MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 01-18-08, 11:57
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Question Authentium AntiVirus SDK-2

This intruder in Program Files/Common Files/Authentium, with an associated service called DvpApi, is a beast. It can be deleted in Safe Mode but always reinstates itself. I found a thread in this forum, January 2007, ~e5.001, which included from TimW a detailed removal procedure. I tried this, but none of the system scan items and none of the clipboard items to be deleted from Killbox were there, and it does not appear in Add/Remove Programs. Perhaps it has been updated!

Can any expert help?
Sponsored links
  #2  
Old 01-18-08, 12:56
DavidGP's Avatar
DavidGP DavidGP is offline
MajorGeeks Forum Administrator - Grand Pooh-Bah
 
Join Date: Jan 2002
Location: UK
Posts: 38,913
Thanks: 3,086
Thanked 3,125 Times in 2,836 Posts
Default Re: Authentium AntiVirus SDK-2

Welcome to Majorgeeks!

As all PCs and setups, plus some malware mutates and creates different file names please follow the below....

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
  #3  
Old 01-18-08, 13:33
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Authentium AntiVirus SDK-2

Quote:
Originally Posted by waddi View Post
This intruder in Program Files/Common Files/Authentium, with an associated service called DvpApi, is a beast.
It is not a an intruder or a beast! It is a legitimate antivirus program! You probably installed it yourself by using a load of junk from your ISP.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #4  
Old 01-19-08, 13:42
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

Quote:
Originally Posted by chaslang View Post
It is not a an intruder or a beast! It is a legitimate antivirus program! You probably installed it yourself by using a load of junk from your ISP.
I certainly did not consciously install it. What legitimate anti-virus program cannot be uninstalled?
  #5  
Old 01-19-08, 15:49
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

If it is legitimate, there is no point in making logs, but consider:
I recently reinstalled Windows XP and I have been proceeding with much care.
Authentium appeared the day I downloaded Roxio EMC 10 from another site.
Since then the Windows Logon screen has appeared on start-up, though there has never been more than one user.
The US NVDatabase relates Authentium to hacking.
Authentim did not tell me it was installing itself.
Major Geeks advises not running two anti-virus programs at once.
I cannot uninstall it.
I don't download gunk. I spend some time removing gunk from other people's computers.
I still have the problem.
Sponsored links
  #6  
Old 01-19-08, 22:43
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Authentium AntiVirus SDK-2

If you don't run the READ & RUN ME and attach the logs there is no way for us to really know what is going on with your PC. All I can tell you is that Authentium Command Antivirus is a real program and is often installed when users install software from their ISPs but that is not the only place it comes from. DvpApi.exe is the file associated with the service that runs Command AV. You can read about it anywhere on the internet. Here are few examples:

http://www.castlecops.com/o23list-471.html

http://www.greatis.com/appdata/a/d/dvpapi.exe.htm

http://www.liutilities.com/products/wintaskspro/processlibrary/dvpapi/

And then you can go to the company itself:

http://www.authentium.com/command/
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #7  
Old 01-20-08, 12:45
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

I have gone through the full Malware Removal procedure and have the attachments ready. I tried your references, downloaded Unhack Me, but it didn't help. I have now e-mailed Authentium asking for help. If Authentium can't help, I will send the logs.
What is malware? Something I didn't ask for it, don't want, but can't get rid of - isn't that a fair definition?
  #8  
Old 01-20-08, 13:37
DavidGP's Avatar
DavidGP DavidGP is offline
MajorGeeks Forum Administrator - Grand Pooh-Bah
 
Join Date: Jan 2002
Location: UK
Posts: 38,913
Thanks: 3,086
Thanked 3,125 Times in 2,836 Posts
Default Re: Authentium AntiVirus SDK-2

Quote:
Originally Posted by waddi View Post
What is malware? Something I didn't ask for it, don't want, but can't get rid of - isn't that a fair definition?
Yes exactly the right definition of malware.

But as Chaslang mentions, ISPs do give out free vesions of security software with their packages and this could be part of that, sadly unkess your really alert they install these as default, whcih can at times mess with your own installed default security software.

