I am running avast4.6 home. I hadn’t had any problems before instalation until I downloaded some windows updates. I instaled avast and ran a boot scan, and everything was ok for a while. Then I only had a warning when I ran Explorer, but avant which I know uses the explorer files didn’t cause any problems. I went for about a week with no warnings, then I just recently instaled firefox 1.0.4, standard instalation.everythin was fine for a few days, then with either firefox or thunderbird open, and connected to the net, I keep getting virus warnings from Avast antivirus. When I close the dial up connection the warnings stop. If I open the program with no internet connection, the is no problem. I have returned to using Avant and outlook express. Any idea what the problem might be. Should I uninstal then reinstal? Here are the warnings that sh5/27/2005 7:48:45 AM SYSTEM 1240 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appxw.dll[UPX]” file.
5/27/2005 11:17:10 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appxw.dll[UPX]” file.
5/27/2005 11:17:36 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appyj32.dll[UPX]” file.
5/27/2005 11:17:44 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appyq.dll[UPX]” file.
5/27/2005 11:17:57 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appyz32.dll[UPX]” file.
5/27/2005 11:18:04 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appzb.dll[UPX]” file.
5/27/2005 11:18:17 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appzc32.dll[UPX]” file.
5/27/2005 11:18:21 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appzg.dll[UPX]” file.
5/27/2005 11:18:28 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crut32.dll[UPX]” file.
5/27/2005 11:18:37 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\cruv32.dll[UPX]” file.
5/27/2005 11:18:44 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\cruz32.dll[UPX]” file.
5/27/2005 11:18:52 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crvc32.dll[UPX]” file.
5/27/2005 11:18:59 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crve32.dll[UPX]” file.
5/27/2005 11:19:05 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crvf.dll[UPX]” file.
5/27/2005 11:19:11 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crvh32.dll[UPX]” file.
5/27/2005 11:19:17 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crvl.dll[UPX]” file.
5/27/2005 11:19:23 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crvq32.dll[UPX]” file.
5/27/2005 11:19:33 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crvt32.dll[UPX]” file.
5/27/2005 11:19:38 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crwg32.dll[UPX]” file.
5/27/2005 11:19:44 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crwi32.dll[UPX]” file.
5/27/2005 11:19:54 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crwj32.dll[UPX]” file.
5/27/2005 11:20:06 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crwr32.dll[UPX]” file.
5/27/2005 11:20:13 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crww32.dll[UPX]” file.
5/27/2005 11:20:21 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crxm32.dll[UPX]” file.
5/27/2005 11:20:31 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crxr32.dll[UPX]” file.
5/27/2005 11:20:54 PM Family 1248 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\crxx32.dll[UPX]” file.
5/28/2005 5:02:00 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appxp.dll[UPX]” file.
5/28/2005 5:02:25 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appxq.dll[UPX]” file.
5/28/2005 5:02:34 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\appxr.dll[UPX]” file.
5/28/2005 5:02:44 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\cryj32.dll[UPX]” file.
5/28/2005 5:23:59 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipic.dll[UPX]” file.
5/28/2005 5:24:10 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipif32.dll[UPX]” file.
5/28/2005 5:54:22 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\System Volume Information_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP314\A0028361.dll[UPX]” file.
5/29/2005 12:43:16 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\System Volume Information_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP314\A0028362.dll[UPX]” file.
5/29/2005 7:56:24 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\System Volume Information_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP314\A0028363.dll[UPX]” file.
5/29/2005 2:00:12 PM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\System Volume Information_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP314\A0028364.dll[UPX]” file.
5/30/2005 12:55:16 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipix32.dll[UPX]” file.
5/30/2005 12:55:29 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipjt32.dll[UPX]” file.
5/30/2005 12:55:36 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipjw32.dll[UPX]” file.
5/30/2005 12:55:42 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipkb32.dll[UPX]” file.
5/30/2005 12:55:49 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipkh.dll[UPX]” file.
5/30/2005 12:56:00 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipki32.dll[UPX]” file.
5/30/2005 12:56:07 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipkk32.dll[UPX]” file.
5/30/2005 12:56:13 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipkl.dll[UPX]” file.
5/30/2005 12:56:14 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipkx.dll[UPX]” file.
5/30/2005 12:56:17 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipky.dll[UPX]” file.
5/30/2005 12:56:30 AM Family 1264 Sign of “Win32:Trojano-173 [Trj]” has been found in “C:\WINDOWS\system32\ipla.dll[UPX]” file.
owed up:
I posted this on Mozilla Zines forum and they refered me here. Any ideas?. I downloaded hyjackThis but haven’t installed it yet/
Do you use a firewall? If no then download one immediately.
You should also check your computer from spyware, download update and run Ad-awareSE and spybot S&D.
after doing these you should post your Hijackthis log here for further analysis
If you haven’t already got this software (freeware), download, install, update and run it.
I installed, updated and ran those programs as administrator. Here is the hijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 10:07:03 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wflxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wflxg.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wflxg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wflxg.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wflxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = “C:\Program Files\Outlook Express\msimn.exe”
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar8.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar8.dll
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [UpdateManager] “c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h
O4 - HKLM..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar8.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar8.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar8.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page… - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar8.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar8.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Thanks for the continuing help, I’m sort of lost here.
You are running an old and insecure version of Java!
You need to install the latest version and uninstall the old version (that’s important as it isn’t automatically uninstalled) immediately.
Download the latest version of Java here:
http://java.sun.com/j2se/1.5.0/download.jsp
Uninstall the 1.4.2_03 version using Start>Control PanelAdd/Remove
More details here:
http://www.geocities.com/dontsurfinthenude/java.htm
HijackThis log file analysis highlights Remind_XP.exe as a virus: it can be a legitimate process:
http://www.liutilities.com/products/wintaskspro/processlibrary/Remind_XP/
You could double check the file by uploading it here for analysis: