- vtsqr.dll
- Posted by AJM on September 25th, 2005
Hello
Virus checker does not like C:\WINDOWS\SYSYEM32\VTSQR.DLL, when it deals
with said file windows a bit upset at starts up and requires the file. Does
a virus or other nasty use this file? How can I keep both windows and Virus
checker happy?
Also don't know if this is related but there is something running in the
background using up resources looking at task launcher processes SYSTEM IDLE
PROCESS and WINLOGON.EXE are battling away for CPU usage one second one is
85% say next the other is, this goes on constantly.
XP home, all windows updates auto installed, P4 2.0 GHz CPU, 1024 Mb RAM,
connected LAN to router for ADSL. Use Avast as virus checker and have MS
antispyware installed.
Thanks
AJM Scotland
- Posted by David H. Lipman on September 25th, 2005
From: "AJM" <Reply_to_newsgroup_only_please@nospam.co.uk>
| Hello
| Virus checker does not like C:\WINDOWS\SYSYEM32\VTSQR.DLL, when it deals
| with said file windows a bit upset at starts up and requires the file. Does
| a virus or other nasty use this file? How can I keep both windows and Virus
| checker happy?
|
| Also don't know if this is related but there is something running in the
| background using up resources looking at task launcher processes SYSTEM IDLE
| PROCESS and WINLOGON.EXE are battling away for CPU usage one second one is
| 85% say next the other is, this goes on constantly.
|
| XP home, all windows updates auto installed, P4 2.0 GHz CPU, 1024 Mb RAM,
| connected LAN to router for ADSL. Use Avast as virus checker and have MS
| antispyware installed.
|
| Thanks
| AJM Scotland
|
Please submit a sample of "VTSQR.DLL" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
When you get the report, please post back the EXACT results.
As always, I suggest blocking TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.
This will help keep the hackers and Internet worms out of your LAN and keep MS Networking
from leaking out of your LAN into the Internet.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by AJM on September 26th, 2005
David here are the results from virus tool. Guess from this avast was right
enough and thought said file was a trojano-2502.
Very usefull service thanks for your advice. I know nothing about vtsqr.dll
and what role it plays in XP or other software but I know when it is not
there XP throws up many run error boxes.
This experience has been very interesting and changed my use and thoughts on
Virus scanners.
I have yet to work out how to block ports on the router etc as you also
recommended.
Thanks
AJM
Server response
--------------------------------------------------------------------------------
Results of a file scan
This is a report processed by VirusTotal on 09/26/2005 at 02:25:59 (CET)
after scanning the file "vtsqr.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 09.25.2005 ADSPY/Virtumonde.O
Avast 4.6.695.0 09.23.2005 Win32:Trojano-2502
AVG 718 09.23.2005 no virus found
Avira 6.32.0.6 09.25.2005 ADSPY/Virtumonde.O
BitDefender 7.2 09.25.2005 no virus found
CAT-QuickHeal 8.00 09.25.2005 AdWare.Virtumonde.o (Not a Virus)
ClamAV devel-20050917 09.25.2005 Adware.Virtumonde-1
DrWeb 4.32b 09.25.2005 no virus found
eTrust-Iris 7.1.194.0 09.25.2005 no virus found
eTrust-Vet 11.9.1.0 09.23.2005 no virus found
F-Prot 3.16c 09.23.2005 no virus found
Ikarus 0.2.59.0 09.23.2005 AdWare.Virtumonde.O
Kaspersky 4.0.2.24 09.25.2005 Trojan.Win32.Crypt.o
McAfee 4589 09.23.2005 potentially unwanted program Adware-Virtumundo
NOD32v2 1.1232 09.25.2005 Win32/Adware.Virtumonde.O
Norman 5.70.10 09.23.2005 no virus found
Panda 8.02.00 09.25.2005 no virus found
Sophos 3.98.0 09.25.2005 no virus found
Symantec 8.0 09.25.2005 no virus found
TheHacker 5.8.2.114 09.22.2005 Adware/Virtumonde.o
VBA32 3.10.4 09.21.2005 AdWare.Virtumonde.o
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:OOLMKIcwFHA.2348@TK2MSFTNGP15.phx.gbl...
> From: "AJM" <Reply_to_newsgroup_only_please@nospam.co.uk>
>
> | Hello
> | Virus checker does not like C:\WINDOWS\SYSYEM32\VTSQR.DLL, when it deals
> | with said file windows a bit upset at starts up and requires the file.
> Does
> | a virus or other nasty use this file? How can I keep both windows and
> Virus
> | checker happy?
> |
> | Also don't know if this is related but there is something running in the
> | background using up resources looking at task launcher processes SYSTEM
> IDLE
> | PROCESS and WINLOGON.EXE are battling away for CPU usage one second one
> is
> | 85% say next the other is, this goes on constantly.
> |
> | XP home, all windows updates auto installed, P4 2.0 GHz CPU, 1024 Mb
> RAM,
> | connected LAN to router for ADSL. Use Avast as virus checker and have MS
> | antispyware installed.
> |
> | Thanks
> | AJM Scotland
> |
>
> Please submit a sample of "VTSQR.DLL" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> When you get the report, please post back the EXACT results.
>
> As always, I suggest blocking TCP and UDP ports 135 ~ 139 and 445 on *any*
> SOHO Router.
> This will help keep the hackers and Internet worms out of your LAN and
> keep MS Networking
> from leaking out of your LAN into the Internet.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
- Posted by David H. Lipman on September 26th, 2005
From: "AJM" <Reply_to_newsgroup_only_please@nospam.co.uk>
| David here are the results from virus tool. Guess from this avast was right
| enough and thought said file was a trojano-2502.
| Very usefull service thanks for your advice. I know nothing about vtsqr.dll
| and what role it plays in XP or other software but I know when it is not
| there XP throws up many run error boxes.
| This experience has been very interesting and changed my use and thoughts on
| Virus scanners.
|
| I have yet to work out how to block ports on the router etc as you also
| recommended.
| Thanks
| AJM
< snip >
OK - Thanx...
McAfee 4589 09.23.2005 potentially unwanted program Adware-Virtumundo
It is non-viral malware in the class of adware.
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
The following is to make sure no viral malware is on the PC.
NOTE: Before you scan with the following tool, disable Avast. Avast has a habit of flaselt
decalring the Trend Micro Sysclean utility as having the VBS/Redlof. This is a long
standing, known, False Positive declaration and can be avoided if Avast is disabled.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
What make and model Router do you have ?
On many Linksys models you can set the port blocking at; http://192.168.1.1/Filters.htm
The attached graphic is representative on some Linksys models and how to set the port
blocking.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by AJM on September 26th, 2005
David
Thanks again, I have worked out how to block ports on my Netgear DG834
router, is done.
I think I will give another Virus engine a go.
Cheers
AJM
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ODmSqYjwFHA.3556@TK2MSFTNGP12.phx.gbl...
> From: "AJM" <Reply_to_newsgroup_only_please@nospam.co.uk>
>
> | David here are the results from virus tool. Guess from this avast was
> right
> | enough and thought said file was a trojano-2502.
> | Very usefull service thanks for your advice. I know nothing about
> vtsqr.dll
> | and what role it plays in XP or other software but I know when it is not
> | there XP throws up many run error boxes.
> | This experience has been very interesting and changed my use and
> thoughts on
> | Virus scanners.
> |
> | I have yet to work out how to block ports on the router etc as you also
> | recommended.
> | Thanks
> | AJM
>
> < snip >
>
> OK - Thanx...
>
> McAfee 4589 09.23.2005 potentially unwanted program Adware-Virtumundo
>
> It is non-viral malware in the class of adware.
>
> Please download, install and update the following software...
>
> Ad-aware SE v1.06
> http://www.lavasoft.de/
> http://www.lavasoftusa.com/
>
> SpyBot Search and Destroy v1.4
> http://security.kolla.de/
>
> After the software is updated, I suggest scanning the system in Safe Mode.
>
> The following is to make sure no viral malware is on the PC.
>
>
> NOTE: Before you scan with the following tool, disable Avast. Avast has
> a habit of flaselt
> decalring the Trend Micro Sysclean utility as having the VBS/Redlof. This
> is a long
> standing, known, False Positive declaration and can be avoided if Avast is
> disabled.
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script
> Interpreter {
> http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
> scripts, one Link
> (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
> WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus
> Command Line Scanners to
> remove viruses, Trojans and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
> Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
> or you can
> download the files and perform a scan in Normal Mode. Once you have
> downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
> Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
> to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
> Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
> comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
> go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
> What make and model Router do you have ?
>
> On many Linksys models you can set the port blocking at;
> http://192.168.1.1/Filters.htm
>
> The attached graphic is representative on some Linksys models and how to
> set the port
> blocking.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
