open All Channels
seplocked Issues, Workarounds & Localization
blankseplocked Cuda.dll + Cudart.dll Viruses by avg and avast
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

Crimzin
Amarr
Posted - 2011.04.17 11:27:00 - [1]
 



Avg decided Cuda.dll and cudart.dll were viruses and put them in virus vault, destroyed 2 clients as the crc check failed, uninstalled avg and downloaded a new client, installed and copy to get 2 clients again.
Went for avast free virus, works good, better than avg but I get off for downtime just now and its done the same thing...

Another 2 clients fkd, I had deleted the downloaded client....

Viruses description : Win32:Ramnit-G

Anyway to get those 2 files? I can add exclusion

Othran
Brutor Tribe
Posted - 2011.04.17 12:07:00 - [2]
 

Originally by: Crimzin


Avg decided Cuda.dll and cudart.dll were viruses and put them in virus vault, destroyed 2 clients as the crc check failed, uninstalled avg and downloaded a new client, installed and copy to get 2 clients again.
Went for avast free virus, works good, better than avg but I get off for downtime just now and its done the same thing...

Another 2 clients fkd, I had deleted the downloaded client....

Viruses description : Win32:Ramnit-G

Anyway to get those 2 files? I can add exclusion


No real help but...

AVG has been an ongoing road crash for years now. I don't know anyone who still uses it, they've had so many disasters and false alarms. As recently as Dec 2010 they managed to brick thousands of Win7 machines after a Windows Update.

Avast isn't any better. Flagging up the majority of websites worldwide as infected (12 April 2011) shows the competence there.

Anyone who actually KNOWS the history of these cowboys and STILL uses them is deranged, quite quite deranged.


Burnharder
Posted - 2011.04.17 12:32:00 - [3]
 

Use Microsoft Security Essentials. It's free for personal use, uses minimal system resources, isn't in your face, doesn't screw your Eve client over and is in my opinion the best anti-virus out there. Make sure you uninstall your current crap anti-virus before you install this one, of course.

Gangster101 PureLove
Posted - 2011.04.17 16:44:00 - [4]
 

Edited by: Gangster101 PureLove on 17/04/2011 16:44:26
Originally by: Burnharder
Use Microsoft Security Essentials. It's free for personal use, uses minimal system resources, isn't in your face, doesn't screw your Eve client over and is in my opinion the best anti-virus out there. Make sure you uninstall your current crap anti-virus before you install this one, of course.


Yes, MSE works wonders and its extremely light weight. I would also recommend going to google and downloading their "PC Tools Spyware Doctor" which is another free tool that is very helpful.

Crimzin
Amarr
Posted - 2011.04.18 01:19:00 - [5]
 

Thanks for the ideas guys and info I don't like avg and have never heard of avast till last night (Google search next under avg) would love if someone could nudge me in the right direction? please

A Microsoft product working wonders? IL look into it..

Another 2 clients down, this is getting bad.

Question could I have an actual nasty virus that's flagging these as infected? why just me? why both programs?, and yes it is both virus programs that do the damage, not a simmiler looking one, or some crap virus that gets destroyed after it makes its first move.

This is some nasty ****, also noticed my browser was set on proxy, which I did not do and fixed, but it pops back now and again.
Until I destroy the process iexplorer even tho im using firefox.

FYI
Currently Im having to instal eve every time I turn my computer on, it seems to be while I play those 2 files get infected.
Windows xp, striped down of all useless process's which also helps spot a virus pretty quick, im normaly pretty good at getting rid of them without to much hassle.
But this has me ugh

Vmir Gallahasen
Gallente
United Mining And Distribution
Posted - 2011.04.18 04:37:00 - [6]
 

Just throwing this out there, but is there a chance they're not false positives? What if you have a virus infecting DLLs?

You might take two supposedly infected DLLs and upload them to VirusTotal to get them scanned by a multitude of antivirus programs.

Crimcald
Posted - 2011.04.19 01:38:00 - [7]
 

Originally by: Vmir Gallahasen
Just throwing this out there, but is there a chance they're not false positives? What if you have a virus infecting DLLs?

