GDATA AntiVirus 2009 Review

FYI – I uploaded the GDATA antivirus 2009 review last night.  YouTube.com/mrizos

I really enjoyed working with GDATA.  I firmly beleive that multiple scan engines are the furture (along with whitelisting).  GDATA removed 95% of the malware on the test PC, however it couldn’t remove Qhost or any malware related registry entries.

My official rating for GDATA is:  Awesome! – hat’s off to the GDATA crew!!!!

Here is the HiJackThis Log (I’ve bolded leftover infections).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:35 AM, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe
C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 – BHO: G DATA WebFilter Class – {0124123D-61B4-456f-AF86-78C53A0790C5} – C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll
O2 – BHO: (no name) – {01BA2111-5518-D0C8-A667-01E739079356} – C:\WINDOWS\system32\tnxqilzf.dll (file missing)
O2 – BHO: BhoApp Class – {32131238-5434-4234-4234-432432423432} – C:\Program Files\syscmd\mscmp32.dll (file missing)
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 – BHO: (no name) – {7C109800-A5D5-438F-9640-18D17E168B88} – C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 – BHO: e404 helper – {8F10DE2B-E923-4548-B524-4D9C5FA80777} – C:\Program Files\Helper\1208921198.dll (file missing)
O2 – BHO: 717305 helper – {963916CD-6311-485D-93DC-3BD1B9E2D2CB} – (no file)
O2 – BHO: Mirar – {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} – C:\WINDOWS\System32\WinNB58.dll (file missing)
O2 – BHO: iSecurity – {A8311E8F-E459-4D22-89B4-CB9DCF10A425} – C:\WINDOWS\System32\ISECUR~1.CPL (file missing)
O2 – BHO: ContextProgram – {E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC} – C:\Program Files\ContextProgram\ContextProgram-2.dll (file missing)
O2 – BHO: cj helper – {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} – C:\Program Files\IE Extensions\cj.v2.dll (file missing)
O3 – Toolbar: Mirar – {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} – C:\WINDOWS\System32\WinNB58.dll (file missing)
O3 – Toolbar: G DATA WebFilter – {0124123D-61B4-456f-AF86-78C53A0790C5} – C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe”
O4 – HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 – HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 – HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor (GDATA KILLED THIS)
O4 – HKLM\..\Run: [wofgrqls] C:\WINDOWS\system32\wofgrqls.exe (GDATA KILLED THIS)
O4 – HKLM\..\Run: [apadibub] regsvr32 /u “C:\Documents and Settings\All Users\Application Data\apadibub.dll” (GDATA KILLED THIS)
O4 – HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvboj.dll,startup (GDATA KILLED THIS)
O4 – HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKLM\..\Policies\Explorer\Run: [rTwrdHqj21] C:\WINDOWS\wpopejyl.exe (GDATA KILLED THIS)
O4 – HKLM\..\Policies\Explorer\Run: [J286hthVnp] C:\WINDOWS\wpopejyl.exe (GDATA KILLED THIS)
O4 – HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe (GDATA KILLED THIS)
O4 – Startup: .protected
O4 – Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 – Global Startup: .protected
O7 – HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 – Extra button: (no name) – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.gateietool.com/redirect.php (file missing)
O9 – Extra ‘Tools’ menuitem: IE Anti-Spyware – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.gateietool.com/redirect.php (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – Trusted Zone: http://click.getmirar.com (HKLM)
O15 – Trusted Zone: http://click.mirarsearch.com (HKLM) (
O15 – Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 – Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 – DPF: {2F0E7094-51A2-ECEB-8CF6-EF32B5ECD15E} – http://virusremover2008.com/VRM_Free.exe
O16 – DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) – http://www.av-xp2008.com/tools/virusremover.dll
O16 – DPF: {C931FDF3-0319-0CAE-6DFD-8D061EABF08D} – http://virusremover2008.com/VRM_Free.exe
O20 – AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll (QHOST INFECTION STILL RESIDES)
O20 – Winlogon Notify: wingvd32 – wingvd32.dll (file missing)
O21 – SSODL: zip – {177ab526-6b94-4cc2-b303-c1b6a4070316} – C:\WINDOWS\Installer\{177ab526-6b94-4cc2-b303-c1b6a4070316}\zip.dll (file missing)
O21 – SSODL: CheckMon – {b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b} – C:\WINDOWS\Installer\{b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b}\CheckMon.dll (file missing)
O21 – SSODL: iSecurity – {A8311E8F-E459-4D22-89B4-CB9DCF10A425} – C:\WINDOWS\System32\ISECUR~1.CPL (file missing)
O22 – SharedTaskScheduler: frowardness – {b0fdc513-46b9-46fc-8e70-d575ee546dae} – C:\WINDOWS\System32\zfaiqwr.dll (file missing)
O23 – Service: G DATA AntiVirus Proxy (AVKProxy) – G DATA Software AG – C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 – Service: G DATA Scheduler (AVKService) – G DATA Software AG – C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe
O23 – Service: AntiVirus Monitor (AVKWCtl) – G DATA Software AG – C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe
O23 – Service: VMware Descheduled Time Accounting Service (vmdesched) – VMware, Inc. – C:\Program Files\VMware\VMware Tools\vmdesched.exe
O23 – Service: VMware Tools Service (VMTools) – VMware, Inc. – C:\Program Files\VMware\VMware Tools\VMwareService.exe

–
End of file – 6360 bytes

Tags: registry entries, internet explorer, system ini, running processes, G DATA Software AG, test pc, c program, Microsoft Windows, hijackthis log