What if Virus can't be cleaned and can't be quarantined?

[David H. Lipman]

From: "Stan Hilliard" <[email protected]>

| According to the F-Prot anti virus program my XP-Pro computer has the
| virus:
| W32/agent ICY (exact)

| in the file:
| Windows\System32\nvsvc32.exe (159,812 bytes)

| That file is from my NVIDIA FX 5500 display card. In the registry is
| the notation: "Provides system and desktop level support to the NVIDIA
| display driver."

| The F-Prot program can't clean the file and quarantine fails.

| The Windows XP-Pro registry has three references to that file.
| HKLM\System\CurrentControlSet\Services\NVSvc\


| I am wondering if I should delete the infected file. Would the display
| card continue to function?

| If not, how can I replace the file with a clean one? Or is there a
| better way?

| Advice will be appreciated,
| Stan Hilliard


Who said this was a virus ? It isn't it is a trojan.

Stop the service NVSvc and then remove %windir%\system32\nvsvc32.exe

 

[SC Tom]

From: "Stan Hilliard" <[email protected]>

| According to the F-Prot anti virus program my XP-Pro computer has the
| virus:
| W32/agent ICY (exact)

| in the file:
| Windows\System32\nvsvc32.exe (159,812 bytes)

| That file is from my NVIDIA FX 5500 display card. In the registry is
| the notation: "Provides system and desktop level support to the NVIDIA
| display driver."

| The F-Prot program can't clean the file and quarantine fails.

| The Windows XP-Pro registry has three references to that file.
| HKLM\System\CurrentControlSet\Services\NVSvc\


| I am wondering if I should delete the infected file. Would the display
| card continue to function?

| If not, how can I replace the file with a clean one? Or is there a
| better way?

| Advice will be appreciated,
| Stan Hilliard


Who said this was a virus ? It isn't it is a trojan.

Stop the service NVSvc and then remove %windir%\system32\nvsvc32.exe

It's not a virus or a trojan; it's part of the nvidia display driver
installation (doesn't mean it CAN'T be either, but normally it isn't).
Disabling it in services
may not cause any problems, but I wouldn't delete it until it proves to be
of no use.

SC Tom

 

[Jose]

According to the F-Prot anti virus program my XP-Pro computer has the
virus:
W32/agent ICY (exact)

in the file:
Windows\System32\nvsvc32.exe  (159,812 bytes)

That file is from my NVIDIA FX 5500 display card. In the registry is
the notation: "Provides system and desktop level support to the NVIDIA
display driver."

The F-Prot program can't clean the file and quarantine fails.

The Windows XP-Pro registry has three references to that file.
HKLM\System\CurrentControlSet\Services\NVSvc\
HKLM\System\ControlSet001\Services\NVSvc\
HKLM\System\ControlSet003\Services\NVSvc\

I am wondering if I should delete the infected file. Would the display
card continue to function?

If not, how can I replace the file with a clean one? Or is there a
better way?

Advice will be appreciated,
Stan Hilliard

Not every AV program can detect every infection or remove it. Some
will give "false positive" detections.

Give these reputable ones a run, then decide what to do:

Reduce the chances of malicious software by running some scans.

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

These can be uninstalled later if desired.

 

[Ken Blake, MVP]

As soon as I deleted the running process in Task Manager, F-Prot
deleted the file.

F-Prot called it a Trojan. But I don't know the difference between a
Trojan and a virus.

Trojan: http://en.wikipedia.org/wiki/Trojan_horse_computing)

Virus: http://en.wikipedia.org/wiki/Computer_virus

They are two different types of malware. Read here for an overview of
malware and its various types: http://en.wikipedia.org/wiki/Malware

 

[David H. Lipman]

From: "SC Tom" <[email protected]>





| It's not a virus or a trojan; it's part of the nvidia display driver
| installation (doesn't mean it CAN'T be either, but normally it isn't).
| Disabling it in services
| may not cause any problems, but I wouldn't delete it until it proves to be
| of no use.

| SC Tom


Thank you.

You are right. I didn't research it. I reacted to just what was posted.

 

[SC Tom]

From: "SC Tom" <[email protected]>






| It's not a virus or a trojan; it's part of the nvidia display driver
| installation (doesn't mean it CAN'T be either, but normally it isn't).
| Disabling it in services
| may not cause any problems, but I wouldn't delete it until it proves to
be
| of no use.

| SC Tom


Thank you.

You are right. I didn't research it. I reacted to just what was posted.

Not a problem. Been there, done that too many times

 

[Lucie]

Same problem

I found this thread because I have the same problem.. F-PROT
detected the Troyan W32/Agent.ICY in nvsvc32.exe

First time in 15 years I acquire something... Since we both
got it today, could it be a mistake in F-Prot signature files?
I have automatic update, and there was an update today
(Oct 2)?

For time being I have done as said here, Ended Process, then
Scanned the file and F-Prot deleted it. I found it has been
Quarantined in the NVIDIA folder as nvsvc3_.exe so can be
put back if it is found that this a an F-Prot error.

Lucie

 

[Stan Hilliard]

According to the F-Prot anti virus program my XP-Pro computer has the
virus:
W32/agent ICY (exact)

in the file:
Windows\System32\nvsvc32.exe (159,812 bytes)

That file is from my NVIDIA FX 5500 display card. In the registry is
the notation: "Provides system and desktop level support to the NVIDIA
display driver."

The F-Prot program can't clean the file and quarantine fails.

The Windows XP-Pro registry has three references to that file.
HKLM\System\CurrentControlSet\Services\NVSvc\
HKLM\System\ControlSet001\Services\NVSvc\
HKLM\System\ControlSet003\Services\NVSvc\

I am wondering if I should delete the infected file. Would the display
card continue to function?

If not, how can I replace the file with a clean one? Or is there a
better way?

Advice will be appreciated,
Stan Hilliard

 

[Stan Hilliard]

From: "Stan Hilliard" <[email protected]>

| According to the F-Prot anti virus program my XP-Pro computer has the
| virus:
| W32/agent ICY (exact)

| in the file:
| Windows\System32\nvsvc32.exe (159,812 bytes)

| That file is from my NVIDIA FX 5500 display card. In the registry is
| the notation: "Provides system and desktop level support to the NVIDIA
| display driver."

| The F-Prot program can't clean the file and quarantine fails.

| The Windows XP-Pro registry has three references to that file.
| HKLM\System\CurrentControlSet\Services\NVSvc\


| I am wondering if I should delete the infected file. Would the display
| card continue to function?

| If not, how can I replace the file with a clean one? Or is there a
| better way?

| Advice will be appreciated,
| Stan Hilliard


Who said this was a virus ? It isn't it is a trojan.

Stop the service NVSvc and then remove %windir%\system32\nvsvc32.exe

Thanks Dave,

As soon as I deleted the running process in Task Manager, F-Prot
deleted the file.

F-Prot called it a Trojan. But I don't know the difference between a
Trojan and a virus.

 

[Lucie]

What if Virus...

Thanks a lot Stan, first time I use a Tech Forum, happy to
see that it was not me! <grin>

I un-quarantined the file and F-Proted it three times, all is OK.

Lucie

 

[Stan Hilliard]

Thanks Dave,

As soon as I deleted the running process in Task Manager, F-Prot
deleted the file.

F-Prot found more of the same file when I did a full scan. It found
copies that were in the drive/folder where I have the drivers that I
installed 2 years ago. The trojan was a false positive caused by
yesterday's signature file -- that they have now fixed. I will undo
all of yesterday's quarantines.