Rivarts.A trojan, Ewido & Zone ALarm and VNC

Discussion in 'ewido anti-spyware forum' started by Looking4MyWings!, Mar 29, 2006.

Thread Status:
Not open for further replies.
  1. Looking4MyWings!

    Looking4MyWings! Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2
    I'm pretty much a novice so I hope my questions don't seem ridiculous. I've got MS AntiSpyware Beta1 on my computer, and the other day it gave me the warning that I had Rivarts.A trojan in 9 different regisrty keys: HKey_Local_Machine_system\Current COntrol\Services\mchInjDrv\Type1. THe other enteries follow the same info with additional "file"o_O in place of the Type1 entry. I'd clean it and get a clean bill of health. Then, the next time I'd restart my computer, Voila! the Rivarets would return.
    I installed the Ewido's free program earlier today. I ran Nod32, Spybot, MS Antispyware, PestPatrol in safemode today and no program found the Rivarts. When I restarted in normal mode, AntiSpyware found it again, and cleaned it again. Rivarts is listed on some of the Sites as a legitimate pest, so I'm all the more unsure how it can be a false positive and a legitimate pest at the same time....ummm... I feel like I'm being pushed into becoming some kind of "expert" just to get by and use my computer without incidents.
    It would sure brighten my day if someone would kindly put a few of my questions put to rest, so I can rest, eh?!
    I've a few questions:
    1. Why isn't the Ewido's software alerted to this trojan?
    2. Why doesn't the Ewido program accept my choice to allow my TIghtVNC program to be accepted? I keep getting a Zone Alarm message like this-"guard is trying to communicate with "C:\Installations\COmmunications|TightVNC\WinVNC.exe" -servicehelper by opening a thread.
    When I said "ALLOW", the VNC program dropped from my notification tray and opens a box stating
    "VNCHooks.dll is missing for VNC.exe"
    How do I fix thiso_O
    3. SHould I allow or deny the guard's request to open a thread with VNC? I don't know what the request means.
    4. Can I delete the extra language files downloaded with the Ewido software package such as German, French, Japanese, etc. since English is the only language I'll be needing? Can this be done without harm?

    I think that covers my confusion, but who knows I may be so deep into something I know so little of that my questions barely are the "tip of the ole iceberg"o_O? I surely hope not.

    Thank you to anyone who can help me out. I am most grateful.

    3/29/06 PS: I read in these threads how one can choose to ignore all the files detected by scan as "Not-A-Virus", but I've scoured through all the options and do NOT find it anywhere. Where is this so I can stop the VNC warnings? I found that the VNCHooks and the VNC.exe are in the quarintine---yesterday, the VNCHooks was nabbed; today, the VNC.exe was nabbed. Does this mean I can retore my VNC functioning by somehow removing them from quarentine (is that the refresh button?)? Also, when I allow or deny ZoneAlarm's requests to "communicate with VNC-servicehelper by opening a thread", or to "change fileWINDRVDIR\etc\hosts", am I the ignorant one cutting off my VNC??

    I notice too, that some computer stats help, so here goes:
    I've got 1GB memory, AMD Athlon64 3000+, nVidea nForce4, 2 ide HDs with 250GB+ (pretty sure),XP Pro with a full office suite and add'l add on's with some kind of Corrupted Outlook functioning; ZoneAlarm Security Suite v6.1.744.001, with the Vir & Spyware & IM & email protection at OFF; MRU-Blaster v1.5, WebRoot Window Washer v6.05..; SpywareBlaster 3.51; Spybot S&D v1.4; PestPatrol4.4.4.8.1; Lavasoft AdAware SE PRo, build115. Real time is Z/A, Nod32 v1.1461, MS ANtiSpyware-Beta1 v1.0.7.01. I think I got the vip stuff noted, or noto_O

    Sorry I didn't include this stuff before. I presently think it's fair to say, "I'm in WAY over my head", but I need to get this stuff working so I can overcome what a disabling accident has had me contending with. This is my hope for a better future. Carpe Diem!
     
    Last edited: Mar 29, 2006
  2. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    I'm aware that there is another topic on this Rivarts hit from MSAS, but can anyone from Ewido confirm that if Ewido doesnt detect it then it is a false positive. Clean scans here from Ewido, NOD32, OA and Adaware but MSAS showing Rivarts infection

    Thanks
     
  3. Looking4MyWings!

    Looking4MyWings! Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2
    My MSAntiSpyware is now coming up clean. I contacted MS, ran scans for malicious software from various sources without any detections, yet, MSAS kept calling up the infection, then, suddenly MSAS stopped detecting it. I feel pretty confident that it was simply a false positive from MS end. MS never acknowleded what happened, and I think it would have been responsible to inform users of this rather then leaving them in the dark and, thus, worried till it got cleared up. I'm grateful it's over. I do sleep better with clean scans!

    I like the ewido software and when the new version is out that allows VNC to stay connected, I'll want to buy the full version so as to keep my "fortress safe and sound on all its fronts."

    Thank you. I'm glad for small advances.
     
Thread Status:
Not open for further replies.