Infected Dll Client Service For Netware Provider And Authentication Package Dll

tds
tds
in Malware talk

I don't know if I have posted this in the right forum or not. But any help would be appreciated, I really think this is a false positive. This dll. is Microsoft's Windows 2000Pro update update service. I do not believe it has been infected with the " Trojan.Mondera.I" as BD Internet Security v.10 is finding. Right now I have real time protection disabled. To stop deleting this system protected file. This started happenning last night when I was running Windows Update Service. I had to disable BD IS v.10 to update windows because it kept deleting "nwprovau.dll", Client Service for NetWare Provider and Authentication Package DLL.


Here is a sample of some of the events.


BD deleted the file, but Windows reinstalled each time.


File c:\WINNT\system32\nwprovau.dll infected with Trojan.Mondera.I


File:c:\WINNT\softwaredistribution\Download\09b71638eeaffdc1057c703d32d3c975\nwprovau.dll


infected with Trojan.Mondera.I


Microsoft Info


Description: Client Service for NetWare Provider and Authentication Package DLL


Version: 5.0.2195.7110


Copyright © Microsoft Corp. 1981-1999


Internal Name : nwprovau.dll


Product Name : Microsoft® Windows ® 2000 Operating System


Event Viewer


Event Type: Information


Event Source: Windows File Protection


Event Category: None


Event ID: 64002


Date: 9/11/2008


Time: 5:27:45 PM


User: N/A


Computer: TSNYDER


Description:


File replacement was attempted on the protected system file c:\winnt\system32\nwprovau.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.0.2195.7110.


Is or have any others had this type of problem with Microsoft Updater Service, their was about 4 update files they all downloaded just fine, it was during installation that BD would delete updater dll and installation would stop


PC Tools Spyware Dr does not find this infected "nwprovau.dll". But it Found this and I worry about it more than what BD IS found.


Infection Name Location Risk


RogueAntiSpyware.AntiVirusPro C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll Medium


RogueAntiSpyware.AntiVirusPro C:\Program Files\Softwin\BitDefender10\zlib.dll Medium


RogueAntiSpyware.AntiVirusPro livesrv.exe (C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll) Medium


RogueAntiSpyware.AntiVirusPro vsserv.exe (C:\Program Files\Softwin\BitDefender10\zlib.dll) Medium

Comments

  • rootkit
    rootkit ✭✭✭

    Please put the file in a zip or rar archive protected with the password infected and attach it on your next reply. :)

  • tds
    tds
    Please put the file in a zip or rar archive protected with the password infected and attach it on your next reply. :)


    Here it is

    /applications/core/interface/file/attachment.php?id=3097" data-fileid="3097" rel="">nwprovau.zip

  • tds
    tds

    I will send Bit Defender's later, I really think Microsoft and Bit Defender files are all false positives. But I don't run PC Doctors program in real time only use it as a scanner to catch anything BD may have missed. But I like BD real time protection, and it does not give me a choice to ignore this file, it deletes it and its a Windows System Protected file and Windows reinstalls it, like kids fighting over TV channel.


    PC Tools Spyware Dr does not find this infected "nwprovau.dll". But it Found this and I worry about it more than what BD IS found.


    Infection Name Location Risk


    RogueAntiSpyware.AntiVirusPro C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll Medium


    RogueAntiSpyware.AntiVirusPro C:\Program Files\Softwin\BitDefender10\zlib.dll Medium


    RogueAntiSpyware.AntiVirusPro livesrv.exe (C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll) Medium


    RogueAntiSpyware.AntiVirusPro vsserv.exe (C:\Program Files\Softwin\BitDefender10\zlib.dll) Medium

  • Sm3K3R
    Sm3K3R ✭✭✭
    I will send Bit Defender's later, I really think Microsoft and Bit Defender files are all false positives. But I don't run PC Doctors program in real time only use it as a scanner to catch anything BD may have missed. But I like BD real time protection, and it does not give me a choice to ignore this file, it deletes it and its a Windows System Protected file and Windows reinstalls it, like kids fighting over TV channel.


    PC Tools Spyware Dr does not find this infected "nwprovau.dll". But it Found this and I worry about it more than what BD IS found.


    Infection Name Location Risk


    RogueAntiSpyware.AntiVirusPro C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll Medium


    RogueAntiSpyware.AntiVirusPro C:\Program Files\Softwin\BitDefender10\zlib.dll Medium


    RogueAntiSpyware.AntiVirusPro livesrv.exe (C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll) Medium


    RogueAntiSpyware.AntiVirusPro vsserv.exe (C:\Program Files\Softwin\BitDefender10\zlib.dll) Medium


    Do not worry about this files.They are false positives.For example DrWeb s Cure IT says that livesrv.exe from Common Files folder(BD 2008) is a posible trojan downloader this beeing one of the files that participate at the BD update feature.I m sure that if you send the files to PC Tools labs they will reply to you that is a false positive.I recommmend you to also use Malware Bytes Antimalware and Spybot Search & Distroy for antispyware scaning they have less false positive.Spyware Doctor was good in the past like Adaware was but ...

  • tds
    tds
    Here it is


    BD must have cured the problem, it's not deleting or finding any problem with " nwprovau.dll " when I scan it or scan the computer. Or when real time protection is on.

  • Sm3K3R
    Sm3K3R ✭✭✭
    BD must have cured the problem, it's not deleting or finding any problem with " nwprovau.dll " when I scan it or scan the computer. Or when real time protection is on.


    BD team reacts extremely quick in false positive issues.

  • tds
    tds
    BD team reacts extremely quick in false positive issues.


    I think I know how they fixed this problem now, this is in another post for help.


    Does anyone have any idea why BD Internet Security ver.10 will not scan registry keys or cookies during virus scans and I have tried it full system scan, deep system scan, and custom scan of both full and deep scans with scan registry keys and cookies enabled. It will not work, any others having this problem or a fix? I've already unistalled and reinstalled that didn't cure the problem. Has BD disabled this in a product update?


    BD used to make very good and reliable programs, I recommended to all. Now I believe they are definitely not even in the top 10. And I have been with BD since Version 8 I'm beginning to think its time to look at some other programs.

All Time Leaders

Categories

Defenders of the month