You might take two supposedly infected DLLs and upload them to VirusTotal to get them scanned by a multitude of antivirus programs.


Ok thanks Im going to check this out I was able to get both files from a fresh install of eve and put them in a zip file, so now I just copy and paste the files to get both clients working.
But yea noticed that the infected files are a bit bigger than the originals, by .2 mb, no idea if their supposed to get bigger.

Crimzin
Amarr
Posted - 2011.04.19 01:44:00 - [8]
 

Daaammmmm

File name:
cudart.dll
Submission date:
2011-04-19 01:33:52 (UTC)
Current status:
finished
Result:
36/ 42 (85.7%)

Antivirus Version Last Update Result
AhnLab-V3 2011.04.19.00 2011.04.18 Win32/Ramnit.N
AntiVir 7.11.6.174 2011.04.19 W32/Ramnit.C
Antiy-AVL 2.0.3.7 2011.04.18 -
Avast 4.8.1351.0 2011.04.18 Win32:Ramnit-G
Avast5 5.0.677.0 2011.04.18 Win32:Ramnit-G
AVG 10.0.0.1190 2011.04.18 Win32/Zbot.G
BitDefender 7.2 2011.04.19 Win32.Ramnit.N
CAT-QuickHeal 11.00 2011.04.18 W32.Ramnit.A
ClamAV 0.97.0.0 2011.04.19 W32.Ramnit-3
Commtouch 5.3.2.6 2011.04.19 W32/Ramnit.E
Comodo 8390 2011.04.18 Virus.Win32.Ramnit.H
DrWeb 5.0.2.03300 2011.04.19 -
Emsisoft 5.1.0.5 2011.04.19 Virus.Win32.Ramnit!IK
eSafe 7.0.17.0 2011.04.18 -
eTrust-Vet 36.1.8278 2011.04.18 Win32/Ramnit.C
F-Prot 4.6.2.117 2011.04.19 W32/Ramnit.E
F-Secure 9.0.16440.0 2011.04.19 Win32.Ramnit.N
Fortinet 4.2.257.0 2011.04.18 W32/Ramnit.C
GData 22 2011.04.19 Win32.Ramnit.N
Ikarus T3.1.1.103.0 2011.04.19 Virus.Win32.Ramnit
Jiangmin 13.0.900 2011.04.18 Backdoor/IRCNite.wi
K7AntiVirus 9.96.4412 2011.04.18 Virus
Kaspersky 7.0.0.125 2011.04.19 Virus.Win32.Nimnul.a
McAfee 5.400.0.1158 2011.04.19 W32/Ramnit.a
McAfee-GW-Edition 2010.1D 2011.04.18 Heuristic.LooksLike.Win32.SuspiciousPE.J!85
Microsoft 1.6802 2011.04.19 Virus:Win32/Ramnit.gen!B
NOD32 6053 2011.04.19 Win32/Ramnit.H
Norman 6.07.07 2011.04.18 W32/Ramnit.I
Panda 10.0.3.5 2011.04.18 W32/Nimnul.A
PCTools 7.0.3.5 2011.04.18 Malware.Ramnit
Prevx 3.0 2011.04.19 -
Rising 23.54.00.06 2011.04.18 Win32.Ramnit.b
Sophos 4.64.0 2011.04.19 W32/Ramnit-A
SUPERAntiSpyware 4.40.0.1006 2011.04.16 -
Symantec 20101.3.2.89 2011.04.19 W32.Ramnit.B!inf
TheHacker 6.7.0.1.176 2011.04.18 -
TrendMicro 9.200.0.1012 2011.04.18 PE_RAMNIT.DEN
TrendMicro-HouseCall 9.200.0.1012 2011.04.19 PE_RAMNIT.DEN
VBA32 3.12.16.0 2011.04.18 Virus.Win32.Nimnul.b
VIPRE 9055 2011.04.19 Virus.Win32.Ramnit.b (v)
ViRobot 2011.4.18.4416 2011.04.18 Win32.Nimnul.A
VirusBuster 13.6.311.0 2011.04.18 Win32.Ramnit.Gen.2

