What about PrevX - any good?

Discussion in 'other anti-malware software' started by abrogard, May 13, 2008.

Thread Status:
Not open for further replies.
  1. abrogard

    abrogard Registered Member

    Joined:
    May 13, 2008
    Posts:
    6
    This is my first post. I thought I should put it in Adware, Spyware and Hijack cleaning but there doesn't seem to be any threads in there. Something wrong there or what?

    Anyway. I've got a persistent problem with BHO's that I can't get rid of.

    And I come to my computer and see the red light flickering when it is supposed to be doing nothing. I'm very worried I've got a resident keylogger or something that might even get my passwords.

    In task manager I see there's a process was using some ticks when the computer should have been doing nothing and it was called "ati2evxx.exe" and I google it and find "PrevX" - a supposed spyware cleaner, which claims ati2evxx.exe is spyware.

    BUT - the question is.. can I trust Prevx ? There's so many spyware removing programs around these days that in fact introduce spyware or pretend spyware is there or, in fact, you might as well say, are spyware themselves.

    So I googled Prevx and found a guy who's been plagued with spyware ever since he introduced Prevx.

    And another guy who claims its useless because it only scans memory and doesn't care about stuff waiting to jump out.

    And so on....

    So I need some help.

    To get my machine clean. This forum looks very serious and competent (except that funny empty forum.... ) so I'm hoping I can find some help here.

    Perhaps I'm posting in the wrong forum, please let me know if I am.

    And if anyone can help in even the smallest way I'll be glad.

    regards,

    ab :)
     
  2. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    I can't really comment on Prevx since I don't use it but...

    The file you are asking about is listed here and here as a legitimate process belonging to ATI Graphics. If you have ATI Graphics then it is probably harmless. Even a "harmless" process can sometimes eat up resources unneccesarily though. Do some research and see if it can be disabled without ill effects. Some processes used with video cards can be disabled without problems, or you may only lose some advanced options, or an easier way to reach a video control panel that you could reach anyway by going through Windows own control panel. (I have an nvidia card and have stopped three nvidia items that want to start with Windows with no ill effects for the way I use my computer.) Use msconfig to stop the process from starting with Windows should you decide you can live without it.

    Also, depending on where the file is located it is of course possible that it could be malware masquerading as a legitimate process. As a precaution download and run Dr. Web CureIt and download and install SuperAntiSpyware and see if they find any problems, both are free. You could also send the executable to VirusTotal and have many different AVs scan it, also for free.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I used Prevx in the past and I also have ATI and ati2evxx.exe on board like many other users.
    I don't recall that this object was ever considered as spyware by Prevx.
    It wouldn't be logical either, because ATI is a common software and even when it was ever spyware, Prevx would have fixed it a long time ago and certainly in a community database with so many users.
    I'm very touchy regarding f/p's, I would have remembered this one.
     
    Last edited: May 14, 2008
  4. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    I assume this is where abrogard got his information concerning Prevx listing the file as malware.
     
  5. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @Firebytes: nice post :thumb:
    I agree that PrevX listing is a little unclear: have to read btwn the lines a bit: this is a bit more specific:
    http://www.fileresearchcenter.com/A/ATI2EVXX.EXE-2559.html
    First page on google.

    So the advice to screen with SAS is spot-on.

    I dont have ATI, I'd be annoyed if PrevX warned re a normal file: if you do go ahead and run a PrevX install and scan and get a possible FP: make sure to notify, although, I'd be surprised if somewhere PrevX has not seen the 'real' .exe

    PS as per your concerns:
    free online virus scans
    PrevXCSI free scan ( clean-up costs some $)
    SAS free version: install for a very good tool
    Autoruns

    Let us know if you find something
     
    Last edited: May 14, 2008
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, that must be another executable, than the one of ATI. AE will shoot this one, if I ever meet this false ati2evxx.exe.
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I currently use Prevx on one of my computers. Its works well but you have to watch for FPs.
     
  8. abrogard

    abrogard Registered Member

    Joined:
    May 13, 2008
    Posts:
    6
    Well thanks for the replies.

    You're right, Firebytes, that's where I got my prevx info from.

    And you're right again with your suggestions for a fix. I downloaded and ran both softwares. Drweb didn't find any virus and that's all it looks for, I think, isn't it?

    But superantispyware found Adware Vundo Variant and tracking cookies and an "Unclassified, Unknown Origin" and "Browser Hijacker Favorites".

    I let it clean them all - taking a risk on the unknowns possibly being useful files.

    It cleaned them and called for a reboot.

    I had it scan after the reboot and it found nothing this time. The first piece of software to do that. Usually the problem recurrs immediately.

    I've got AVG and Comodo installed always and I've had Winpatrol and Spybot installed all the time.

    Since the problem came up I've tried Adware SE, Spyware Blaster, Spyware Guard, ZoneAlarm, MSAntispyware, Cookie Cruncher, Popup Blocker, