Antivirus 2009 POP ups HJTLog Attached

  1. 17-09-2008  #11
    VopThis
    VopThis is offline Senior Member (Canada)

    Re: Antivirus 2009 POP ups HJTLog Attached

    Submit files to VirusTotal

    Go to VirusTotal - Free Online Virus and Malware Scan
    Copy each of the following lines into the white textbox:
    • > [locate Full Path]\Suspect File<

      %systemroot%\system32\tscupgrd.exe
      [locate Full Path]\mguutw.dll
    Click Send.
    Please post the results of each scan to this thread.

    If VirusTotal's service load is too high, you can use the following scanner instead:
    Online malware scan

  3. 18-09-2008  #12
    dotcomphilly
    dotcomphilly is offline Junior Member
    File tscupgrd.exe received on 09.05.2008 20:18:42 (CET)
    Current status: finished

    Result: 0/36 (0.00%)
    Compact Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2008.9.5.1 2008.09.05 -
    AntiVir 7.8.1.28 2008.09.05 -
    Authentium 5.1.0.4 2008.09.05 -
    Avast 4.8.1195.0 2008.09.05 -
    AVG 8.0.0.161 2008.09.05 -
    BitDefender 7.2 2008.09.05 -
    CAT-QuickHeal 9.50 2008.09.02 -
    ClamAV 0.93.1 2008.09.05 -
    DrWeb 4.44.0.09170 2008.09.05 -
    eSafe 7.0.17.0 2008.09.03 -
    eTrust-Vet 31.6.6071 2008.09.05 -
    Ewido 4.0 2008.09.05 -
    F-Prot 4.4.4.56 2008.09.04 -
    F-Secure 8.0.14332.0 2008.09.05 -
    Fortinet 3.14.0.0 2008.09.03 -
    GData 19 2008.09.05 -
    Ikarus T3.1.1.34.0 2008.09.05 -
    K7AntiVirus 7.10.443 2008.09.05 -
    Kaspersky 7.0.0.125 2008.09.05 -
    McAfee 5378 2008.09.05 -
    Microsoft 1.3903 2008.09.05 -
    NOD32v2 3419 2008.09.05 -
    Norman 5.80.02 2008.09.05 -
    Panda 9.0.0.4 2008.09.05 -
    PCTools 4.4.2.0 2008.09.05 -
    Prevx1 V2 2008.09.05 -
    Rising 20.60.42.00 2008.09.05 -
    Sophos 4.33.0 2008.09.05 -
    Sunbelt 3.1.1610.1 2008.09.05 -
    Symantec 10 2008.09.05 -
    TheHacker 6.3.0.8.072 2008.09.04 -
    TrendMicro 8.700.0.1004 2008.09.05 -
    VBA32 3.12.8.5 2008.09.05 -
    ViRobot 2008.9.5.1365 2008.09.05 -
    VirusBuster 4.5.11.0 2008.09.05 -
    Webwasher-Gateway 6.6.2 2008.09.05 -
    Additional information
    File size: 44544 bytes
    MD5...: 20ee93bbafd755e7889a1b27cac6b8d3
    SHA1..: 9bfdc76346ff34e6fe526b85c5829184eddd9aa2
    SHA256: 53aea217fda82348822578113ce678dca76f34fa49408e2b5b 72464eb8642175
    SHA512: 6ae700b5ec9612d24aa4e333b51601aaf9690c988fd6679b40 68f8c8b932092c
    a3e6358372b0a9eadc4a227c5ff48409ec2837fe6d1092c63d cafb07d42eda01
    PEiD..: -
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x100264f
    timedatestamp.....: 0x41107b3a (Wed Aug 04 05:59:22 2004)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x9616 0x9800 6.32 ac5dc3ec958e41a64a581efae3dd1879
    .data 0xb000 0x23f8 0xc00 2.05 699e1e76645841fdfe7c9c25553be92d
    .rsrc 0xe000 0x4b8 0x600 2.76 bf3f06f2ee35212448505736feec65d0

    ( 6 imports )
    > ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyW
    > KERNEL32.dll: GetLastError, SetFilePointer, CreateFileW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCommandLineA, GetVersionExA, ExitProcess, GetProcAddress, GetModuleHandleA, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsFree, SetLastError, TlsSetValue, TlsGetValue, TlsAlloc, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LeaveCriticalSection, CreateProcessW, LoadLibraryA, HeapAlloc, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, VirtualAlloc, HeapReAlloc, RtlUnwind, InterlockedExchange, VirtualQuery, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, VirtualProtect, GetSystemInfo, FlushFileBuffers, CloseHandle, FreeLibrary, FindFirstFileW, GetFileAttributesW, SetFileAttributesW, DeleteFileW, FindNextFileW, FindClose, RemoveDirectoryW, lstrcpyW, WriteFile, EnterCriticalSection, LoadLibraryW
    > USER32.dll: LoadStringW
    > SHELL32.dll: SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHFileOperationW
    > msi.dll: -, -
    > ole32.dll: CoUninitialize, CoCreateInstance, CoInitialize

    ( 0 exports )


    can't locate the dll file to upload it.

    Thanks
  4. 21-09-2008  #13
    VopThis
    VopThis is offline Senior Member (Canada)
    Tscupgrd.exe is normally related to 'terminal services' which is likely what you have.




    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O20 - AppInit_DLLs: mguutw.dll

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.




    Let us know if you are having any further issues.
  5. 22-09-2008  #14
    dotcomphilly
    dotcomphilly is offline Junior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Thanks all is well so far.

    Appreciate the help.
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« CiD Popups | [RESOLVED] Dreaded CiD & Malware »