Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Drvbug.dll


  • Please log in to reply
3 replies to this topic

#1 InsertNameHere

InsertNameHere

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Argentina
  • Local time:01:18 PM

Posted 13 March 2008 - 01:20 PM

Panda told me it was a dialer, and I'm just wondering if I should actually delete it, since I haven't found anything about it being/not being a virus on the web. :/ It's in C:\WINDOWS\system32

Edited by InsertNameHere, 13 March 2008 - 01:23 PM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:18 AM

Posted 13 March 2008 - 02:02 PM

I'm finding references that it may be malware. Get a second opinion.

Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of drvbug.dll and submit (upload) it for scanning/analysis.
-- Then post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 InsertNameHere

InsertNameHere
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Argentina
  • Local time:01:18 PM

Posted 13 March 2008 - 02:17 PM

Virus total:
MD5: 4edb6164a3cfc9d313f933d42bddbc7b
Fecha: 07.03.2008 16:46:04 (CET) [>6D]
Resultados: 26/32
Permalink: analisis/65ec0b18ce55770abe168e13bf7b41c1

AhnLab-V3 2008.3.4.0 2008.03.07 Win-Trojan/Dialer.18944.O
AntiVir 7.6.0.73 2008.03.07 TR/Crypt.PEC2X.Gen
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.07 Win32:Dialer-1298
AVG 7.5.0.516 2008.03.07 Dialer.28.AS
BitDefender 7.2 2008.03.07 Trojan.Mezzia.Gen
CAT-QuickHeal 9.50 2008.03.06 Trojan.Dialer.yz
ClamAV 0.92.1 2008.03.07 -
DrWeb 4.44.0.09170 2008.03.07 Trojan.Fakealert.434
eSafe 7.0.15.0 2008.03.06 Win32.Dialer.yz
eTrust-Vet 31.3.5595 2008.03.07 Win32/Aflac.Q
Ewido 4.0 2008.03.07 -
FileAdvisor 1 2008.03.07 -
Fortinet 3.14.0.0 2008.03.07 W32/DIALER.YZ!tr
F-Prot 4.4.2.54 2008.03.07 W32/Trojan2.UNX
F-Secure 6.70.13260.0 2008.03.07 W32/Dialer.BYWL
Ikarus T3.1.1.20 2008.03.07 Trojan.Mezzia.CY
Kaspersky 7.0.0.125 2008.03.07 Trojan.Win32.Dialer.yz
McAfee 5246 2008.03.06 Generic.dx
Microsoft 1.3301 2008.03.06 Trojan:Win32/Adialer.OP
NOD32v2 2930 2008.03.07 Win32/TrojanDownloader.FakeAlert.AJ
Norman 5.80.02 2008.03.06 W32/Dialer.BYWL
Panda 9.0.0.4 2008.03.06 Dialer.LAU
Prevx1 V2 2008.03.07 Dialer.28.AS
Rising 20.34.42.00 2008.03.07 -
Sophos 4.27.0 2008.03.07 Mal/Generic-A
Sunbelt 3.0.930.0 2008.03.05 Trojan.Mezzia.Gen
Symantec 10 2008.03.07 RazeSpyware
TheHacker 6.2.92.236 2008.03.07 Trojan/Dialer.yz
VBA32 3.12.6.2 2008.03.05 Trojan.Win32.Dialer.yz
VirusBuster 4.3.26:9 2008.03.07 -
Webwasher-Gateway 6.6.2 2008.03.07 Trojan.Crypt.PEC2X.Gen

Jotti:
Service load: 0% 100%

File: drvbug.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 4edb6164a3cfc9d313f933d42bddbc7b
Packers detected: Analyzing...
Bit9 reports: File not found

Scanner results
Scan taken on 13 Mar 2008 19:12:04 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.PEC2X.Gen
ArcaVir Found Dialer.Yz
Avast Found nothing
AVG Antivirus Found Dialer.28.AS
BitDefender Found Trojan.Mezzia.Gen
ClamAV Found nothing
CPsecure Found Troj.W32.Dialer.yz
Dr.Web Found Trojan.Fakealert.434
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Dialer.yz
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Dialer.yz
NOD32 Found Win32/TrojanDownloader.FakeAlert.AJ
Norman Virus Control Found W32/Dialer.BYWL
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan.Win32.Dialer.yz


So I'll go ahead and delete it, right?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:18 AM

Posted 13 March 2008 - 05:55 PM

Download FileASSASSIN.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP/Vista only).
  • Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
  • Open the folder and double-click on FileASSASSIN.exe.
  • Select the bad file to delete by dragging it onto the text area or select it using the (...) browse button.
  • Select a removal method. Start with the default "Attempt FileASSASSIN's method of file removal"
  • Click delete and the removal process will begin.
  • If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."
Note: If you cannot find the file(s), you may have to Reconfigure Windows XP to show hidden files, folders.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users