So the logs are important to narrow down the problem,
  #9  
Old 01-20-08, 18:15
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Authentium AntiVirus SDK-2

Malware is a term derived from Malicious Software.

Authentium Antivirus is not malicious software.

I'm not sure why you simply refuse to attach the logs we requested. We cannot help you unless you help us to help. If you are simple trying to remove Authentium's software and cannot do it via Add/Remove programs (it could be hidden under another name due to how your ISp installed it) it can normally be removed manually by removing the service and then the files and registry keys. UnhackMe is not going to help you. Neither is anything else except our logs. This is not a malware problem. It is no different than the dozens of times per week where people still have Norton/Symantec software trying to run even though they believe they uninstalled it.

If you do not attach your logs to your next message, this thread will be closed as it is a waste of our time to continue.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #10  
Old 01-22-08, 04:59
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

Quote:
Originally Posted by chaslang View Post
Malware is a term derived from Malicious Software.

Authentium Antivirus is not malicious software.

I'm not sure why you simply refuse to attach the logs we requested. We cannot help you unless you help us to help. If you are simple trying to remove Authentium's software and cannot do it via Add/Remove programs (it could be hidden under another name due to how your ISp installed it) it can normally be removed manually by removing the service and then the files and registry keys. UnhackMe is not going to help you. Neither is anything else except our logs. This is not a malware problem. It is no different than the dozens of times per week where people still have Norton/Symantec software trying to run even though they believe they uninstalled it.

If you do not attach your logs to your next message, this thread will be closed as it is a waste of our time to continue.
Authentium replied to my email as follows:
"Authentium supplies security software and software development kits (SDKs) to many companies including various internet service providers (ISPs). Installing a Security Suite from an ISP is the likely source of the Authentium components. Please contact the ISP where the Security Suite was installed from for support and assistance with this issue." I am continuing enquiries. Meanwhile I attach the logs. Spybot found nothing, AVG Anti-Spyware gave me no report although the required box was ticked and still is (it found 12 items of which 7 were Tracking Cookies and the others not shown). Instead of an AVG report I have attached the .inf file from the Authentium AntiVirus SDK-2.
Attached Files
File Type: txt log.txt (16.8 KB, 3 views)
Sponsored links
  #11  
Old 01-22-08, 05:39
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

It looks as though only one attachment got through. Here are the other two.
Attached Files
File Type: zip MGlogs.zip (47.0 KB, 1 views)
File Type: txt InfFile.txt (2.5 KB, 1 views)
  #12  
Old 01-23-08, 02:08
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Authentium AntiVirus SDK-2

You are missing one of the required logs from inside of MGlogs.zip. It attempts to run a process named analyse.exe when you ran MGtools.exe. This analyse.exe file is really HijackThis renamed to allow it to properly scan in the presence of certain malware. The log from it was not put into MGlogs.zip. If this was the first time ever that you had installed this version of HijackThis from TrendMicro, a popup may have occured mentioned a license that you have to approve. Did you accept the license so that it could install and run? It looks to me that you denied it since the TrendMicro HijackThis version 2.0.2 is not in your installed program list.

Please run the F:\MGtools\GetLogs.bat file by double clicking on it and then attach the new H:\MGlogs.zip file that is created. Make sure you accept the license for HijackThis and allow it to run this time.


When I look in your newfiles.txt log which is in the MGlogs.zip file, I see the below in your uninstall programs list:

