odb.exe

Viruses and worms
1

A few weeks ago, I had quite a battle with odb.exe, [I think, this showed up in Hijack This], which is not protected from by avast. It prevented operating the Windows Task Manager, ran in the background, and downloaded and sent out garbage constantly. It was fixed with Malwarebytes Anti-Malware.

Any experience with odb.exe?

2

Hi aj7,

This is the file information: http://www.prevx.com/filenames/2245282487380682173-X1/ODB2EEXE.html
A hijackthis log should be fixed for malicous entries: a 04 for the executable found at C:\WINDOWS\odb.exe,
then a 07 what may look like O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 furthermore two 022 entries somewhat like:
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
After that people had to load up LPfix to be downloaded here: http://cexx.org/LSPFix.exe
Start the program.
Put a tag where it says ‘I know what I am doing’.
Take care that in the right hand window (removal window) are all that directs towards: c:\windows\system32\lspvdm.dll.
(Only those concerning lspvdm.dll are to enter this removal window, nothing else!!!)
Click Finish and restart your computer once more.

So give us a hijackthis log to see if MBAM cleansed all of its traces, download hjt from here:
http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/
onto your desktop and attach the hjt logfile txt in your next posting, and perform the cleansing routine as sketched above,

polonus

3

If you still have a sample of this file - Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.