Authentium AntiVirus SDK-2

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by waddi, Jan 18, 2008.

  1. waddi

    waddi Private E-2

    This intruder in Program Files/Common Files/Authentium, with an associated service called DvpApi, is a beast. It can be deleted in Safe Mode but always reinstates itself. I found a thread in this forum, January 2007, ~e5.001, which included from TimW a detailed removal procedure. I tried this, but none of the system scan items and none of the clipboard items to be deleted from Killbox were there, and it does not appear in Add/Remove Programs. Perhaps it has been updated!

    Can any expert help?
     
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!

    As all PCs and setups, plus some malware mutates and creates different file names please follow the below....

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is not a an intruder or a beast! It is a legitimate antivirus program! You probably installed it yourself by using a load of junk from your ISP.
     
  4. waddi

    waddi Private E-2

    I certainly did not consciously install it. What legitimate anti-virus program cannot be uninstalled?
     
  5. waddi

    waddi Private E-2

    If it is legitimate, there is no point in making logs, but consider:
    I recently reinstalled Windows XP and I have been proceeding with much care.
    Authentium appeared the day I downloaded Roxio EMC 10 from another site.
    Since then the Windows Logon screen has appeared on start-up, though there has never been more than one user.
    The US NVDatabase relates Authentium to hacking.
    Authentim did not tell me it was installing itself.
    Major Geeks advises not running two anti-virus programs at once.
    I cannot uninstall it.
    I don't download gunk. I spend some time removing gunk from other people's computers.
    I still have the problem.
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you don't run the READ & RUN ME and attach the logs there is no way for us to really know what is going on with your PC. All I can tell you is that Authentium Command Antivirus is a real program and is often installed when users install software from their ISPs but that is not the only place it comes from. DvpApi.exe is the file associated with the service that runs Command AV. You can read about it anywhere on the internet. Here are few examples:

    http://www.castlecops.com/o23list-471.html

    http://www.greatis.com/appdata/a/d/dvpapi.exe.htm

    http://www.liutilities.com/products/wintaskspro/processlibrary/dvpapi/

    And then you can go to the company itself:

    http://www.authentium.com/command/
     
  7. waddi

    waddi Private E-2

    I have gone through the full Malware Removal procedure and have the attachments ready. I tried your references, downloaded Unhack Me, but it didn't help. I have now e-mailed Authentium asking for help. If Authentium can't help, I will send the logs.
    What is malware? Something I didn't ask for it, don't want, but can't get rid of - isn't that a fair definition?
     
  8. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Yes exactly the right definition of malware.

    But as Chaslang mentions, ISPs do give out free vesions of security software with their packages and this could be part of that, sadly unkess your really alert they install these as default, whcih can at times mess with your own installed default security software.

    So the logs are important to narrow down the problem,
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Malware is a term derived from Malicious Software.

    Authentium Antivirus is not malicious software.

    I'm not sure why you simply refuse to attach the logs we requested. We cannot help you unless you help us to help. If you are simple trying to remove Authentium's software and cannot do it via Add/Remove programs (it could be hidden under another name due to how your ISp installed it) it can normally be removed manually by removing the service and then the files and registry keys. UnhackMe is not going to help you. Neither is anything else except our logs. This is not a malware problem. It is no different than the dozens of times per week where people still have Norton/Symantec software trying to run even though they believe they uninstalled it.

    If you do not attach your logs to your next message, this thread will be closed as it is a waste of our time to continue.
     
  10. waddi

    waddi Private E-2

    Authentium replied to my email as follows:
    "Authentium supplies security software and software development kits (SDKs) to many companies including various internet service providers (ISPs). Installing a Security Suite from an ISP is the likely source of the Authentium components. Please contact the ISP where the Security Suite was installed from for support and assistance with this issue." I am continuing enquiries. Meanwhile I attach the logs. Spybot found nothing, AVG Anti-Spyware gave me no report although the required box was ticked and still is (it found 12 items of which 7 were Tracking Cookies and the others not shown). Instead of an AVG report I have attached the .inf file from the Authentium AntiVirus SDK-2.
     

    Attached Files:

    • log.txt
      File size:
      16.8 KB
      Views:
      3
  11. waddi

    waddi Private E-2

    It looks as though only one attachment got through. Here are the other two.
     

    Attached Files:

  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are missing one of the required logs from inside of MGlogs.zip. It attempts to run a process named analyse.exe when you ran MGtools.exe. This analyse.exe file is really HijackThis renamed to allow it to properly scan in the presence of certain malware. The log from it was not put into MGlogs.zip. If this was the first time ever that you had installed this version of HijackThis from TrendMicro, a popup may have occured mentioned a license that you have to approve. Did you accept the license so that it could install and run? It looks to me that you denied it since the TrendMicro HijackThis version 2.0.2 is not in your installed program list.

    Please run the F:\MGtools\GetLogs.bat file by double clicking on it and then attach the new H:\MGlogs.zip file that is created. Make sure you accept the license for HijackThis and allow it to run this time.


    When I look in your newfiles.txt log which is in the MGlogs.zip file, I see the below in your uninstall programs list:

    Authentium AntiVirus SDK - 2

    If you do not want this installed, have you look for the above in Add/Remove programs and uninstalled? Or are you saying it no longer appears. If it does not appear it is quite possible that as I already stated (and so did Authentium) that it is part of a package from your ISP (Virgin Broadband). I see the below which I would bet are all from your ISP:
    It could be that the RPS Antivirus (and RPS stands for RadialPoint Software) is really Authentium. According to your logs it was either installed or update around Jan 18, 2008.
    Code:
    "F:\Program Files\Common Files\"
    AUTHEN~1      18 Jan 2008              "Authentium"
     
  13. waddi

    waddi Private E-2

    Thanks for the useful info. I have asked Virgin Media about it, but no reply so far.
    Meanwhile I ran GetLogs.bat as requested and attach the new MGLogs.zip, but I was never asked to approve a licence. I do, though, have HiJack This v 1.99.01 in Program Files on Drive D.
    I then deleted MGTools and MGtools.exe, reinstalled them and started again. Still no licence message. I attach the second MGLogs.zip as well. I see analyse.exe is in MGTools.
     

    Attached Files:

  14. waddi

    waddi Private E-2

    I should have mentioneed that while MGTools.exe was running, I saw "Could not find path specified" when it was tackling GetUnKey.
     
  15. waddi

    waddi Private E-2

    Why now! Having just gone through the Malware Removal procedure in connection with Authentium, I have been struck by UiPopUphidden (message shows on Shutdown), the subject of another thread. I have been having "Not responding" errors, which I think are down to that malware. If anything relevant shows in the logs I have attached earlier, please say.
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is an old out of date version of HijackThis and you don't want to use it especially if the HijackThis.exe program has not been renamed.

    Your MGlogs.zip file still shows that analyse.exe (HijackThis) is not being run properly.

    Goto to C:\MGtools and double click on analyse.exe
    What happens?
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You do not have malware. You have a problem with your antivirus program. That UiPopUphidden message has often been seen due to Freedom AV being installed and this is what the software that Virgin installed on your PC uses. See the PC Guard software. Uninstall this software and your problem will go away. Otherwise speak to Virgin about getting an update that fixes the problem.

    Are the Virgin PC Guard and RPS software two different and unrelated programs. If so, one of them should be uninstalled anyway since that would mean you have multiple antivirus programs installed.

    We are finished here because you are not having malware issues. You are having issues with the software you have installed.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds