I just installed Avast today and about 3 minutes later I got a popup saying a trojan was detected and deleted. Now, everytime I start up my laptop I get an error message popup saying “there was a problem starting c:\Users\xxxxx\AppData\Local\BthcfgLite\nsPathapi.dll - The specified module could not be found”, which was the file that was deleted by Avast.
Any idea what this was, or how I can stop this message from popping up every time I boot? I’ve searched for this file to try and find the program it’s associated with but my search turns up zero results. Thanks!
If I am not mistaken, that dll belongs to Java. Try reinstalling Java. Make sure you get the newest version.
EDIT : The information given at the below link is a little different. In the post at the link below, you say that avast quarantined the file. If that is true, then the file would still be in the Virus Chest and might be restored. Is it still there? http://www.bleepingcomputer.com/forums/topic368760.html
Thanks Charley. Yes, it is still there. I installed Avast for the first time yesterday and ran a manual scan, which returned 2 results for trojans… the file in question as well as msocfg32.exe. I quarantined them both and the popup started @ bootup, so I did a system restore and reinstalled Avast earlier today. That’s when I got the taskbar popup that said the file was (detected/quarantined) and deleted.
EDIT: If I restore this file, that should solve the problem, but won’t it just get quarantined again the next time it tries to run? Also, I think it may possibly be part of a browser hijacker I’ve been having problems with in Firefox. I believe the notification of quarantine occurred when I was doing a Google search, and the hijacker would take me to pages that weren’t the page my search results said they were. If that’s the case, I’d like to delete whatever it is that the file is associated with as well so I don’t have the hijacker and I don’t get the “failure to start” popup either.
POSTEDIT: When I search Google for “BthcfgLite” with the quotes, this page and the page you mentioned of my other post are the only 2 results that come up. Is it possible if I delete this folder that contains the nsPathapi.dll file that might stop the popup I’m getting? It seems to me if I’m the only person on the Internet that’s mentioned this folder it can’t be something that belongs to any legit programs. Or could it be autogenerated by a legit program?
You could check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner ( http://www.virustotal.com/ ) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
I did not find anything in Google.
Seems a false positive (and companies mimic the others detection on VT). But, it’s difficult to say as I can’t find any legit program that uses that BthcfgLite folder…
Maybe someone with more experience could help us.
Well, the folder name alone is highly suspicious…!!!
Run free Mbam to get a second opinon…! http://www.malwarebytes.org/mbam.php
Update it before scanning and post the log here afterwards.
asyn
Ikarus (and Emsisoft with its Ikarus engine) and COMODO and avast! says that it is a trojan named sefnit. So I would say all three detections are the same. So I think that isn’t a false positive.
I’ve ran mbam a few times already over the past week or so and it hasn’t found any malicious files… this was even before I quarantined the file in question. I can restore the file to it’s original location and give it another shot though. I’ll do a manual update of mbam first.
Below are the results of a full scan with mbam… I forgot to restore the file to it’s original location, but then I realized it’s still in C:\Suspect folder so it should have caught it there. Again, nothing malicious.
No, I don’t use bluetooth, but that doesn’t mean my laptop didn’t come with bluetooth software.
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
I restored the file to it’s original location before I ran mbam but it’s still showing up in the vault. I tried again to make sure it went through and was told the file already existed, so it is there. I also ran mbam a few times before I installed Avast and it came back negative then as well.
Here are my OTL logs… I had to host them on one of my domains as they were too large to post here:
The folder seems to have been created the night I installed Flip Video (though a few hours later), which is a software program that edits video taken from Flip camcorders. I wonder if it is a part of that program… or possibly a file converter I downloaded to change my mp4 files to flash video files.
This component is part of BlueSoleil Bluetooth Plug and Play Module
Component Name: btpcfg.dll
Description of : BlueSoleil Bluetooth Plug and Play Module, from IVT Corporation, is an application used by systems to form networks wirelessly.
Recommendation for :
NA
Trusted: Yes
Trojan: No
Chronic: No
Adware: No
Carrier: No
Browser Hijacker: No
Dialer: No
Commercial Keylogger: No
Remote Administration Tool: No
Suspected: No
Company Name: IVT Corporation
Platforms Affected:
Methods of Distribution: NA
Variants/Versions:
Release Date: NA
btpcfg.dll does look a lot like it’s related to BthcfgLite. Definitely looks like a bluetooth name after seeing that. BthcfgLite = bluetoothconfig lite?
The only thing that puzzles me is that it was created only a few weeks ago and I never installed any bluetooth related software. ???
It may not be particularly relevant to this particular problem (then again, it might be) but simply disabling one AV while running another is not adequate.
Norton has to be uninstalled, and then the removal tool run, before anything either installed AV reports can be taken seriously.
Conflicts are almost certain, even with one disabled, sooner or later.
After this, you may need to do an Avast Repair since you had 2 AV’s on your machine:
Go to Control Panel > Add/Remove programs > Avast Antivirus.
Scroll down and choose Repair function in the pop-up window.
Reboot.
If Avast still is giving you FP’s or not working correctly, you may need to uninstall and do a clean install using the Avast Uninstaller Utility tool to uninstall: http://www.avast.com/uninstall-utility.
Please let us know if you have any questions. Thank you.
