Anyone heard of this file before nlcfhpd.sys

Discussion in 'other anti-virus software' started by the_sly_dog, Aug 5, 2010.

Thread Status:
Not open for further replies.
  1. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Hello People

    Well last few days i hav been having a few bsod and i thought it maybe ram at first Then i ran memtest all perfect, Then i ran safe returner and it flagged this file as a trojan, Then after some digging i noticed it was running at start-up, all my software is 100%legit i don`t use clap-trap crap EG: ( cracks-keygens etc;)

    nlcfhpd.sys it was in my drivers foldero_O i ran a full scan with eset i turned all settings to high said i was clean

    for a i7 920 and 8gb of ram my pc does feel very slow :'( :'( problem is i only made a backup of my system tonight :'( :'( :'( :'( :'(

    any ideas ??

    thank you

    benjamin
     

    Attached Files:

  2. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I have tried to search on google but all in vain. It seems that you are the only one who is having problem with this file..Better you upload it on VT or submit this file as suspicious file to AV vendors... They'll get back to...:)
     
  3. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    i uploaded it to virustotal 3 say its a trojan cloaked malware trojan,
     
    Last edited: Aug 5, 2010
  4. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    you'd be better off removing the VT link ...tos

    try a scan with hitman pro and mbam
     
  5. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Please do submit your file to Avira, Kaspersky, Dr. Web, Panda and NOD32 Labs ... They'll let you know whether file is really malicious or not.
     
    Last edited by a moderator: Aug 5, 2010
  6. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    And do it ASAP;)
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Anything Uploaded to VT is always shared with the scanners used there so no need to send to all those vendors!

    TH
     
  8. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Agree, but it takes time...But if he'll submit them privately then they'll look into the case asap.
     
  9. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    BTW you can send me the file too, i'll get back to you as soon as possible too :)
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    You can always run other free tools such as MBAM, SAS and Hitman Pro with it's free 30 clean up license!

    TH
     
  11. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Sure, but Avi and I meant that he can send the file to one or a couple of vendors if he want to get a confirmation that the file is indeed malware.
     
    Last edited: Aug 5, 2010
  12. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Ran a prevx scan and purchased a license it cleaned the files for me :thumb: :thumb:
     
  13. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    a very good investment ;)

    next time try the prevx+hitman pro bundle ....
     
  14. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Thats a better deal :'( :'( :'( :'( :'( You convinced me lol just purchasing it now :argh: :argh:
     
  15. Dr who

    Dr who Registered Member

    Joined:
    Jun 6, 2009
    Posts:
    46
    Sly Dog,

    You might want to ask for a refund as PX removed Avenger3 driver which is dropped by MalwareBytes when it attempts to delete a file on reboot.

    Google searching the MD5 of the file is very enlightening= File appears by lots of random names but the MD5 hash is static.
    http://www.google.co.uk/search?hl=e...ogle Search&meta=&aq=f&aqi=&aql=&oq=&gs_rfai=

    By all accounts it mystically appears on disk when you fail to reboot the system after MBAM asks for a reboot.

    The actuallity is if you reboot it enforces the MBAM clean up script then deletes itself and it loads value.Also it is a random name+ random service name to avoid malware interference with it clean up operations.

    Once again Emisisoft grabs another False Positive along with PrevX who have just conned you by removing a file that is 1)Not malicious 2) Can be manually deleted if needed and 3)Finally would have been deleted by MBAM should you have rebooted that computer when it asked you too.
     
    Last edited: Aug 5, 2010
  16. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Ah, yes, this randomly named file caused me some confusion a while back, too. Took me quite a while to figure out it was an MBAM-created file. Seems like the thread starter has the same file (differently named, of course), and that PrevX has indeed falsely deemed it malware.
     
  17. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Confirmed it is a false positive.. Emsisoft have corrected this FP in their updated DB.. Now only Prevx and eSafe is detecting it as a malware.. :)

    I have already contacted one AV lab and they assured me that it is a fp.. :)
     
  18. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Thank you all :thumb: :thumb:

    Just backing up my pc again i wiped my backup drive thinking it was infected.. lol only another 40minutes wait til it finishes again :cautious: :cautious:
     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Life's hard mate;)
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We've fixed the FP - thank you for the report. Randomly named drivers are indeed quite suspicious :doubt: If you would like a refund, please send me a PM or write into our customer support inbox and we will be more than happy to give you one.

    Thank you! :)
     
  21. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I am sure he won't ask for any refund. Prevx is really such a nice product, that if i ever pay for it, i won't ask any refund for it :) ... But i won't be able buy it ever...financial restrictions ... :(
     
Loading...
Thread Status:
Not open for further replies.