Avast has reported a suspicious file
C:\Windows\system32\nvvsvc.exe
Action to take please advise. (Still onscreen)
Hi CaSPeRr,
Description: File nvvsvc.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 118,784 bytes (57% of all occurrence), 196,608 bytes.
The program is not visible. The file is not a Windows core file. Therefore the technical security rating is 31% dangerous.
Some malware camouflage themselves as nvvsvc.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the nvvsvc.exe process on your pc whether it is pest against virustotal.com
Check the file against these hashes here: http://www.pcpitstop.com/libraries/process/i/nvvsvc.exe.html
polonus
Do you have an nvida graphics chip/card as this file is associated with that (not that simply being called that file name doesn’t mean it’s true) ?
When was this detected (about 8 minutes after boot) ?
If so allow it to be sent to Alwil software (avast) for further analysis, if it is just reported as suspicious it would recommend Ignore as the option.
Was this what the wording was like ? :
- “A suspicious file has been detected (using a heuristic method). This may be a sign of malware infection. Please allow the file to be submitted to our virus lab for analysis.”
It may be the new TDSS variant
http://www.geekstogo.com/misc/guide_icons/gmer.png
GMER Rootkit Scanner - Download - Homepage
[] Download GMER
[] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED …
[] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg
Click the image to enlarge it
[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.
I have attatched the GMER SCAN FILE and HIJACKTHIS SCAN FILE.
Also have done a avast boot scan and nothing showed up.
I could not copy and paste the text.
GMER is clean
Lets run MBAM to see if it discovers anything - but I believe David may be right
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.