« previous next »
Pages: [1]   Go Down

Author Topic: Weird Registry Key - Virus? No info at all on Google  (Read 3508 times)

0 Members and 1 Guest are viewing this topic.

demingk

  • Guest
Weird Registry Key - Virus? No info at all on Google
« on: September 16, 2010, 01:14:40 AM »
Hi,

I'm running Vista 32 bit, SP2.  I started having problems with Chrome not working right, got to poking around, and decided to do a thorough virus/malware scan, etc.  MBAM found a few things, including a couple ID'd as Trojan Horses, and I cleaned them up.  Ran OTL, another scan, HijackThis, and everything looked ok.

But, something's still not right.

I found a registry key that looks iffy, but I'm hesitant to delete it and mess something up.

It's in HKCU\Software\Microsoft\Windows\CurrentVersion\Run.  The entry is titled HOSTnfig (not HOSTConfig), and the data is rundll32,"C:\Users\Me\AppData\Local\Temp\cbsrxext.dll",dllGetVersion

I found the cbsrxext.dll file, and at least checked the properties.  It has a 9/13/10 created date, which is the night before I started having problems.

I have another PC where Chrome works fine, and this registry key is not present.  It's also Vista 32, SP2.

Any thoughts?  Am I correct in assuming that this may be a threat?  I've searched high and low for data on HOSTnfig and cbsrxext.dll, and found absolutely nothing.
Logged

demingk

  • Guest
Re: Weird Registry Key - Virus? No info at all on Google
« Reply #1 on: September 16, 2010, 01:45:06 AM »
This is what I get for not reading the "Advice and Tools" sticky.

I ran cbsrxext.dll through www.kaspersky.com/scanforvirus and ir came back as infected with Backdoor.Win32.Papras.sa

Kaspersky claims to have updated their defs with a fix.  If it works, I'll post another reply.
« Last Edit: September 16, 2010, 02:04:12 AM by demingk »
Logged

demingk

  • Guest
Re: Weird Registry Key - Virus? No info at all on Google
« Reply #2 on: September 16, 2010, 04:50:47 AM »
Looks like Kaspersky fixed it.  I couldn't find any instructions or info on it outside of there, though.  Nothing in Avast, Symantec, etc.
Logged

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1371
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: Weird Registry Key - Virus? No info at all on Google
« Reply #3 on: September 16, 2010, 06:11:30 AM »
Hi Demingk,

Welcome to the avast forum,

Have you tried to submit your infected file to virustotal.com?
You may see how is the other's AV respond related to your submitted files, and according to what i found HOSTnfig most likely is Dynamic Host Configuration Protocol as DHCP Server/Client. And i don't think so that is a suspicious file, and talking about cbsrxext.dll is look installed and saved in the Temp folder. You can try to remove with CCleaner to clean up your registry and temporary cookies from your internet explorer.

For sure you may scan with Dr.Web Scanner to make sure whether this a back door as Kaspersky results to you.

cheers,


Logged
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya
Pages: [1]   Go Up
« previous next »