GDATA AntiVirus 2009 Review

FYI – I uploaded the GDATA antivirus 2009 review last night.  YouTube.com/mrizos

I really enjoyed working with GDATA.  I firmly beleive that multiple scan engines are the furture (along with whitelisting).  GDATA removed 95% of the malware on the test PC, however it couldn’t remove Qhost or any malware related registry entries.

My official rating for GDATA is:  Awesome! – hat’s off to the GDATA crew!!!!

Here is the HiJackThis Log (I’ve bolded leftover infections).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:35 AM, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavajre1.6.0_04binjusched.exe
C:Program FilesVMwareVMware ToolsVMwareTray.exe
C:Program FilesVMwareVMware ToolsVMwareUser.exe
C:Program FilesG DATAAntiVirusAVKTrayAVKTray.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe
C:Program FilesG DATAAntiVirusAVKAVKService.exe
C:Program FilesG DATAAntiVirusAVKAVKWCtl.exe
C:Program FilesVMwareVMware ToolsVMwareService.exe
C:Program FilesJavajre1.6.0_04binjucheck.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/
F2 – REG:system.ini: Shell=Explorer.exe C:WINDOWSshell.exe
O2 – BHO: G DATA WebFilter Class – {0124123D-61B4-456f-AF86-78C53A0790C5} – C:Program FilesG DATAAntiVirusWebfilterAvkWebIE.dll
O2 – BHO: (no name) – {01BA2111-5518-D0C8-A667-01E739079356} – C:WINDOWSsystem32tnxqilzf.dll (file missing)
O2 – BHO: BhoApp Class – {32131238-5434-4234-4234-432432423432} – C:Program Filessyscmdmscmp32.dll (file missing)
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre1.6.0_04binssv.dll
O2 – BHO: (no name) – {7C109800-A5D5-438F-9640-18D17E168B88} – C:Program FilesNetProjectsbmdl.dll (file missing)
O2 – BHO: e404 helper – {8F10DE2B-E923-4548-B524-4D9C5FA80777} – C:Program FilesHelper1208921198.dll (file missing)
O2 – BHO: 717305 helper – {963916CD-6311-485D-93DC-3BD1B9E2D2CB} – (no file)
O2 – BHO: Mirar – {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} – C:WINDOWSSystem32WinNB58.dll (file missing)
O2 – BHO: iSecurity – {A8311E8F-E459-4D22-89B4-CB9DCF10A425} – C:WINDOWSSystem32ISECUR~1.CPL (file missing)
O2 – BHO: ContextProgram – {E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC} – C:Program FilesContextProgramContextProgram-2.dll (file missing)
O2 – BHO: cj helper – {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} – C:Program FilesIE Extensionscj.v2.dll (file missing)
O3 – Toolbar: Mirar – {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} – C:WINDOWSSystem32WinNB58.dll (file missing)
O3 – Toolbar: G DATA WebFilter – {0124123D-61B4-456f-AF86-78C53A0790C5} – C:Program FilesG DATAAntiVirusWebfilterAvkWebIE.dll
O4 – HKLM..Run: [SunJavaUpdateSched] “C:Program FilesJavajre1.6.0_04binjusched.exe”
O4 – HKLM..Run: [VMware Tools] C:Program FilesVMwareVMware ToolsVMwareTray.exe
O4 – HKLM..Run: [VMware User Process] C:Program FilesVMwareVMware ToolsVMwareUser.exe
O4 – HKLM..Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor (GDATA KILLED THIS)
O4 – HKLM..Run: [wofgrqls] C:WINDOWSsystem32wofgrqls.exe (GDATA KILLED THIS)
O4 – HKLM..Run: [apadibub] regsvr32 /u “C:Documents and SettingsAll UsersApplication Dataapadibub.dll” (GDATA KILLED THIS)
O4 – HKLM..Run: [MSDisp32] rundll32.exe C:WINDOWSSystem32drvboj.dll,startup (GDATA KILLED THIS)
O4 – HKLM..Run: [G DATA AntiVirus Trayapplication] C:Program FilesG DATAAntiVirusAVKTrayAVKTray.exe
O4 – HKCU..Run: [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
O4 – HKLM..PoliciesExplorerRun: [rTwrdHqj21] C:WINDOWSwpopejyl.exe (GDATA KILLED THIS)
O4 – HKLM..PoliciesExplorerRun: [J286hthVnp] C:WINDOWSwpopejyl.exe (GDATA KILLED THIS)
O4 – HKLM..PoliciesExplorerRun: [some] C:Program FilesNetProjectscit.exe (GDATA KILLED THIS)
O4 – Startup: .protected
O4 – Startup: LimeWire On Startup.lnk = C:Program FilesLimeWireLimeWire.exe
O4 – Global Startup: .protected
O7 – HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 – Extra button: (no name) – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.gateietool.com/redirect.php (file missing)
O9 – Extra ‘Tools’ menuitem: IE Anti-Spyware – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.gateietool.com/redirect.php (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O15 – Trusted Zone: http://click.getmirar.com (HKLM)
O15 – Trusted Zone: http://click.mirarsearch.com (HKLM) (
O15 – Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 – Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 – DPF: {2F0E7094-51A2-ECEB-8CF6-EF32B5ECD15E} – http://virusremover2008.com/VRM_Free.exe
O16 – DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) – http://www.av-xp2008.com/tools/virusremover.dll
O16 – DPF: {C931FDF3-0319-0CAE-6DFD-8D061EABF08D} – http://virusremover2008.com/VRM_Free.exe
O20 – AppInit_DLLs: C:WINDOWSsystem32wowfx.dll (QHOST INFECTION STILL RESIDES)
O20 – Winlogon Notify: wingvd32 – wingvd32.dll (file missing)
O21 – SSODL: zip – {177ab526-6b94-4cc2-b303-c1b6a4070316} – C:WINDOWSInstaller{177ab526-6b94-4cc2-b303-c1b6a4070316}zip.dll (file missing)
O21 – SSODL: CheckMon – {b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b} – C:WINDOWSInstaller{b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b}CheckMon.dll (file missing)
O21 – SSODL: iSecurity – {A8311E8F-E459-4D22-89B4-CB9DCF10A425} – C:WINDOWSSystem32ISECUR~1.CPL (file missing)
O22 – SharedTaskScheduler: frowardness – {b0fdc513-46b9-46fc-8e70-d575ee546dae} – C:WINDOWSSystem32zfaiqwr.dll (file missing)
O23 – Service: G DATA AntiVirus Proxy (AVKProxy) – G DATA Software AG – C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe
O23 – Service: G DATA Scheduler (AVKService) – G DATA Software AG – C:Program FilesG DATAAntiVirusAVKAVKService.exe
O23 – Service: AntiVirus Monitor (AVKWCtl) – G DATA Software AG – C:Program FilesG DATAAntiVirusAVKAVKWCtl.exe
O23 – Service: VMware Descheduled Time Accounting Service (vmdesched) – VMware, Inc. – C:Program FilesVMwareVMware Toolsvmdesched.exe
O23 – Service: VMware Tools Service (VMTools) – VMware, Inc. – C:Program FilesVMwareVMware ToolsVMwareService.exe

–
End of file – 6360 bytes