aveqt.dll

Discussion in 'malware problems & news' started by Get, Nov 18, 2011.

Thread Status:
Not open for further replies.
  1. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Yesterday I had to shrink a mov-file after changing it into an avi. This was very difficult and took me over an hour and installing some stuff among which were microsoft fix it and quicktime. Today I noticed that aveqt.dll was created in the system32 folder. It doesn't belong to quicktime which you may asume. When you google it you get very afraid...when you'r an idiot that is. Being an idiot I want to ask you...does anybody know what it is?
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hello,

    upload to Virus Total

    - also select 'show all' have a look to see if there is a Threat Expert report :)

    edit: is this the file?..MD5 : 23b8b59396a50388cd34ceee55a103ee
     
  3. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Hello Meriadoc, I see you've uploaded it also. It's the same MD5. Nice to see only trend gives a result?
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Trend's heuristics, a compression tool has been used on the file.

    When Trend sees this pattern it will automatically flag it, just in case. As no malware name is appended to the 'detection' and no other av house is complaining then it looks okay. Try a full scan with your av and HMP if your worried.

    This is what is found at Threat Expert :


    Yes I found a reference here so upped the files.
     
    Last edited: Nov 18, 2011
  5. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Thanks. Great link btw. I will run avast and malwarebytes.
     
  6. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Here is My Assessment:

    The file 'aveqt.dll' located in the \system32 folder appears to be associated with DVD Burning Software,
    in particular with 'Aone Software Corporation' who appears to be the parent and author of the file.

    Aone Software Corporation appears to use the 'aveqt.dll' file mostly in the 'Ultra DVD Creator' software program,
    and in other DVD, CD, MPEG, AVI Converting Softwares that are offered on their Web Site.

    The file 'aveqt.dll' also appears to be used by other DVD Burning Software Venders, perhaps these other Venders
    are partners, subsidaries, affiliates, or licensed clients of Aone Software Corporation, or the reverse.

    The file 'aveqt.dill has been uploaded to several online Virus Scanning Web Sites over the past and exited with an
    clean bill of health. In other words the file passed the Malware Scanners of many different types of scanners from
    many different software venders that are regarded as trustworthy and mainstream security venders in the market.

    However, the validity of the file 'aveqt.dll still remains somewhat vauge because other researchers have flagged the
    file 'aveqt.dll as being Low, Medium, or Severe in regards to being an Security Threat. It is worthy to note that
    most of the other researchers Web Sites that have flaged the file 'aveqt.dll' as being malitious are they themselves
    either questionable or their names I have never heard of.

    I would start by checking the Properties of the file 'aveqt.dll' to find out the Creation Date in the System.
    If the Creation Date in the System matches the Date that you claim you Installed "some stuff" then the Installation
    of "some stuff" Installed the file 'aveqt.dill' in the System. If not then I speculate that sometime in the past you
    have installed some sort of DVD Burning Software, and that DVD Burning Software installed 'aveqt.dll'.

    Next you can try to archive the file 'aveqt.dll' to an external source and then Delete the file from the System.
    This would allow you to pinpoint the program or programs that rely on the file 'aveqt.dll'
    Note that I would not use this procedure on any System File, only on 'aveqt.dll or the like.
    Deleting the file 'aveqt.dll' will also reveal if the file is recreated at some point, such as after an Reboot or
    Opening Up Programs.

    Finally as an precautionary measure you should scan the System with your favorite Malware Scanner.

    The Malware Scanners that I recommend are:

    Microsoft Malicious Software Removal Tool: (choose full system scan)
    http://www.microsoft.com/security/malwareremove/default.mspx

    Microsoft Safety Scanner:
    http://www.microsoft.com/security/scanner/en-us/default.aspx

    Panda ActiveScan 2.0:
    http://www.pandasecurity.com/activescan/index/?lang=en-US

    ESET Online Antivirus Scanner:
    http://go.eset.com/us/online-scanner/



    About Aone Software Corporation:
    http://www.aone-soft.com/index.htm


    HKEY1952
     
  7. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    For what it's worth ESET OAS found "WIN32/Toggle application" in one of the converters. I had to convert something very fast for someone and used an old version with a serial, because for using something 1 time I won't buy it of course (big and neverending shame on me). At virustotal it says:

    DrWeb Adware.Downware.23
    eSafe Virus in password protected archive (it's an exe btw)
    NOD32 Win32/Toggle

    The rest doesn't find anything and mbam and avast (on my pc) say the exe is clean. I think it's a false positive. BTW it's software from AONE, but in the properties it states "Inffinity Internet" which sounds dodgy and the timestamp is when it was created.
     
    Last edited: Nov 20, 2011
  8. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Panda ActiveScan 2.0 gives me this (i'm using ff 8.0):

    We have detected that your PC is using a version of Microsoft Internet Explorer or Firefox, or another browser, that is not compatible with ActiveScan 2.0.

    Download Panda Antivirus Pro 2012 FREE to scan your PC and make sure it is virus free:

    o_O
     
  9. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Kaspersky Virus Removal Tool crashed during install and after disabling hips and proactive protection of outpost it gave me a bsod during install, so exit kvrt.
     
  10. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    One must allow the Panda ActiveScan ActiveX Control to be Downloaded and Installed onto the System.

    The location of the ActiveX Control after Downloaded and Installed is:

    C:\Windows\Downloaded Program Files\

    There you will find the ActiveX Control 'ActiveScan 2.0 Installer Class'


    What requirements should my PC meet to run ActiveScan 2.0? (from panda activescan 2.0 help at top of webpage)
    http://www.pandasecurity.com/activescan/help/#3


    HKEY1952
     
  11. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    One Must Completely Disable All Active Running Resident Security Software Programs, Including Software Firewalls,
    Before Executing Such Security Programs To Evade Conflicts.



    HKEY1952
     
  12. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    I believe that you do not have anything to worry about Get, however, in order to satisfy your concern, you can elect
    to run this tool from Symantec. It requires No Installation and will scan the system for Crimeware an Rootkits.

    Note that Norton Power Eraser uses Aggressive Methods to detect threats, and may select some legitimate programs
    for removal. So be Very Careful when Deleting Items From The Quarantine should there exist any.

    Create an Folder on the C:\ Drive and Name it 'Power Eraser' and Download it to there.

    Disable All Security Software, Including Software Firewall. Then Reboot the Computer.
    Navigate to the 'Power Eraser' Folder and Double Click the 'NPE.exe' File.
    Choose Check for Rootkits,
    Then Choose Include Rootkit Scan, and Click on the Restart Button (required).
    After Reboot Norton Power Eraser will then check for Updates and then preform an Scan of the System.
    After the System Scan Norton Power Eraser will display the results.

    I have Never experienced anything in the Quarantine and Norton Power Eraser Has Never Flagged Legitimate Programs.


    Norton Power Eraser:
    http://security.symantec.com/nbrt/npe.aspx?


    HKEY1952
     
  13. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    With everything disabled kaspersky still gives a bsod. Will try panda now. When it takes too long it will be tomorrow.
     
  14. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Read you post after posting mine. I am not really worried, but still... you never know. I will try norton first. Thanks so far.
     
  15. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    You are welcome Get.....Good Luck.....


    HKEY1952
     
  16. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Norton didn't find anything but fp's. It encountered a problem, but I think that was due to me enabling Outpost when it wanted to go on the internet (and "created the internetconnection because there was a problem :eek: ) and some of my software still was partially running when I looked at task manager. It crashed, but the second time it went well. Will do panda and when that finds nothing it is ok as far as i'm concerned.
     
  17. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Panda only works in IE and I had to download it numerous times before it reached the end, but now it's too late so I will scan tomorrow. Later.
     
  18. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    First Time Downloads of Online Scanners with such magnitude usually take an while, one must be patient.
    Even though the Download may seem to hang, wait. The Program is being Installed on the System.


    Subsequent Downloads are much faster because the Software is Already Installed on the System and Only the Malware
    Deffinitions need to be Downloaded and or Program Updates may need to be Downloaded and Installed from time to time.

    The Online Scanner Software Program Listing can be found in C:\Program Files\
    The ActiveX for those Online Scanners can be found in C:\Windows\Downloaded Program Files\
    To Uninstall Online Scanners go to Add or Remove Programs and Uninstall the Software.


    EDIT: clarity


    HKEY1952
     
    Last edited: Nov 20, 2011
  19. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    What convinces you that the files flagged by Norton Power Eraser are False Positives?


    HKEY1952
     
  20. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    They sound like PUP or PUA detections to me.
     
  21. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    The 'WIN32/Toggle application' might be for the DVD Burning Software Programs Keyboard Key Combinations.

    The 'Adware.Downware.23' is questionable, possible False Positive by DrWeb in regards to 'WIN32/Toggle application'

    That is why I am relying on the results of Norton Power Eraser.


    HKEY1952
     
  22. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    It taking a while wasn't the problem. It stopped downloading and asked me to try again. Eventually it succeeded.

    I knew the flagged items. Norton didn't recognize them as safe. Such fp's are frequent when you have some not so familiar to the masses-software.

    I scanned with Panda today, but it took so extremely long that I chose to put back an image. I could've done that before, but was curious. There was a timelimit and Panda broke it. Thanks for the help again. Btw I would've put back an image anyway probably when nothing was found, because beter safe than sorry and also the 2 bsod's.
     
Thread Status:
Not open for further replies.