How to get rid of this virus

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have Bitdefender Internet Security 10 installed and it automatically runs
a virus check every night.  This morning the screen on the computer said it
found 1 virus.  This is the message displayed when I check the event list:

Summary:

C:\WINDOWS$NtServicePackUninstall$\agentsvr.exe Infected: Win32.Mixor.A@mm
C:\WINDOWS$NtServicePackUninstall$\agentsvr.exe Disinfection failed
C:\WINDOWS$NtServicePackUninstall$\agentsvr.exe Moved


I have no idea what this virus is or where it was moved to.  I tried
"Google" to find an answer but mostly what I found was registry entries that
other people had submitted and what I need is a "fix".  As Bit Defender has
been scanning for viruses every night am I to assume that an update was d/l
last night from Microsoft that contains this virus?  I updated to Internet
Explorer 7 a few days ago and automatic updates is on but I'm supposed to be
asked before anything installs and I haven't installed any updates since IE
7.  How do I get rid of this virus? I have Windows Defender installed and
phishing filter is on.  How did this virus get through my firewall, spyware
checker, and virus software?  I don't have the spam filter on Bit Defender
enabled because it crashes the computer trying to configure it which is the
only thing I think I am not protected against.   What to do as disinfection
failed and it was only moved.

Thanks






Re: How to get rid of this virus


Lou acrit :

Quoted text here. Click to load it


Hello,
I think that it is about a false positive

A false positive, also known as a false detection or false alarm,
occurs when an antivirus program detects a known virus string in an
uninfected file. The file, while not infected with an actual virus,
does contain a string of characters that matches a string from an
actual virus.

Good luck

C:\WINDOWS$NtServicePackUninstall$\agentsvr.exe
Summary with VirusTotal
http://www.virustotal.com/en/virustotalx.html

Antivirus Version Update Result
AntiVir 7.2.0.37 11.07.2006  no virus found
Authentium 4.93.8 11.06.2006  no virus found
Avast 4.7.892.0 11.06.2006  no virus found
AVG 386 11.07.2006  no virus found
BitDefender 7.2 11.06.2006 Win32.Mixor.A@mm
CAT-QuickHeal 8.00 11.06.2006  no virus found
ClamAV devel-20060426 11.07.2006  no virus found
DrWeb 4.33 11.07.2006  no virus found
eTrust-InoculateIT 23.73.48 11.07.2006  no virus found
eTrust-Vet 30.3.3178 11.06.2006  no virus found
Ewido 4.0 11.07.2006  no virus found
Fortinet 2.82.0.0 11.07.2006  no virus found
F-Prot 3.16f 11.06.2006  no virus found
F-Prot4 4.2.1.29 11.06.2006  no virus found
Ikarus 0.2.65.0 11.07.2006  no virus found
Kaspersky 4.0.2.24 11.07.2006  no virus found
McAfee 4889 11.06.2006  no virus found
Microsoft 1.1609  11.07.2006  no virus found
NOD32v2 1.1856 11.06.2006  no virus found
Norman 5.80.02 11.06.2006  no virus found
Panda 9.0.0.4 11.06.2006  no virus found
Sophos 4.10.0 10.26.2006  no virus found
TheHacker 6.0.1.113 11.06.2006  no virus found
UNA 1.83 11.06.2006  no virus found
VBA32 3.11.1 11.06.2006  no virus found
VirusBuster 4.3.15:9 11.07.2006 no virus found


Re: How to get rid of this virus


Quoted text here. Click to load it

It appears to be a false alarm.

Do a search for agentsvr.exe on your C: drive. You'll likely find it
in some msagent and/or in some dllcache folder. Scan those files
with BD to see what it says about them. If it alerts, then upload
a copy of the file here:
http://www.virustotal.com/en/indexx.html
to see what other av products have to say about it.

If it looks like it is indeed a false alarm, you should submit the
file to BD for analysis, and a fix of their false alarm.

Art
http://home.epix.net/~artnpeg

Re: How to get rid of this virus & Bit Defender


Quoted text here. Click to load it

Thanks for the suggestions you and Robocor made.  I ran an online scan with
Trend Micro that didn't turn up anything except a few Adware, unwanted
cookies and some program which would allow pop-ups, which I allowed it to
delete everything it found.

I searched to see where agentsvr.exe is located on my computer. I found two
instances of it, and had B.D. scan them and it said files O.K.  I think the
other is just a false positive.  B.D. quarantined the file it found, so if I
dump B.D. which I'm thinking about doing, I'll remove the file back to where
it came from. My opinion of B.D. has nothing to do with false positives.
It's just a real quirky program that I have to keep fooling with to even
keep it running. It's brought my computer to a crawl among other problems.
But I'll forgive a false positive.  I'd rather have that instead of having a
virus that it didn't find.

Thanks again.



Re: How to get rid of this virus & Bit Defender


 
Quoted text here. Click to load it

Without checking it out? I suggest uploading it to Virus Total.

Art
http://home.epix.net/~artnpeg

Re: How to get rid of this virus & Bit Defender

I sent it to B.D. through the B.D. program itself for uploading suspicious
files.  Of course, I haven't heard from them yet.  VirusTotal says no virus
found even from BitDefender which doesn't make sense.  I won't remove it
from quarantine unless I definitely decide to get rid of BitDefender , that
is, if it's actually in quarantine.  The funny thing is that B.D. through
the program says it is quarantined but when I go to the quarantine files
through program files, softwin, bitfender, quarantine.....then it shows no
files there.  I had to upload it from the servicepack files.  So much for
quarantine.  Must be another B.D. glitch.

Thanks


Quoted text here. Click to load it



Site Timeline