Application.virtool.shutdown.a

I installed a tweaking program that I used to use wtih XP. The vista version came from http://www.xp-smoker.com/vistasmokerpro.html . After installing the program and running Bitdefender Total Security 2008 I get a message that it finds a virus.


Application.VirTool.Shutdown.A


Now this program does have a shutdown tool within it. I do not believe this is a virus. None the less I have uninstalled the program. I have deleted all folders that I can find. The virus still shows up. I try to delete or quarantine the file that is found to have a virus. Bitdefender can not fix it. I have run a online scan at CA. Their scan does not find anything. I have run superantispyware and spybot in safe mode. Neither of them find anything.


So my question is...How to I find and delete the virus that Bitdefender is finding? Below is a HijackThis log if it helps.


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 4:28:53 PM, on 9/18/2007


Platform: Windows Vista (WinNT 6.00.1904)


MSIE: Internet Explorer v7.00 (7.00.6000.16512)


Boot mode: Normal


Running processes:


C:\Windows\system32\Dwm.exe


C:\Windows\Explorer.EXE


C:\Program Files\McAfee\MPS\mpsevh.exe


C:\Windows\system32\taskeng.exe


C:\Program Files\Windows Defender\MSASCui.exe


C:\Windows\RtHDVCpl.exe


C:\Windows\zHotkey.exe


C:\Windows\ModPS2Key.exe


C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


C:\Program Files\Comodo\CBOClean\BOC425.EXE


C:\Program Files\McAfee\MSK\mskagent.exe


C:\Program Files\SiteAdvisor\6172\SiteAdv.exe


C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


C:\Program Files\Windows Mail\WinMail.exe


C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


c:\PROGRA~1\mcafee.com\agent\mcagent.exe


C:\Program Files\Trillian\trillian.exe


C:\Program Files\Mozilla Firefox\firefox.exe


c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe


C:\Windows\system32\SearchFilterHost.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5472


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5472


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5472


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;192.168.0.1;<local>


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


O1 - Hosts: ::1 localhost


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll


O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll


O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll


O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide


O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe


O4 - HKLM\..\Run: [CHotkey] zHotkey.exe


O4 - HKLM\..\Run: [showWnd] ShowWnd.exe


O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe


O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe


O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe


O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe


O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe


O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')


O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


O13 - Gopher Prefix:


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe


O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe


O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe


O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe


O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe


O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe


O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe


O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe


O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe


O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe


O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe


O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe


O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe


O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe


O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe


O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe


O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe


O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe


O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe


--


End of file - 8236 bytes

Comments

  • Dear rick24


    BitDefender doesn't mark it as a virus but a risk tool. Which means that it can be missused. But it's a legit application. BitDefender will only inform you about it. If you use BitDefender onto your computer you can exclude superfast that isn't possible with the online scanner that only will report it but will not take any action.


    I see that you are still using an older java version. Please go to start,control panel,software and remove (uninstall) java runtime environnement. Reboot your pc.Download and install this version.


    You can fix these entries:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =


    By selecting the boxes and press on fix checked and confirm the warning.


    Best regards


    Niels

  • Dear rick24


    BitDefender doesn't mark it as a virus but a risk tool. Which means that it can be missused. But it's a legit application. BitDefender will only inform you about it. If you use BitDefender onto your computer you can exclude superfast that isn't possible with the online scanner that only will report it but will not take any action.


    I see that you are still using an older java version. Please go to start,control panel,software and remove (uninstall) java runtime environnement. Reboot your pc.Download and install this version.


    You can fix these entries:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =


    By selecting the boxes and press on fix checked and confirm the warning.


    Best regards


    Niels


    Thanks! I have deleted those hijack entries and uninstalled and installed the Java updated version. Thanks for a fast reply and info. to get my computer in order.

  • Dear rick24


    Glad that I could help you.


    Best regards


    Niels