Hi guys, I had a question concerning something that popped up inside my behavior shield earlier today and wanted to ask for some advice/knowledge.
I often don’t get a lot of activity in the Behavior shield tag but I noticed today that there is a cbsprovider.dll file listed as the last activity which I have not seen before. It appears to be in the Appdata\local\temp folder.
Earlier today I ran a disk clean with the Windows 7 disk cleanup tool which I do every so many weeks and I was just wondering if this was normal in the behavior shield.
I was wondering if anyone knew what cbsprovider was, I searched for stuff on google and didn’t seem to dig up much that I wanted to go clicking about on. Just know it’s something to do with OS, I presume.
Would appreciate if anyone could give me some help.
CbsProvider.dll is a DLL file that is responsible for DISM Package Provider component on Windows systems like Windows 7 Professional Edition 64-bit. It was created on 7/13/2009 4:18:51 PM, size is 499712 bytes and version is 6.1.7600.16385.
CbsProvider.dll can be infected by virus Backdoor: Win32/Banito.1_0 that spreads through the social network Tagged for downloading and installing malware Program: Win32/Advspydetect the affected machines.
Once infected, the file path CbsProvider.dll be re-defined as:
C: \ WINDOWS \ System32 \ Dism \
And software like PC game Heroes of Might and Magic III: Armageddon’s Blade, Web browser RockMelt 0.9.64.273 Comodo Antivirus or antivirus can not start up, along with the error message
CbsProvider.dll is missing or was not found.
When you restart the computer, you receive CbsProvider.dll blue screen of death (BSOD), along with the error code stop:
0X9849844
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners ( if scanned before click new scan)
post link to scan result here for us to see
I went and did a scan on 4 different objects which appeared to be in the appdata folder called cbsprovider.dll, two were Mui files and the other 2 app extensions. I can confirm that for each on virustotal.com in the analysis for each it had 0 for results against the list of malware scanners… am I to presume this means I am worrying over nothing?
My first question would be:
Are you using any of the programs mentioned in the description ?
If no, then worry. If yes, then there probably isn’t anything to worry about.
To be 100% sure, you can always follow the instructions outlined at: http://forum.avast.com/index.php?topic=53253.0
Sorry, here are the links to the analysis pages for the 4 items in the order that I mentioned before, pretty sure that they are doubled with the same origin date.
Isn’t the program just part of Windows 7? Because there’s nothing in my programs actually related to them.
I’ve figured out what seems to trigger it’s appearance in Behaviour Shield, cbsprovider.dll seems to pop up whenever I perform a diskclean using Win7’s option in preferences. Also when I run Malwarebytes AM, is this normal?
Is there a way to delete these temp files in Win7 without ccleaner? Or would you guys just recommend that I go and download ccleaner to save the bother?
Be aware that CCleaner install offers other software install that may not be wanted. Be sure to watch the install and opt out if you don’t want it. The Slim version that has no added software is available at the bottom of the page at http://www.piriform.com/ccleaner/builds.
Can I ask exactly what the Behavior shield does? It’s one of the parts of avast the seems to have me checking it every so often out of bother, in the past week or so I’ve noticed it is having blips of activity. In a session yesterday there was 11 entries (after a windows update). Today there have been 2 (this session) and it appears to be from a location i’ve not seen appear on the Behavior shield before.
it was in the assembly/native images area of the computer, system.windows.form I believe.
I also did some sleuthing on the internet concerning that and after doing a custom scan on the system I got a rather interesting result.
It’s reason being “parameter is incorrect (87)” and it appears to indicate it as being at "Disk\?\Volume{…?}{+}{+} Boot Record (the…being a load of numbers and letters, not sure if I should post them too, since i’m not entirely sure what it is). Can anyone explain to me what this means?