What is mivvx.dll?

antonyliu2002 · Mar 15, 2007

I've never had this.

Look:

http://farm1.static.flickr.com/175/422530976_2349564b3a_o.png

This one happened to me only two or three days after I re-installed
(clean install) my XP Pro system.

Right after I login to my account, before my desktop icons loom up, an
error popup window says, Can't access mivvx.dll, access denied. Or
something like that. I click the OK button on this popup and then
windows proceed to load my desktop just fine.

I browsed to C:\Windows\System32 and found this perpetrator as shown
in the PNG image above. My AVG says it is a thread, but was not able
to heal it.

Google turns out no hit. Is this something new? Please advise and
let me know how I can get rid of this bad guy.

Thanks.

David H. Lipman · Mar 15, 2007

From: <[email protected]>

| I've never had this.
|
| Look:
|
| http://farm1.static.flickr.com/175/422530976_2349564b3a_o.png
|
| This one happened to me only two or three days after I re-installed
| (clean install) my XP Pro system.
|
| Right after I login to my account, before my desktop icons loom up, an
| error popup window says, Can't access mivvx.dll, access denied. Or
| something like that. I click the OK button on this popup and then
| windows proceed to load my desktop just fine.
|
| I browsed to C:\Windows\System32 and found this perpetrator as shown
| in the PNG image above. My AVG says it is a thread, but was not able
| to heal it.
|
| Google turns out no hit. Is this something new? Please advise and
| let me know how I can get rid of this bad guy.
|
| Thanks.

Just becuase Google doesn't turn up anything mean much except the chances of it being
legititimate is low.

Please submit a sample of "mivvx.dll" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

antonyliu2002 · Mar 16, 2007

From: <[email protected]>

| I've never had this.
|
| Look:
|
|http://farm1.static.flickr.com/175/422530976_2349564b3a_o.png
|
| This one happened to me only two or three days after I re-installed
| (clean install) my XP Pro system.
|
| Right after I login to my account, before my desktop icons loom up, an
| error popup window says, Can't access mivvx.dll, access denied. Or
| something like that. I click the OK button on this popup and then
| windows proceed to load my desktop just fine.
|
| I browsed to C:\Windows\System32 and found this perpetrator as shown
| in the PNG image above. My AVG says it is a thread, but was not able
| to heal it.
|
| Google turns out no hit. Is this something new? Please advise and
| let me know how I can get rid of this bad guy.
|
| Thanks.

Just becuase Google doesn't turn up anything mean much except the chances of it being
legititimate is low.

Please submit a sample of "mivvx.dll" to Virus Total --http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

Thanks.

I've sent mivvx.dll to (e-mail address removed) as an attachment.
Submitting from virustotal web was not successful.

Not sure how long it's gonna take for me to get the result.

antonyliu2002 · Mar 16, 2007

From: <[email protected]>

| I've never had this.
|
| Look:
|
|http://farm1.static.flickr.com/175/422530976_2349564b3a_o.png
|
| This one happened to me only two or three days after I re-installed
| (clean install) my XP Pro system.
|
| Right after I login to my account, before my desktop icons loom up, an
| error popup window says, Can't access mivvx.dll, access denied. Or
| something like that. I click the OK button on this popup and then
| windows proceed to load my desktop just fine.
|
| I browsed to C:\Windows\System32 and found this perpetrator as shown
| in the PNG image above. My AVG says it is a thread, but was not able
| to heal it.
|
| Google turns out no hit. Is this something new? Please advise and
| let me know how I can get rid of this bad guy.
|
| Thanks.

Just becuase Google doesn't turn up anything mean much except the chances of it being
legititimate is low.

Please submit a sample of "mivvx.dll" to Virus Total --http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

Here is the result. It looks like it is not a virus.

Complete scanning result of "mivvx.dll", processed in VirusTotal at
03/16/2007 02:00:07 (CET).

[ file data ]
* name: mivvx.dll
* size: 0
* md5.: d41d8cd98f00b204e9800998ecf8427e
* sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709

[ scan result ]
AhnLab-V3 2007.3.15.0/20070315 found nothing
AntiVir 7.3.1.43/20070315 found nothing
Authentium 4.93.8/20070315 found nothing
Avast 4.7.936.0/20070315 found nothing
AVG 7.5.0.447/20070315 found nothing
BitDefender 7.2/20070316 found nothing
CAT-QuickHeal 9.00/20070315 found nothing
ClamAV 0.90.1/20070315 found nothing
DrWeb 4.33/20070315 found nothing
eSafe 7.0.14.0/20070315 found nothing
eTrust-Vet 30.6.3481/20070315 found nothing
Ewido 4.0/20070315 found nothing
F-Prot 4.3.1.45/20070315 found nothing
F-Secure 6.70.13030.0/20070315 found nothing
FileAdvisor 1/20070316 found [No threat detected]
Fortinet 2.85.0.0/20070315 found nothing
Ikarus T3.1.1.3/20070315 found nothing
Kaspersky 4.0.2.24/20070316 found nothing
McAfee 4985/20070315 found nothing
Microsoft 1.2306/20070315 found nothing
NOD32v2 2117/20070315 found nothing
Norman 5.80.02/20070315 found nothing
Panda 9.0.0.4/20070315 found nothing
Prevx1 V2/20070316 found nothing
Sophos 4.15.0/20070313 found nothing
Sunbelt 2.2.907.0/20070315 found nothing
Symantec 10/20070316 found nothing
TheHacker 6.1.6.076/20070315 found nothing
UNA 1.83/20070315 found nothing
VBA32 3.11.2/20070315 found nothing
VirusBuster 4.3.7:9/20070315 found nothing

[ notes ]
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=d41d8cd98f00b204e9800998ecf8427e

David H. Lipman · Mar 16, 2007

From: <[email protected]>

|
| Here is the result. It looks like it is not a virus.
|
| Complete scanning result of "mivvx.dll", processed in VirusTotal at
| 03/16/2007 02:00:07 (CET).
|
| [ file data ]
| * name: mivvx.dll
| * size: 0
| * md5.: d41d8cd98f00b204e9800998ecf8427e
| * sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
|

< snip >

size: 0 it was never submitted.
The file handle was held open and the file could not be copied for submission.

antonyliu2002 · Mar 16, 2007

From: <[email protected]>

|
| Here is the result. It looks like it is not a virus.
|
| Complete scanning result of "mivvx.dll", processed in VirusTotal at
| 03/16/2007 02:00:07 (CET).
|
| [ file data ]
| * name: mivvx.dll
| * size: 0
| * md5.: d41d8cd98f00b204e9800998ecf8427e
| * sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
|

< snip >

size: 0 it was never submitted.
The file handle was held open and the file could not be copied for submission.

OK, I did not realize that. But then, there is no easy way to submit
it. Gmail does not allow sending executables, and submitting from
virustotal web also returns "size 0". Maybe I'll try using Yahoo!
Mail and see what happens.

Will get back to you later. Thanks.

David H. Lipman · Mar 16, 2007

antonyliu2002 · Mar 16, 2007

From: <[email protected]>

|
| OK, I did not realize that. But then, there is no easy way to submit
| it. Gmail does not allow sending executables, and submitting from
| virustotal web also returns "size 0". Maybe I'll try using Yahoo!
| Mail and see what happens.
|
| Will get back to you later. Thanks.

No. The process that loaded it has to be killed first so the file handle is closed and THEN
it can be submitted.

It also is indicative that this was a righteous call and this a a dowloader Trojan and AVG
said it was.

Download and execute HiJack This! (HJT)http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v...

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is not required in the below before posting a loghttp://www.thespykiller.co.uk/forum/?action=forum

NOTE: Registration is REQUIRED in any of the below before posting a loghttp://www.bleepingcomputer.com/forums/for...ums.security-central.us/forumdisplay.php?f=13

Thank. I just uploaded the hijackthis log at http://www.thespykiller.co.uk/forum/?action=forum.

The subject is hijackthis log file. In the message body, I have: Check
the attachment for details. Thanks.

antonyliu2002 · Mar 16, 2007

Thank. I just uploaded the hijackthis log athttp://www.thespykiller.co.uk/forum/?action=forum.

The subject is hijackthis log file. In the message body, I have: Check
the attachment for details. Thanks.- Hide quoted text -

- Show quoted text -

Look at the following screen snapshot:

http://farm1.static.flickr.com/131/422806116_01861fcff1_o.jpg

This popup occurs right after I login password is accepted by windows
xp and before the desktop icons loom up. After I click the OK button
of this popup, windows proceed to load the desktop.

I forgot to say in my previous posts:

1. I am not sure what process is using this mivvx.dll.
2. I tried booting to safe mode and attempted to delete mivvx.dll.
It was not successful. Windows says that I cannot delete it because
some other program is using it.

David H. Lipman · Mar 16, 2007

From: <[email protected]>

| Thank. I just uploaded the hijackthis log at
| http://www.thespykiller.co.uk/forum/?action=forum.

| The subject is hijackthis log file. In the message body, I have: Check
| the attachment for details. Thanks.

Derek says you do have to Register and post in this Forum...
http://www.thespykiller.co.uk/index.php?board=3.0

You posted in the malware upload forum.

Ron Lopshire · Mar 16, 2007

From: <[email protected]>
|
| Here is the result. It looks like it is not a virus.
|
| Complete scanning result of "mivvx.dll", processed in VirusTotal at
| 03/16/2007 02:00:07 (CET).
|
| [ file data ]
| * name: mivvx.dll
| * size: 0
| * md5.: d41d8cd98f00b204e9800998ecf8427e
| * sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
|
size: 0 it was never submitted.
The file handle was held open and the file could not be copied for submission.

Click to expand...

OK, I did not realize that. But then, there is no easy way to submit
it. Gmail does not allow sending executables, and submitting from
virustotal web also returns "size 0". Maybe I'll try using Yahoo!
Mail and see what happens.

In addition to the preferred method, submitting samples to VT and/or
Jotti, you can send samples to AV vendors by email. In most cases, you
want to put the sample in a password-protected archive (zip file) and
attach that to the email. Here is how to send a sample to Kaspersky Labs.

http://forum.kaspersky.com/index.php?showtopic=13881

You can check with other vendors for similar procedures. In most cases,
you don't have to be a customer in order to submit a file.

Ron

What do I do-- JS/Downloader	7	Mar 6, 2008
Is this blaster or sasser	2	Mar 11, 2007
Email "Revocation information for the Security Certificate is not available" popup problem.	0	Dec 19, 2013
What happened? somewhat related to CRYPTIC.AZC	10	Oct 4, 2010
AVG is disappointing me.	19	May 15, 2004
Email "Revocation information for the Security Certificate is not available" popup problem.	5	Dec 19, 2013
AVG	1	Oct 22, 2003
What can I use in place of AVG 8.5?	11	Nov 9, 2009

What is mivvx.dll?

antonyliu2002

David H. Lipman

antonyliu2002

antonyliu2002

David H. Lipman

antonyliu2002

David H. Lipman

antonyliu2002

antonyliu2002

David H. Lipman

Ron Lopshire

Ask a Question

Similar Threads