Additional information
MD5 : 387a96e2d3399a583b710ce6536bfd2d
SHA1 : ffcf1a3d0bd108febdce3b19033c7c217b2c3523
SHA256: b2f9cf1b6a12adda2d9078c0d7163998de9783048b0e46abfa0b99ed52ee0ed9


Crimzin
Amarr
Posted - 2011.04.19 16:21:00 - [9]
 

Hmm maybe I asked wrong or something,

I can tell now that something is infecting the .dll's of a couple of programs I have, Including Eve and basically anything I try to use, its just I was using eve only at the time now even windows media player is a virus, lol

So what am I supposed to do, should I be worried about my account being compromised? I mean it is doing something to eve and I thought a virus was to steal info? among other things of course.

Im asking for serious advice here, eve is packed with knowledgeable people.

Or am I posting in the wrong place? I have give as much info as possible If you looked at the thread and didnt replay because somethings missing so you couldnt tell, let me know what more info you need.
Please.

Deviana Sevidon
Gallente
Panta-Rhei
Butterfly Effect Alliance
Posted - 2011.04.19 19:05:00 - [10]
 

To make a test I submitted the cuda.dll and cudart.dll from my eve folder to virus total and with both files the result was 0% positive reports of anti virus programs.

It is indeed possible that something infected your system and is messing with dll. I would recommend to run Malwarebytes in safe mode, but if malware is found then you are better of with a clean reinstall of windows.

Vmir Gallahasen
Gallente
United Mining And Distribution
Posted - 2011.04.19 21:05:00 - [11]
 

Originally by: Crimzin
So what am I supposed to do, should I be worried about my account being compromised? I mean it is doing something to eve and I thought a virus was to steal info? among other things of course.

What you've got is pretty nasty and difficult to remove. Apparently it's a backdoor virus that lets a remote user take over your computer. Most sites seem to suggest reformatting your hard drive (as well as any removeable drives, it spreads through those as well)

Crimzin
Amarr
Posted - 2011.04.20 06:19:00 - [12]
 

Ok guys thanks for your help looks like I have only one option Sad

I guess thats what I get for bragging a day before that happened I have had my original install of xp for 5+ years and never had to reinstall or lose all my data at any point... until now :(

No virus programs are picking it up, I have scanned the whole pc now and alot of infected dll's are getting found, but in legit programs like eve and windows media player, everything except the actual virus thats causing all this.

Also I talked about closing the process iexplorer and the proxy went away, well now that has... manifested itself into a process called firefox, exactly like the real firfox process except it uses no cpu and very little memory, were the real firfox process can be using 100+ mb memory for just one tab open, there normaly is 5 firefox process running while only 1 is the real one, that's easily spotted but worring that the virus was able to... change itself Shocked

Deviana Sevidon
Gallente
Panta-Rhei
Butterfly Effect Alliance
Posted - 2011.04.20 12:08:00 - [13]
 

Look at the bright side, this is a very good time to move on to Windows 7. Cool

Crimzin
Amarr
Posted - 2011.04.21 11:06:00 - [14]
 

I actually have Win7 running of a different HD on my computer it has same issues with the virus it's running avg, but I run multiple clients and in WIN7 its not as efficient for that, I only have 2.5g ram.

It is shiny tho, but I have my cpu setup as MY pc on xp by killing certain process and startup programs 7 makes me feel like I rented MY pc, I think technically you are renting there OS, even tho you buy, but my PC I worked for and paid for so I use it for eye candy... when it worksWink


Demortes
Caldari
Oracle Phoenix
Posted - 2011.04.29 03:21:00 - [15]
 

I find this thread kinda hilarious. From insulting AVG and Avast to... "Oh... they were right."

As for helping, I've liked Avast, never had a problem. That doesn't mean following it blindly. It's merely a suggestion. Your knowledge of your computer will provide the best defense, watch for weird stuff happening like high RAM usage, especially network usage.

I'd still not trust anything made by the same people who make your OS. Too much bias possibilities. Redmond thought it would be wise to force IE as a mandatory install.... look where that got them.

Do have to say, kudos to the one that suggested the web based scan.


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only