Antivirus Software not recognised?

[Unregistered]

Hi ...
I've had a lot of PC trouble with a combination of hardware/software/hijacked IE problems etc. this last week and am now positively paranoid. So I've run HijackThis a number of times and analysed it with your self-analyses tool and I now believe that I recognise all entries as ok.

However, the tools says: "It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses".

But I am running PC-cillin Internet Security (= Trend Micro) up to date and have Antivirus, Firewall etc enabled and it appears to be scanning e.g. incoming and outgoing mail ok

Would you guys mind having a look at my log to see why it's not recognised by HijackThis, please?

Code:

Logfile of HijackThis v1.99.1
Scan saved at 17:56:23, on 17/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Twain_32\3600\HotKey.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\LS3\LS3EXEC.EXE
C:\Program Files\World Time\worldtime.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\LS3\LS3SVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\Anti-Spam\AddinSentry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iprimus.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\3600\HotKey.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LSIII Executor.lnk = C:\LS3\LS3EXEC.EXE
O4 - Global Startup: World Time.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{009BCE34-99DF-4AFC-8F05-0D44010BCF47}: NameServer = 203.134.64.66,203.134.65.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{009BCE34-99DF-4AFC-8F05-0D44010BCF47}: NameServer = 203.134.64.66,203.134.65.66
O17 - HKLM\System\CS2\Services\Tcpip\..\{009BCE34-99DF-4AFC-8F05-0D44010BCF47}: NameServer = 203.134.64.66,203.134.65.66
O23 - Service: LanSafe III Power Monitor (LanSafe III PM) - Unknown owner - C:\LS3\LS3SVC.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Thanks a bunch
AK

[Ruby]

Welcome to HijackThis.de @ Guest

Thanks a lot for your feedback.

Make sure you set windows to see the hidden files and folders.


Please scan the following file

C:\LS3\LS3EXEC.EXE

with Virustotal and Jotti

Please make us know the results of the scans by copy&paste.

[Astrid]

Hi Ruby,
thanks for taking the time! I have now registered to your great forum.

I am quite sure the file is ok but did scan it anyway. AFAIK, it is the executive file for the software Lansafe for my UPS unit Sola 305 which shuts down the PC in case power isn't restored within a set time.

Anyway, here the test results:

Code:

This is a report processed by VirusTotal on 06/18/2005 at 08:51:03 (CET) after scanning the file "LS3EXEC.EXE" file.
Antivirus Version Update Result 
AntiVir 6.31.0.7 06.17.2005 no virus found 
AVG 718 06.14.2005 no virus found 
Avira 6.31.0.7 06.17.2005 no virus found 
BitDefender 7.0 06.18.2005 no virus found 
ClamAV devel-20050501 06.16.2005 no virus found 
DrWeb 4.32b 06.17.2005 no virus found 
eTrust-Iris 7.1.194.0 06.17.2005 no virus found 
eTrust-Vet 11.9.1.0 06.17.2005 no virus found 
Fortinet 2.35.0.0 06.18.2005 no virus found 
Ikarus 2.32 06.17.2005 no virus found 
Kaspersky 4.0.2.24 06.18.2005 no virus found 
McAfee 4516 06.17.2005 no virus found 
NOD32v2 1.1144 06.17.2005 no virus found 
Norman 5.70.10 06.17.2005 no virus found 
Panda 8.02.00 06.17.2005 no virus found 
Sybari 7.5.1314 06.18.2005 no virus found 
Symantec 8.0 06.17.2005 no virus found 
TheHacker 5.8-3.0 06.17.2005 no virus found 
VBA32 3.10.3 06.17.2005 no virus found

and

Code:

LS3EXEC.EXE  
Status:  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)  
MD5  26ef8be89bf406422c73c255e972be3d  
Packers detected:  - 
Scanner results  
AntiVir  Found nothing 
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found nothing 
BitDefender  Found nothing 
ClamAV  Found nothing 
Dr.Web  Found nothing 
F-Prot Antivirus  Found nothing 
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found nothing 
NOD32  Found nothing 
Norman Virus Control  Found nothing 
VBA32  Found nothing

NB: there was another file not recognised by the analyses tool:
WorldTime.exe - this is a small freebie world time clocks program I've been using for many years - hope this helps.

Thanks again, I really do appreciate your time!
Astrid

[Ruby]

Hello Astrid

Once more: welcome to HijackThis.de

Could you give your Feedback to all unknown entries to our Forum Feedback.
We will have to add these entries. Thanks a lot.