Rivarts.A removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by Shlomo, Mar 26, 2006.

  1. Shlomo

    Shlomo Private E-2

    When I run Windows Defender I get a message that my PC is infected with the Rivarts.A backdoor keylogger. Win Defender is able to remove it, but when I restart my PC it comes right back.

    I have run steps 1 - 7 in the Read and Run Me First article.

    No other program detects Rivarts.A, not even Win Defender when I ran it in Safe Mode.

    I've attached the logs from Bitdefender, Panda, and Hijack This.

    Any help will be appreciated.

    Shlomo
     

    Attached Files:

    Shlomo, Mar 26, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    I see no signs of any malware in your logs. Just a potential problem with Secret Maker if the HijackThis O10 line is correct and the smnsp.dll is really missing. You should check for this file.

    Are you saying Windows Defender only finds the problem when you boot in normal mode? And it does not find it in safe mode?

    Attach a log a what Windows Defender is finding.
     
    chaslang, Mar 26, 2006
    #2
  3. Shlomo

    Shlomo Private E-2

    Hi chaslang:

    That is correct. When I ran Windows Defender in safe mode it did not detect anything.

    I've attached two screen shots of what Windows Defender found when I ran it in Normal mode this morning.

    I didn't have a chance to look at the possible problem with smnsp.dll yet.

    Thanks
     

    Attached Files:

    Shlomo, Mar 26, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Mar 26, 2006
    #4
  5. Shlomo

    Shlomo Private E-2

    What I understood from the link to kaspersky is that the false positive was caused by the combination of Windows Defender and some newly added program. Therefore, I removed all of the programs that I added in the last several weeks, well before I started having this problem. Windows Defender continues to say that my pc is infected with Rivarts.A

    I would appreciate any thoughts you have on this.

    Thanks
     
    Shlomo, Mar 28, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Mar 28, 2006
    #6
  7. Shlomo

    Shlomo Private E-2

    Thank you for that link to spybot forums.

    Now I'm just curious, how could I determine which application is using that hook?

    Thanks,

    Shlomo
     
    Shlomo, Mar 29, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You could export the registry key to a file (to basically make a backup) and then delete the registry key. Then see if something on your system stops working. There may even be other info in the registry key to give you a hint on what is using it.
     
    chaslang, Mar 29, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds