Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus - Help!


  • Please log in to reply
12 replies to this topic

#1 Tom2007

Tom2007

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 02 September 2007 - 04:58 AM

hi,
i think i am infected with the above virus and my anti-virus software (pc guard...NTL own virus software) will not delete it! ive also tried to delete it myself but had no luck.
my antivirus recognises it and i get a pop up saying it will be deleted next time i reboot, i click ok but still doesnt delete it.
The weird thing is my virus software detects it but when i do a manual scan it claims that my harddrive is clean.
As yet this virus doesnt seem to affect the running of my pc....no slowing etc although it wont let me load up my steinberg nuendo programme (which is a music production software programme). I think this is because the infected file is H20 which has something to do with the nuendo programme. here is the infected file:
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL


Also, each time i turn my pc on i get a little error box saying 'cled error #001'.

The main reason why im worried is because ive just formatted my pc due to me having this virus before i formatted it.......and its returned again and its really annoying me because i cant use my nuendo programme

please could somebody get back to me on how to get rid of this., thank you!

here is my virus log from PC GUARD.......

Filename Virus Action Date
C:\PROGRA~1\SYNCRO~1\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:07:10 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:08:55 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:09:07 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:09:18 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:09:30 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:09:42 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:09:55 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:10:07 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:10:44 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:10:57 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:11:09 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:11:21 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:11:33 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:11:46 AM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{81D859D6-F787-4AC2-887F-9BAA6F5DAAAC}\RP3\A0000025.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:23:23 AM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{81D859D6-F787-4AC2-887F-9BAA6F5DAAAC}\RP3\A0000025.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:23:26 AM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{81D859D6-F787-4AC2-887F-9BAA6F5DAAAC}\RP3\A0000025.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:23:29 AM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{81D859D6-F787-4AC2-887F-9BAA6F5DAAAC}\RP3\A0000025.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:23:32 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:24:33 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:24:45 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:24:58 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:25:12 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:25:24 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:25:36 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:25:49 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:26:05 AM
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:26:17 AM
C:\PROGRA~1\SYNCRO~1\POS\H2O\EMU.DLL W32/Rootkit-Backdoor-based!Maximus Failed to disinfect 9/1/2007 12:27:15 AM

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:11 PM

Posted 02 September 2007 - 07:30 AM

Read the info in the link below.
http://www.bleepingcomputer.com/forums/lof...php/t94317.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:11 PM

Posted 02 September 2007 - 07:38 AM

PC GUARD could be giving you a "False Positive".

OldTimer, one of our Malware Removal Experts, investigated a similar report last year and found no evidence of this infection.

I would suggest keeping an eye on what this software is flagging as infections and do not simply take it for granted that what it is saying is true. If it continues to flag legitimate files as infected files then consider replacing it with a different package.


I have found other cases where PC guard reported files as W32/Rootkit-Backdoor-based!Maximus and they too were false positives.

You can get a second opinion on that file.

Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, click the "browse" button and locate the following file:
C:\PROGRAM FILES\SYNCROSOFT\POS\H2O\EMU.DLL <- this file
Click "Open", then click the "Submit" button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Tom2007

Tom2007
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 02 September 2007 - 09:47 AM

hi, thanks for your replies.

from what ive read in the info you gave me this virus seems to be a 'false positive'. ive ran the file through virus total.com and it came up with no results....although it shows the file as 'emu.ini' rather than 'emu.dll' would this make a difference? heres the results.....

File emu.ini received on 09.02.2007 16:25:42 (CET)
Current status: finished

Result: 0/32 (0%)


I will re-install the nuendo programme and see how it goes

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:11 PM

Posted 02 September 2007 - 02:05 PM

.ini is an Initialization/Configuration File.
.dll is a Dynamic Link Library file; a support file used by one or more programs.

Are you sure you submitted the right file?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Tom2007

Tom2007
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 02 September 2007 - 05:34 PM

hi,

i must have uploaded the wrong file first time around. i have just tried to upload the emu.dll file on virustotal.com and i got this reply
'0 bytes size received / Se ha recibido un archivo vacio'.

i also uploaded it on jottis virusscan and i got this message......
'The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'.

this doesnt seem right to me and i definately uploaded the emu.dll file.

Also, i re-installed nuendo and the virus has come back along with this virus C:\SYSTEM VOLUME INFORMATION\_RESTORE{81D859D6-F787-...\A0000012.DLL just like what happened to the other member on this board when he had the same problem.

what do you suggest next? change my anti-virus perhaps????

thank you for your time an persistance

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:11 PM

Posted 02 September 2007 - 08:20 PM

the virus has come back along with this virus C:\SYSTEM VOLUME INFORMATION\_RESTORE{81D859D6-F787-...\A0000012.DLL

The false positive indicating a virus came back because PC GUARD is detecting it as such.

I don't know much about that particular anti-virus. If its not something you have to pay for, then you may want to considered uninstalling it and replacing with another one.

Free Antivirus programs: (choose and install only one)
AVG Anti-Virus Free - AVG Anti-Virus Free User Manual
Avast - How to Install, Configure, and Use
AntiVir PersonalEdition Classic

Make sure you download a replacement first, disconnect from the net, remove PC Guard, install the new antivirus, connect to the net and update it before doing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Tom2007

Tom2007
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 03 September 2007 - 04:29 PM

ok, thanks for that. i will download a different anti-virus software then. As Pc Guard comes with Firewall and spyware protection i take it i have to down load new software for both of these?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:11 PM

Posted 03 September 2007 - 04:52 PM

See BC's List of Virus & Malware Resources.
See BC's Freeware Replacements For Common Commercial Apps.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Tom2007

Tom2007
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 04 September 2007 - 03:36 PM

quietman, just want to say thanks for helping me with my pc problems. uve been a massive help as not only do i think i have solved my virus problems but i think i am much more protected now. I un-installed pc guard and got AVG anti-virus,spybot S&D,Ad-aware 2007 free edition,outpost firewall free and spyware blaster. ive updated and run all these programes and found about 80 spyware files which are now deleted :thumbsup: ive had the internet since xmas and not once i have updated my system or ran any spyware as i didnt know anything about it, but now i know what to do, so cheers for that! :flowers:
The only thing im concerned about is my firewall as im not sure how to use it properley. when i open outpost firewall and the opening screen comes up, it says i have 21 'open ports'???? when i click on this it gives me a list. what are these 'open ports', are they harmful and do i have to get rid of them?

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:11 PM

Posted 04 September 2007 - 07:01 PM

Using Outpost Free? Read This First!
The Web Hikers guide to Outpost Firewall
How to create rules in Outpost

Understanding and Using Firewalls
Home PC Firewall Guide

A port number is a unique number associated with a process running on a computer. Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic/Private Ports. Default port values for commonly used TCP/IP services have values lower than 255 and Well Known Ports have numbers that range from 0 to 1023. Registered Ports range from 1024 to 49151 and Dynamic/Private Ports range from 49152 to 65535. An "open port" is a TCP/IP port number that is configured to accept packets while a "closed port" is one that is set to deny all packets with that port number. Port Scanning is a technique used by hackers to locate open ports in your computer which they can break into. Malicious programs like viruses and Trojan horses can be introduced into your computer via these open ports. If your PC is sending out large amounts of data, this usually indicates that your system may have a virus or a Trojan horse.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Tom2007

Tom2007
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 05 September 2007 - 02:30 PM

thanks for that. im not really happy with this firewall so ive decided to change it to comodo firewall pro (2.4 i think)
do you have any user guides about this firewall?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:11 PM

Posted 05 September 2007 - 02:46 PM

Comodo Firewall Pro 2.4
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users