Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 8:55pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Paravoz.100 is this an fp?		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Paravoz.100 is this an fp?  (Read 363 times)
dbg10
Newbie
*





   


Gender: female
 Posts: 10
Paravoz.100 is this an fp?
« on: Jan 24th, 2007, 4:06pm »		 Quote Quote  Modify Modify
I run a program called EmC-Email control and each time I either open, reinstall or do anything with this Trojan Hunter is warning me that I have Paravoz.100 in memory and that it has been deleted.  
 
I then run either a full scan or custom scan including all hard drives and when it scans MCANSI.dll Nod32 warns me that I have an unknown stealth virus. I have read that this is an old well known fp but I am concerned that there may be a backdoor trojan somewhere on my system. Scanning with housecall, panda, kaspersky and f-secure all find nothing.
 
The file that Tojan Hunter is adding ".tcf" to is "EmCCtasdll.dll"
but when I scan the file individually there are no trojan files found.
 
I am not sure whether there is a problem here or not but would like some help with an explanation if possible. I will be submitting the file now for examination
thanks
IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: Paravoz.100 is this an fp?
« Reply #1 on: Jan 24th, 2007, 9:07pm »		 Quote Quote  Modify Modify
Thank you for submission - I will email Gavin our trojan analyst to let him know to look for this.  Sounds like a f.p. but one never knows until the malware expert checks it out.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: Paravoz.100 is this an fp?
« Reply #2 on: Jan 25th, 2007, 12:57am »		 Quote Quote  Modify Modify
And welcome to the forum dbg10  Wink
 
It sounds like you are running an older version of TrojanHunter.   The latest version of TH is V4.6.930 which uses a quarantine file instead of .tcf.  It is recommended that you update to the latest version.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
dbg10
Newbie
*





   


Gender: female
 Posts: 10
Re: Paravoz.100 is this an fp?
« Reply #3 on: Jan 25th, 2007, 11:12am »		 Quote Quote  Modify Modify
Thanks for your responses...
Just realized what I did wrong.  I restored my PC to before the time when I installed TH 4.6 and it reverted to 4.5 as I only installed 4.6 in the last couple of weeks.
 
However, I don't understand how this would make a difference in the flagging of the Paravoz.100 trojan or fp.  Would it not just quarantine the same file that it added '.tcf' to?  
 
The problem with TH and Nod did not start until Jan 14 when Paravoz.100 was added to the definitions. That makes me think that it is an fp.  However, I was having viral behaviour on my PC as well that took me offline until yesterday when I finally deleted all the files that seemed to be related to the warnings.
 
I will be installing TH 4.6 momentarily and will see if the warnings start again afterwards.  
Thanks Smiley
IP Logged
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 2113
Re: Paravoz.100 is this an fp?
« Reply #4 on: Jan 25th, 2007, 3:56pm »		 Quote Quote  Modify Modify
Hi, this should have already been corrected for LiveUpdate users Smiley
IP Logged
dbg10
Newbie
*





   


Gender: female
 Posts: 10
Re: Paravoz.100 is this an fp?
« Reply #5 on: Jan 25th, 2007, 6:30pm »		 Quote Quote  Modify Modify
Thanks Gavin
I have re-downloaded and re-installed TH 4.6 an used live updae for today's definitions as you suggested.  However, I did receive the same warning from TH that Paravoz.100 was in memory and had been taken care of. I was unable to locate any exe files but did find 2 files in quarantine which I have submitted along with the full scan I did with TH immediately after the warning.
 
My problem is I can find no information on this virus/trojan anywhere and wonder if I am at risk with a backdoor now installed. I have checked my ports and nothing is open that shouldn't be so I hope that means I have nothing running that shouldn't be.  Can you give me any information about this virus/trojan ...what to look for on disk?
thanks so much for your help Smiley
IP Logged
dbg10
Newbie
*





   


Gender: female
 Posts: 10
Re: Paravoz.100 is this an fp?
« Reply #6 on: Jan 25th, 2007, 6:31pm »		 Quote Quote  Modify Modify
BTW Nod32 has not complained at all since TH 4.6Smiley
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: Paravoz.100 is this an fp?
« Reply #7 on: Jan 25th, 2007, 11:00pm »		 Quote Quote  Modify Modify
I emailed Gavin to let him know the problem still exists.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 2113
Re: Paravoz.100 is this an fp?
« Reply #8 on: Jan 27th, 2007, 3:27am »		 Quote Quote  Modify Modify
I have since updated again, please ensure you are up to date and let us know..
IP Logged
dbg10
Newbie
*





   


Gender: female
 Posts: 10
Re: Paravoz.100 is this an fp?
« Reply #9 on: Jan 27th, 2007, 3:09pm »		 Quote Quote  Modify Modify
Thanks Siliconman and Gavin,
The problem continued yesterday despite the fact that I had run every online scan I could think of and none of them could find anything. I have always had TH set to update daily and if it doesn't update I receive a warning and do it manually.  
 
Back in December for this year's av/fw I had decided to use ZAP Security suite with the av turned off and use Nod or Kaspersky or one of the better rated av's alongside ZAP.  I used to run Etrust suite but they changed this year and I wasn't happy with what I had seen last year.  My trial copy of Nod32 expired today so I uninstalled it and activated the ZA av temporarily.  It did a scan and surprisingly found 4 viruses on my system...3 inside my email mailboxes.
I quarantined all 4 and so far I have not received any warnings from TH when I have EmC and/or Eudora open.
 
On an aside...I must say I was very unimpressed with ZA's quarantine facility because I had to restore 2 of the mailboxes to retrieve some important email that was in them.  When I restored them I did get the warning from TH.  However the contents of each mailbox though appearing intact at first glance, had been replaced with the body of the last email I received.  I was only able to rescue the email addresses and dates of the emails that had been sent to me from the main mailbox. Opening each email showed me the last email I received.  I did find two 'spam' emails that had snuck in with dates of 2001 so I promptly deleted them without checking if the body had been replaced.
 
So far after scanning again with ZA I have received no warnings from TH at all and I'm keeping my fingers crossed that nothing remains on my system.  I was very surprised that a low rated av was able to find something that no other scanner other than TH had found.
 
Thanks for all your help with this, I will post again if I receive any further warnings...  
CHeers! Cheesy Cheesy
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register