mtvdemd.exe problem cpu used 100%

Viruses and worms
1

i’ve problem with mtvdemd.exe in windows xp
this application occupies 100% cpu and creates problem when open applications
not there with search in C and D

but in other antivirus is present , see in virus total :

Antivirus Risultato Aggiornare
AhnLab-V3 - 20120308
AntiVir TR/Offend.kdv.554988 20120309
Antiy-AVL Trojan / MSIL.Agent.gen 20120309
Avast - 20120309
AVG - 20120309
BitDefender Trojan.Generic.KDV.554988 20120309
ByteHero - 20120309
CAT-QuickHeal - 20120309
ClamAV - 20120309
Commtouch - 20120309
Comodo UnclassifiedMalware 20120309
DrWeb rojan.Siggen3.52111 20120309
Emsisoft Riskware.MSIL! IK 20120309
eSafe - 20120308
eTrust-Vet - 20120309
F-Prot - 20120309
F-Secure Trojan.Generic.KDV.554988 20120309
Fortinet W32/Agent.ADRT! Tr 20120309
GData Trojan.Generic.KDV.554988 20120309
Ikarus VirTool.MSIL 20120309
Jiangmin - 20120301
K7AntiVirus Trojan 20120309
Kaspersky Trojan-Dropper.MSIL.Agent.adrt 20120309
McAfee Artemis! 788083FC30F8 20120309
McAfee-GW-Edition Artemis! 788083FC30F8 20120309
Microsoft - 20120309
NOD32 - 20120309
Normanno - 20120309
nProtect Trojan/W32.Small.41984.KI 20120309
Panda Trj / CI.A 20120309
PCTools - 20120228
Prevx - 20120309
Crescita - 20120309
Sophos - 20120309
SUPERAntiSpyware - 20120308
Symantec WS.Reputation.1 20120309
TheHacker Trojan / Agent.adrt 20120309
TrendMicro - 20120309
TrendMicro HouseCall- - 20120309
VBA32 - 20120307
VIPRE Trojan.Win32.Generic! BT 20120309
ViRobot - 20120309
VirusBuster - 20120308

link : https://www.virustotal.com/file/9343c5432689743a510b21b52999446b822e3464f8916ab61039d9648766e8ce/analysis/

thank

2

:slight_smile:
solved with MALWAREBYTES ANTI -MALWARE

3

Can you post the MBAM log please.

Whilst the greatest majority of the detections are either heuristic or generic detections, there are sufficient to warrant its inclusion in the avast definitions.
If you have this in the MBAM Quarantine, you could send the sample to avast for inclusion in the virus definitions.

This would require that it is restored from the MBAM Quarantine to be able to do that, unfortunately MBAM restores to the original folder and you can’t extract to a temp location, so there would be a limited risk of it being active. That would require any associated registry entry or process that starts it to be in place also (why I requested the MBAM log).

If you are willing to do this let me know (and post the contents of the MBAM log) and I will explain the procedure.

4

You have sent a sample of the virus in the laboratory Avast?