Infected Dll Client Service For Netware Provider And Authentication Package Dll
I don't know if I have posted this in the right forum or not. But any help would be appreciated, I really think this is a false positive. This dll. is Microsoft's Windows 2000Pro update update service. I do not believe it has been infected with the " Trojan.Mondera.I" as BD Internet Security v.10 is finding. Right now I have real time protection disabled. To stop deleting this system protected file. This started happenning last night when I was running Windows Update Service. I had to disable BD IS v.10 to update windows because it kept deleting "nwprovau.dll", Client Service for NetWare Provider and Authentication Package DLL.
Here is a sample of some of the events.
BD deleted the file, but Windows reinstalled each time.
File c:\WINNT\system32\nwprovau.dll infected with Trojan.Mondera.I
File:c:\WINNT\softwaredistribution\Download\09b71638eeaffdc1057c703d32d3c975\nwprovau.dll
infected with Trojan.Mondera.I
Microsoft Info
Description: Client Service for NetWare Provider and Authentication Package DLL
Version: 5.0.2195.7110
Copyright © Microsoft Corp. 1981-1999
Internal Name : nwprovau.dll
Product Name : Microsoft® Windows ® 2000 Operating System
Event Viewer
Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 9/11/2008
Time: 5:27:45 PM
User: N/A
Computer: TSNYDER
Description:
File replacement was attempted on the protected system file c:\winnt\system32\nwprovau.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.0.2195.7110.
Is or have any others had this type of problem with Microsoft Updater Service, their was about 4 update files they all downloaded just fine, it was during installation that BD would delete updater dll and installation would stop
PC Tools Spyware Dr does not find this infected "nwprovau.dll". But it Found this and I worry about it more than what BD IS found.
Infection Name Location Risk
RogueAntiSpyware.AntiVirusPro C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll Medium
RogueAntiSpyware.AntiVirusPro C:\Program Files\Softwin\BitDefender10\zlib.dll Medium
RogueAntiSpyware.AntiVirusPro livesrv.exe (C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll) Medium
RogueAntiSpyware.AntiVirusPro vsserv.exe (C:\Program Files\Softwin\BitDefender10\zlib.dll) Medium
Comments
-
Please put the file in a zip or rar archive protected with the password infected and attach it on your next reply.
0 -
Please put the file in a zip or rar archive protected with the password infected and attach it on your next reply.
Here it is/applications/core/interface/file/attachment.php?id=3097" data-fileid="3097" rel="">nwprovau.zip
0 -
I will send Bit Defender's later, I really think Microsoft and Bit Defender files are all false positives. But I don't run PC Doctors program in real time only use it as a scanner to catch anything BD may have missed. But I like BD real time protection, and it does not give me a choice to ignore this file, it deletes it and its a Windows System Protected file and Windows reinstalls it, like kids fighting over TV channel.
PC Tools Spyware Dr does not find this infected "nwprovau.dll". But it Found this and I worry about it more than what BD IS found.
Infection Name Location Risk
RogueAntiSpyware.AntiVirusPro C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll Medium
RogueAntiSpyware.AntiVirusPro C:\Program Files\Softwin\BitDefender10\zlib.dll Medium
RogueAntiSpyware.AntiVirusPro livesrv.exe (C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll) Medium
RogueAntiSpyware.AntiVirusPro vsserv.exe (C:\Program Files\Softwin\BitDefender10\zlib.dll) Medium0 -
I will send Bit Defender's later, I really think Microsoft and Bit Defender files are all false positives. But I don't run PC Doctors program in real time only use it as a scanner to catch anything BD may have missed. But I like BD real time protection, and it does not give me a choice to ignore this file, it deletes it and its a Windows System Protected file and Windows reinstalls it, like kids fighting over TV channel.
PC Tools Spyware Dr does not find this infected "nwprovau.dll". But it Found this and I worry about it more than what BD IS found.
Infection Name Location Risk
RogueAntiSpyware.AntiVirusPro C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll Medium
RogueAntiSpyware.AntiVirusPro C:\Program Files\Softwin\BitDefender10\zlib.dll Medium
RogueAntiSpyware.AntiVirusPro livesrv.exe (C:\Program Files\Common Files\Softwin\BitDefender Update Service\zlib.dll) Medium
RogueAntiSpyware.AntiVirusPro vsserv.exe (C:\Program Files\Softwin\BitDefender10\zlib.dll) Medium
Do not worry about this files.They are false positives.For example DrWeb s Cure IT says that livesrv.exe from Common Files folder(BD 2008) is a posible trojan downloader this beeing one of the files that participate at the BD update feature.I m sure that if you send the files to PC Tools labs they will reply to you that is a false positive.I recommmend you to also use Malware Bytes Antimalware and Spybot Search & Distroy for antispyware scaning they have less false positive.Spyware Doctor was good in the past like Adaware was but ...0 -
Here it is
BD must have cured the problem, it's not deleting or finding any problem with " nwprovau.dll " when I scan it or scan the computer. Or when real time protection is on.0 -
BD must have cured the problem, it's not deleting or finding any problem with " nwprovau.dll " when I scan it or scan the computer. Or when real time protection is on.
BD team reacts extremely quick in false positive issues.0 -
BD team reacts extremely quick in false positive issues.
I think I know how they fixed this problem now, this is in another post for help.
Does anyone have any idea why BD Internet Security ver.10 will not scan registry keys or cookies during virus scans and I have tried it full system scan, deep system scan, and custom scan of both full and deep scans with scan registry keys and cookies enabled. It will not work, any others having this problem or a fix? I've already unistalled and reinstalled that didn't cure the problem. Has BD disabled this in a product update?
BD used to make very good and reliable programs, I recommended to all. Now I believe they are definitely not even in the top 10. And I have been with BD since Version 8 I'm beginning to think its time to look at some other programs.0