Results of SuperAntiSpyware Scan

[Dallas]

Hey All,

Had the usual tracing cookies, but this time, I have a few new items - I
Googled them & no results, other than a few Registry Fix Sites.

In the results, under Adware.Vundo/Variant, are these 2:

C:\I386\NVARCH16.DLL
C:\WINDOWS\SYSTEM32\NVARCH16.DLL

What are they & should I Delete them ?

Thanks very much as always!

 

[Olórin]

Hey All,

Had the usual tracing cookies, but this time, I have a few new items - I
Googled them & no results, other than a few Registry Fix Sites.

In the results, under Adware.Vundo/Variant, are these 2:

C:\I386\NVARCH16.DLL
C:\WINDOWS\SYSTEM32\NVARCH16.DLL

What are they & should I Delete them ?

Thanks very much as always!

--
Dallas.....

Dell P 4, 3GHz, 512 MB DDR SDRAM, 160 GB, Win XP Home
16X DVD-ROM & ,6X DVD+/RW, IE7, OE6, DSL, via AT&T

This isn't an XP question; suggest you try a security or SuperAntiSpyware
forum. Also, scan with one or two other antimalware products too (eg Spybot
Search & Destroy and Malwarebytes) and Google around the term
"Adware.Vundo/Variant". You might also want to grab the latest nVidia driver
for your graphics card and install that.

 

[1PW]

This isn't an XP question; suggest you try a security or SuperAntiSpyware
forum. Also, scan with one or two other antimalware products too (eg Spybot
Search & Destroy and Malwarebytes) and Google around the term
"Adware.Vundo/Variant". You might also want to grab the latest nVidia driver
for your graphics card and install that.

* * * CROSS POSTED * * *
Hello Dallas:

Olórin is correct and I have moved this to some of the newsgroups that
are probably more appropriate so as to benefit the largest number of
readers.

SUPERAntiSpyware has found one of several possibles; your nvarch16.dll
file is either a false positive, or it's possibly malware that has taken
the filename of another in an attempt to masquerade, to name a few.

You may wish to send a copy of the file to: <http://www.virustotal.com/>
They will render an evaluation that you can post as a follow-up.

Best wishes to you.

Pete

 

[Don Phillipson]

In the results, under Adware.Vundo/Variant, are these 2:

C:\I386\NVARCH16.DLL
C:\WINDOWS\SYSTEM32\NVARCH16.DLL

What are they & should I Delete them ?

Standard procedure for doubtful cases like this is
1. Rename
2. Reboot
3. Run
i.e.
1. REN C:\I386\NVARCH16.DLL C:\I386\xNVARCH16.DLL
via CMD if necessary, resetting Attribs if necessary.
2. Reboot PC
3. Results (abnormal behavior or error messages with no
functional) can be interpreted and repairs implemented if
functionally needed.
4. RENamed files can later be restored or renamed or
deleted as convenient. If the original filenames reappear
spontaneously, this tells us they are rewritten by some
other part of the malware.

 

[Dallas]

Thanks & yes I know, but it is on my XP.

I did the Spybot & it didn't even find them! & when I Googled them, as I
said in the original Post, it had nothing to show for it. I will Google the
driver for the Graphics card - why suggest that ? Is it somehow related to
the Adware NVARCH issue I raised ?

Thanks!

 

[Dallas]

Don, thanks very much but I am skeptical as I know nothing of which you
speak; sorry - novice here! but the via cmd & rest attribs has me lost -
again.

thanks anyway

 

[Peter Foldes]

Dallas

Delete them or quarantine them with SuperAntiSpyware. They are malware files by
origin

 

[Olórin]

Thanks & yes I know, but it is on my XP.

Not everything that can be done on an XP computer is necessarily appropriate
for an "XP Basics" newsgroup, if you think about it. Yours is specifically a
(potential) malware problem; more focussed groups are out there,
microsoft.public.security.virus if you want an MS one. This isn't just being
pedantic or trying to fob you off - there are folk there with more
specialist knowledge. Also, a search on a forum's history may give you
directly an answer that someone else has already found; even if not, your
thread may well help out someone else down the line.

I did the Spybot & it didn't even find them!

Hmm, yes, that's why the suggestion is often made not to rely on just one or
even two anti-malware apps. It could be a false positive - which you stand
more chance of establishing at the SuperAntiSpyware forums as suggested (it
looks like the URL is http://forums.superantispyware.com - I'm not 100% sure
because my company has blocked access to that site on security grounds...).
Did you try Malwarebytes AntiMalware (http://www.malwarebytes.org/mbam.php)
as also suggested?

I'd also recommend uploading the .dll files to www.virustotal.com - that'll
run them through up to date versions of some 30+ scanners. I think you can
do it directly from the web site, but there's a small utility they offer for
download that adds an uploader to your "Send To" menu - I find it very
useful. (For files up to 10Mb, IIRC.)

& when I Googled them, as I said in the original Post, it had nothing to
show for it.

It wasn't clear from your original post exactly what terms you'd tried
Googling. I got about 8,500 results for the phrase I suggested,
"Adware.Vundo/Variant":

http://www.google.co.uk/search?hl=en&q="Adware.Vundo/Variant"&meta=

I will Google the driver for the Graphics card - why suggest that ? Is it
somehow related to the Adware NVARCH issue I raised ?

Only do so if yours *is* an nVidia card...! I mentioned it because "NVIDIA
Compatible Resource Manager" came up several times when I Googled
"nvarch16.dll". I can't help wondering what you actually *did* Google that
found "no results"!

 

[Dallas]

Great, thank you Peter.

Hope you're doing well.