Is this any thing to worry about

HI how is it going today. I have a Windows 7 home premium computer and recently the person who uses it said that it seemed slow to him so today I download the lasted version of Hitman pro. I then scanned the following computer and something came up in the results here is the information below:

name of file: nisdt.dll

Location of file:
c:\users\gary\AppData\local\temp according to hitman pro this file is Suspicious

What I would like to now if this is a sign of an infection.

Thanks very much

the way to find out… upload to www.virustotal.com

I am sorry I do not now how to do this type of thing could please give me more details on how I am suppose to do this.

Thanks

how to.
http://m.youtube.com/watch?v=TFSmJaiO_G0

http://m.youtube.com/watch?v=ex4rGXhiqq0

http://m.youtube.com/watch?v=NdMxh2qaehU

HI The issue I am having is when hitman pro got done scanning and the above file came up suspious I had trouble finding the file on the computer. I was also wondering would it just be easier to put the logs to clean this computer in this topic.

Thanks

You can click on the right in hitman pro where stands quarantine, deleteor ignore, click on that and you can go
in the dropdown menu directly to the file. Then you can move or copy it to your desktop so you find it later.
And then you can upload it to Virustotal.com. :wink:

If you want you can post the link of the scan here. (In Adress bar)

HI Tried to run Hitman pro twice it froze the first time before it even got done it was stuck on 32% and it would not go any where so I did a hard shut down and restarted the computer once again then I re started Hit man pro again this time it got to 66% and then it froze again so I tried to exit hitman pro and it said cancelling but nothing happened. Then here is the strange part the fans on the computer started to go and the motor or what ever stated to go faster and faster. I was just wondering can this also be a sighn of a virus. The only way I could exit out of hitman pro because it did freeze a second time was to do a nother hard shutdown. What should I do should I be concerned that this computer could have an infection on it especially when the motor starts going faster this is an inclosed tower everything is in the tower itself.

Windows home Premium 32 Bit system

Then go to the Location: c:\users\gary\AppData\local\temp

To see the folder go on the botten left to organize and choose Folder and search options.
There should be a list in one of the tabs, somewhere at the end of that list tick show hidden files and folders, now you should see the folder.

HI then what do I do with the folder if I take it off the computer will it do anything to the computer at all.
thanks.

Just take the detected File out of the folder to your desktop.
Then go to virustotal and scan it.4

name of file: nisdt.dll

You can search on the top right.

HI I did what you said in your last reply but I am having trouble finding the folder name it is a lot of files and I am not sure of the folder to get. Is their a simper way to find this folder.

thanks

HI I was wondering can I just submit the logs for malware cleaning and would any of those logs show the file folder or file that is suspious.

thanks

I must say that I do not understand what folder to go into and what name I am looking for

  1. Open Start menu
    2.Click on computer
    3.Double click on the hard drive that is named with (C:) at the end
  2. Double click on users
    5.Double click on gary
    6.Double click on AppData
    7.Double click on local
    8.Double click on temp(folder)
    9.Write or copy and paste file name in the search box in the top right.
    The file name is nisdt.dll
    10.Copy the file to your desktop (right click on the file and copy, go to your desktop right click and paste.
  3. Go to Virustotal.com in your browser
    12.In the middle is a bar with says no file selected, at the right of the bar is a button “choose file”, click on it.
    13.Select desktop on the left
    14.Choose the file and click open on the bottom left
  4. Click on the big blue button below that says scan it!
  5. If a window opens up that the file already has been analysed, click on reanalyse.
  6. Wait till the file has been analysed.
    18.Copy the link in the address bar to your next post, the link looks like this:

https://www.virustotal.com/it/file/8245c3b228da33ff60afc9c94e2daa1b7c080da73c8484c6805ae05c8148f2b7/analysis/

  1. For some reason Virustotal is in Italian for me right now, i dont know why. :o
19. For some reason Virustotal is in Italian for me right now, i dont know why.
you can change language in top right corner of VT site....where you see the flag

HI if I download otl and submit the logs in this thread would the otl logs be able to tell the malware expert anything like if their is a virus on this computer at all.

Thanks

Yes they can tell them.

Follow this Guide: http://forum.avast.com/index.php?topic=53253.0

When done they will be notified. :wink:

HI Steven thanks for your help and advice

HI I just thought I would let the malware expert now that I downloaded Aswmbr to a usb stick first and then tried to run it on Windows 7 home premium computer and it crashed this computer if you want me to run it for some reason let me now please this computer is really slow and I want to be sure it has not got a virus or malware currently on it.

I have all the logs except the above program logs.

Thanks

Probably just needs a good tidy up and a disc defragment

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z5xdm013YYca&ptnrS=Z5xdm013YYca&ptb=270B9E54-221E-40D8-9222-8A586FD3D9E8&ind=2011081203&n=77dea9f3&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3820247636-946552630-513738638-1000\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z5xdm013YYca&ptnrS=Z5xdm013YYca&ptb=270B9E54-221E-40D8-9222-8A586FD3D9E8&ind=2011081203&n=77dea9f3&psa=&st=sb&searchfor={searchTerms}
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2010/07/09 22:31:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/05 13:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/01 01:40:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3820247636-946552630-513738638-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3820247636-946552630-513738638-1000\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3820247636-946552630-513738638-1000..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe File not found

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

HI Esseboy just wanted to double check the fix is for Windows 7 home premium correct.

Thanks