need help on 'SUSPECTED' malwares..

dokgu · 06-25-2008, 09:51 AM

Can you please help me with my problem? My laptop started to run slower than the usual. There are two objects that my Kaspersky 7.0 detected and cannot be disinfected, so I ended up deleting the objects. But every now and then, Kaspersky continuously detects the two objects again.. I'm confused. Here are the two objects classified under

Hidden.Object

1. C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86

and

2. C:\ADSM_PData_0150

I even delete them from the Backup tab page of Kaspersky but they keep on appearing again.

I believe they are not malwares or anything unwanted but, with the way they act, I believe otherwise. I'll try to post my HijackThis report now if I can..

I'm thanking you in advance whoever you are willing to help me in your free time..

Here's the HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:07 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\P4P\P4P.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 5258 bytes

Hope to receive a positive reply soon..

dokgu · 07-03-2008, 04:49 AM

no need to reply on this.. i couldn't wait for any reply anymore.. i reformatted my laptop already.. sorry about that, i really needed the laptop badly.. i'm an IT student, so i need to have it performing really good asap..

**TheBruce1** · 07-04-2008, 05:53 AM

Ok, thanks for letting us know.

06-25-2008, 09:51 AM	#1 (permalink)
dokgu Registered User Join Date: Jun 2008 Posts: 2 OS: xp sp2	Can you please help me with my problem? My laptop started to run slower than the usual. There are two objects that my Kaspersky 7.0 detected and cannot be disinfected, so I ended up deleting the objects. But every now and then, Kaspersky continuously detects the two objects again.. I'm confused. Here are the two objects classified under Hidden.Object 1. C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 and 2. C:\ADSM_PData_0150 I even delete them from the Backup tab page of Kaspersky but they keep on appearing again. I believe they are not malwares or anything unwanted but, with the way they act, I believe otherwise. I'll try to post my HijackThis report now if I can.. I'm thanking you in advance whoever you are willing to help me in your free time.. Here's the HijackThis report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:40:07 PM, on 6/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\P4P\P4P.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\acovcnt.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 5258 bytes Hope to receive a positive reply soon.. Last edited by amateur : 06-25-2008 at 11:46 AM. Reason: merged to retain 0-reply status

07-03-2008, 04:49 AM	#2 (permalink)
dokgu Registered User Join Date: Jun 2008 Posts: 2 OS: xp sp2	Re: need help on 'SUSPECTED' malwares.. no need to reply on this.. i couldn't wait for any reply anymore.. i reformatted my laptop already.. sorry about that, i really needed the laptop badly.. i'm an IT student, so i need to have it performing really good asap..

07-04-2008, 05:53 AM	#3 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 3,210 OS: XP	Re: need help on 'SUSPECTED' malwares.. Ok, thanks for letting us know. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating