false positiv

[Keithuk]

Ok update.

I formatted again last night. I put the normal Gigabyte drivers in and sound card. Installed Avast and did a full scan and it showed nothing. I was just checking some other files not installing anything and I get the virus message that c:\windows\system32\drivers\ndis.sys is infected. Now this is an M$ file so how has this got infected when nothing else as been installed, no web connection? 

[Milos]

Hello,
can you please send that file to virus@avast.com with password protected archive and subject "False positive"?

Thanks,
Milos

[Keithuk]

Hello,
can you please send that file to virus@avast.com with password protected archive and subject "False positive"?

Thanks,
Milos

Sorry Milos I can't because the computer would operate today but I couldn't click on any drive to find that file. I've done yet another format and rebuild, at the moment is working ok. After a full scan the only virus I had was in the System Volume Information folder which I deleted. 

[CharleyO]

***

Keithuk -

Please read the links below. The file ... ndis.sys ... may not be a true MS file or, if it is, it could be infected, though I can not imagine how if you are doing a reformat. It may depend on where you are getting file from and at this point, I do not know that answer. Anyway, please read the post by Polonus as well as any others I list below for farther information.

http://forum.avast.com/index.php?topic=49880.msg422081#msg422081

http://www.file.net/process/ndis.sys.html

http://www.threatexpert.com/files/ndis.sys.html

http://www.hauri.net/security/colum_view.html?idx=8&key=&cpage=1&searchkey=

Please use the links above for information only !


***

[Keithuk]

I was really supprised when it didn't pickup on any infection this time. Not the usual Alcmtr.exe and SoundMan.exe. Until I tried to load all the apps that I have made and everyone it says as a virus.

Can a virus kid Avast that a file is infected? 

[CharleyO]

***

hi Keithuk,

If you would like to investigate this farther, download Freefixer from the link below but do not fix anything. Post the resulting log here and we will take a look and see if we can find anything that might be causing a problem.

http://www.freefixer.com/download.html

Use the first download link ... Download Freefixer from Freefixer.com


***

[Keithuk]

***

hi Keithuk,

If you would like to investigate this farther, download Freefixer from the link below but do not fix anything. Post the resulting log here and we will take a look and see if we can find anything that might be causing a problem.

http://www.freefixer.com/download.html

Thanks for the info Charlie. I did a scan (see log file) and there is nothing untoward that I don't know about.   

[polonus]

Hi Keithuk,

Remove xInsIDE.exe which is malware This is an undesirable program.

This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums.
Name:   xInsIDE
Filename:   xInsIDE.exe
Command:   C:\Program Files\xInsIDE\xInsIDE.exe
Description:   Identified by BitDefender as a variant of the Adware.Agent.NBO malware.
File Location:   C:\Program Files\xInsIDE\xInsIDE.exe
Startup Type:   This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category:   O4 Entry


Use SDFix to remove, how read here:
http://74.125.77.132/search?q=cache:n0_id3VZQOsJ:www.bleepingcomputer.com/forums/topic131299.html+xinside.exe+sdifix&cd=2&hl=nl&ct=clnk

polonus

[CharleyO]

***

Thanks for helping, Polonus.   

I have been experiencing internet connection problems for the past 12 hours.


Below is a little more information for Keithuk :

 http://www.backgroundtask.eu/Systeemtaken/Taakinfo.php?ID=12888
and
 http://www.prevx.com/filenames/X1730342204328949915-X1/XINSIDE.EXE.html

xInsIDE is a malicious downloader

http://74.125.77.132/search?q=cache:ZKpc0PqPxTkJ:www.bleepingcomputer.com/startups/xInsIDE.exe-21892.html+xInsIDE.exe&cd=5&hl=nl&ct=clnk

For removal, download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, the Advanced Options Menu should appear.
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.


The process mcci+McciCMService belongs to the software McciCMService by Motive Communications, Inc (www.motive.com).

Description: File McciCMService.exe is located in a subfolder of "C:\Program Files\Common Files". Known file sizes on Windows XP are 303104 bytes (87% of all occurrence), 308528 bytes.

Important: Some malware camouflage themselves as McciCMService.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the McciCMService.exe process on your pc whether it is pest.
Think this one is OK


In the Freefixer log, there is an error listed. The error appears to be motherboard driver related.
Please read the below link for more infotmation.

http://forums.techguy.org/windows-vista-7/821633-solved-essvr-exe.html


***

[Keithuk]

Ok update.

I was having rundll32.exe and WIAACMGR.EXE on my flash drives. I took all flash drives to work and scanned them with McAfee 8.5 and it picked up on a couple of other files but not these. I thought these might be viruses as I've never seen these files on my flash drives before. After a couple of formats over the weekend I inserted each drive in and kept the Shift key pressed so it wouldn't autorun. I did a scan with Avast and it picked up on these 2 files as viruses and all the apps that I had made. So delete and delete the Autorun.inf. Now at the moment its working as it should these files aren't showing up now. I've done full main drive scan and nothing shows up with Alcmtr.exe and SoundMan.exe as it did before. It appears this virus corrupts existing files on the drive randomly. A full scan with Malwarebytes shows nothing either.

Its also strange generally as you click on a folder Avast checks all files in that folder before you have time to click on any but it never picked on anything.

Fingers crossed I hope its fixed.