Authentium AntiVirus SDK - 2

If you do not want this installed, have you look for the above in Add/Remove programs and uninstalled? Or are you saying it no longer appears. If it does not appear it is quite possible that as I already stated (and so did Authentium) that it is part of a package from your ISP (Virgin Broadband). I see the below which I would bet are all from your ISP:
Quote:
"DisplayName"="RPS Ad Blocker"
"DisplayName"="RPS AntiFraud"
"DisplayName"="RPS AntiSpyware"
"DisplayName"="RPS AntiVirus"
"DisplayName"="RPS App Detector"
"DisplayName"="RPS AsRealtime"
"DisplayName"="RPS Backup"
"DisplayName"="RPS Burn"
"DisplayName"="RPS Diagnostic Utility"
"DisplayName"="RPS Firewall"
"DisplayName"="RPS ParentalControl"
"DisplayName"="RPS Performance Tool"
"DisplayName"="RPS PopupBlocker"
"DisplayName"="RPS Privacy Manager"
"DisplayName"="RPS RpsCore"
"DisplayName"="RPS Security Cleanup"
"DisplayName"="RPS Zip"
It could be that the RPS Antivirus (and RPS stands for RadialPoint Software) is really Authentium. According to your logs it was either installed or update around Jan 18, 2008.
Code:
"F:\Program Files\Common Files\"
AUTHEN~1      18 Jan 2008              "Authentium"
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #13  
Old 01-26-08, 08:01
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

Thanks for the useful info. I have asked Virgin Media about it, but no reply so far.
Meanwhile I ran GetLogs.bat as requested and attach the new MGLogs.zip, but I was never asked to approve a licence. I do, though, have HiJack This v 1.99.01 in Program Files on Drive D.
I then deleted MGTools and MGtools.exe, reinstalled them and started again. Still no licence message. I attach the second MGLogs.zip as well. I see analyse.exe is in MGTools.
Attached Files
File Type: zip MGlogs.zip (48.0 KB, 4 views)
File Type: zip MGlogsFirst.zip (47.8 KB, 1 views)
  #14  
Old 01-26-08, 08:05
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

I should have mentioneed that while MGTools.exe was running, I saw "Could not find path specified" when it was tackling GetUnKey.
  #15  
Old 01-26-08, 09:18
waddi waddi is offline
Private E-2
 
Join Date: Jan 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Authentium AntiVirus SDK-2

Why now! Having just gone through the Malware Removal procedure in connection with Authentium, I have been struck by UiPopUphidden (message shows on Shutdown), the subject of another thread. I have been having "Not responding" errors, which I think are down to that malware. If anything relevant shows in the logs I have attached earlier, please say.
Sponsored links
  #16  
Old 01-27-08, 05:31
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Authentium AntiVirus SDK-2

Quote:
Originally Posted by waddi View Post
Meanwhile I ran GetLogs.bat as requested and attach the new MGLogs.zip, but I was never asked to approve a licence. I do, though, have HiJack This v 1.99.01 in Program Files on Drive D.
That is an old out of date version of HijackThis and you don't want to use it especially if the HijackThis.exe program has not been renamed.

Your MGlogs.zip file still shows that analyse.exe (HijackThis) is not being run properly.

Goto to C:\MGtools and double click on analyse.exe
What happens?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #17  
Old 01-27-08, 05:33
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Authentium AntiVirus SDK-2

Quote:
Originally Posted by waddi View Post
Why now! Having just gone through the Malware Removal procedure in connection with Authentium, I have been struck by UiPopUphidden (message shows on Shutdown), the subject of another thread. I have been having "Not responding" errors, which I think are down to that malware. If anything relevant shows in the logs I have attached earlier, please say.
You do not have malware. You have a problem with your antivirus program. That UiPopUphidden message has often been seen due to Freedom AV being installed and this is what the software that Virgin installed on your PC uses. See the PC Guard software. Uninstall this software and your problem will go away. Otherwise speak to Virgin about getting an update that fixes the problem.

Are the Virgin PC Guard and RPS software two different and unrelated programs. If so, one of them should be uninstalled anyway since that would mean you have multiple antivirus programs installed.

We are finished here because you are not having malware issues. You are having issues with the software you have installed.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
who has the best antivirus? uselessguy Software 2 02-06-07 21:29
Antivirus!! celebration.of.being Software 4 05-30-06 13:51
Which AntiVirus? PrinZe_ALi Software 19 01-18-06 11:36
Which antivirus is the best? Nater324 Malware Removal 1 12-15-05 23:01
Which Antivirus? ermintrude2003 Software 8 05-19-05 17:11


All times are GMT -5. The time now is 23:12.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger