please review my log. Thank you.

hello every body,
I just joined and I really HOPE you experts out there can solve my doubts, please. I use:
OS: W98SE
Antivirus: ANTIVIR Personal Edition Version 6.25.00.03
Firewall: ZONEALARM free
I also run since one year an FTP server using: BPFTPSERVER
(www.bpftpserver.com)

3 days ago I went to launch the SERVER as usual and to my immense shock my ANTIVIR PE popped up saying this:
"THE FILE G6FTPSRV.EXE CONTAINS SUSPICIOUS CODE (HEURISTIC/TROJAN.WIN32.PWS)"

A trojan inside a sofware I registered and paid for?
A trojan on my PC even using ANTIVIR and Firewall?
Is it dangerous? How can it be?
How do I get rid of it?

I even uninstalled BPFTPserver and downloaded it again brand new from ther site but problem still the same. I CANNOT LAUCH IT ANYMORE.

A friend told me that also in the latest FREE version of antivir PE the heuristics were included....and you can choose between 3 settings from low-medium-high. I'm not very techie person and I dont know what HEURISTICS are... ......I checked and heuristics are set to medium by default.

I tried LOW and the server launches OK no problem but if I revert it to
MEDIUM it's poppin up preventing the launch.

should i worry ??
Can you please please help as soon as possible?
Thank you for reading me and for your time.
My HijackThis log is below for you.

all the best
Claudio


bOATdRINKS

I cleaned my system with SPYBOT.

Logfile of HijackThis v1.97.7
Scan saved at 18.34.06, on 06/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACK THIS LOGS\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free-av.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\PROGRAMMI\TECHSMITH\SNAGIT 6\SNAGITBHO.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAMMI\TECHSMITH\SNAGIT 6\SNAGITIEADDIN.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [CleanRam] C:\WINDOWS\TEMP\CLEANRAM.EXE
O4 - HKLM\..\Run: [RegProt] c:\windows\desktop\reg protection\regprot.exe /start
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Modem ADSL B-QUICK.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Convert and Open - C:\PROGRAMMI\CAMTECH\ConvertIt.htm
O8 - Extra context menu item: Download using Download &Express - file://C:\Programmi\Download Express\Add_Url.htm
O8 - Extra context menu item: Compila Modulo &] - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Salva Moduli &[ - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Aggiungi l'indirizzo alla Lista Nera della pubblicità - C:\PROGRAMMI\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Blocca tutte le immagini provenienti dal server di questa - C:\PROGRAMMI\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Cerca con Google - C:\PROGRAMMI\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Evidenzia in questa pagina - C:\PROGRAMMI\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Apri tutti i collegamenti nella pagina in linguette diverse - C:\PROGRAMMI\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Barra strumenti &2 (HKLM)
O9 - Extra button: Compila (HKLM)
O9 - Extra 'Tools' menuitem: Compila Modulo &] (HKLM)
O9 - Extra button: Salva (HKLM)
O9 - Extra 'Tools' menuitem: Salva Moduli &[ (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37867.9011805556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab?new
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_11) -

 

Hi Claudio,

Nothing disturbing in your log.

I would get rid of this one:
O4 - Startup: PowerReg Scheduler.exe
because it is a waste of resources.

Regards,

Pieter

 

...cheers Pieter
...you've been very kind
...you say all is OK, KAV online check say as well that file is OK....
...but my problem still there...everytime i try to launch the server
...antivir PE pops up....
...I guess in order to solve my problem I'll have to wait for the replies
...from the BPFTPSERVER support and ANTIVIR support......
...will let u know
...thanks again.....all the best

ps: got rid of Startup: PowerReg Scheduler.exe
as you suggested.....thanks


bOATdRINKS