module(s) have been scanned
Scan process 'eNet Service.exe' - '50' Module(s) have been scanned
Scan process 'avshadow.exe' - '34' Module(s) have been scanned
Scan process 'eLockServ.exe' - '39' Module(s) have been scanned
Scan process 'eDSService.exe' - '31' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '34' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '50' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '57' Module(s) have been scanned
Scan process 'spoolsv.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '150' Module(s) have been scanned
Scan process 'svchost.exe' - '112' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '33' Module(s) have been scanned
Scan process 'lsm.exe' - '25' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '29' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1633' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
Begin scan in 'D:\' <DATA>


End of the scan: Sunday, May 08, 2011 16:24
Used time: 1:19:22 Hour(s)

The scan has been done completely.

16306 Scanned directories
194357 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
194357 Files not concerned
690 Archives were scanned
0 Warnings
1 Notes
335451 Objects were scanned with rootkit scan
1 Hidden objects were found

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6526

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

5/8/2011 5:15:39 PM
mbam-log-2011-05-08 (17-15-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 207315
Time elapsed: 42 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Users\jensydal\AppData\Local\vcw.exe (Trojan.ExeShell.Gen) -> 3732 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\jensydal\AppData\Local\vcw.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

Stinger I can't C&P. As you can see I ran Avira first and MBAM second and Avira didn't find anything. I ran SuperAntiSpyware but for the life of me I can't figure why the dates of the logs stop at 4-29-2011.

Jann

#17 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 09 May 2011 - 09:56 PM

Can you post the image to http://www.imageshack.us then post a link here.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#18 User is offline   JannEd 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 141
  • Joined: 27-April 11
  • Gender:Female
  • Location:Lake of the Ozarks, MO

Posted 09 May 2011 - 10:03 PM

View Postboopme, on 09 May 2011 - 09:19 PM, said:

Hello, Trend Micro has been known to ignore submissions from users not running their products. However, in informal tests, selecting HouseCall (their online, free scanner) got a detection added, although in most cases no notification of the detection was received, and in some cases the submission was simply ignored.

Since It was Stinger they may look. I believe you saw it.
I would add be p;eased it is gone.

These are what I found.
http://support.microsoft.com/kb/311272
http://social.technet.microsoft.com/wiki/contents/articles/how-to-obtain-the-current-version-of-device-console-utility-devcon-exe.aspx
http://blogs.technet.com/b/deploymentguys/archive/2009/12/16/where-to-find-devcon-exe.aspx


I was going to post that support page in my last post but I thought you would be insulted! LOL I thought you would come back with something like: I know that! I can be such a paranoid woman sometimes!

You can't imagine how happy I am to see it gone. The one thing I have gotten out of fixing these three machines is just more knowledge to store in my head. Every time there is something that comes up that I am either clueless about or only know a little about, I research, come into techie forums and read or ask. That is actually the way I learned all that I do know. Last week it was rootkit attached to the MBR in a machine, this week, Devcon.

You guys are the best!

Jann

#19 User is offline   JannEd 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 141
  • Joined: 27-April 11
  • Gender:Female
  • Location:Lake of the Ozarks, MO

Posted 09 May 2011 - 10:09 PM

View Postcryptodan, on 09 May 2011 - 09:56 PM, said:

Can you post the image to http://www.imageshack.us then post a link here.


That was fun. http://imageshack.us/photo/my-images/577/stinger1.jpg/

#20 User is offline   JannEd 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 141
  • Joined: 27-April 11
  • Gender:Female
  • Location:Lake of the Ozarks, MO

Posted 09 May 2011 - 10:12 PM

View PostJannEd, on 09 May 2011 - 10:09 PM, said:

View Postcryptodan, on 09 May 2011 - 09:56 PM, said:

Can you post the image to http://www.imageshack.us then post a link here.


That was fun. http://imageshack.us/photo/my-images/577/stinger1.jpg/


I forgot to add: Don't pay any attention to the paths in the first two boxes. I took the screen shot awhile after it found this so that up on top was just during the rest of the scan.

J

#21 User is offline   JannEd 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 141
  • Joined: 27-April 11
  • Gender:Female
  • Location:Lake of the Ozarks, MO

Posted 09 May 2011 - 10:16 PM

ImageShack. I was about to close that site out and WHAM!! FF shut down and TWO sites were brought up, one of them was one I recognized from the Win7 machine when I first got it, called WeeklyContest. The other one I shut down very quick. Seems I best do another scan. This should be very interesting.

J

#22 User is offline   JannEd 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 141
  • Joined: 27-April 11
  • Gender:Female
  • Location:Lake of the Ozarks, MO

Posted 10 May 2011 - 08:27 PM

View PostJannEd, on 09 May 2011 - 10:16 PM, said:

ImageShack. I was about to close that site out and WHAM!! FF shut down and TWO sites were brought up, one of them was one I recognized from the Win7 machine when I first got it, called WeeklyContest. The other one I shut down very quick. Seems I best do another scan. This should be very interesting.

J


Answering my own post. All was well with the computer. I don't know why that happened but in my attempts to replicate it, nothing and the scans showed nothing.

I am now at home with my computer. I run XP Pro SP3 on a Mac Mini (MacOs on the other partition) so I looked for Devcon on it. Nothing. I have a 'test' desk top and put in a hard drive with Win 2000 Pro. Wasn't there either. So, I am at a loss. I hope nothing ever happens to my MM. I can open a laptop and a desktop and a tower and know what I am doing. I haven't even opened this one!!

And since I am a back up queen, it wouldn't be data I worry about. HDD failure or something else. But this isn't the forum for that. Anyhow, what did you think of the Stinger file?

Jann (and I think for now we can put this topic to rest, eh?)

#23 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 10 May 2011 - 08:58 PM

The scans showed that you are clean, so if your computer has no issues then more then likely the system is clean. If you have more issues please do not hesitate in reporting.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users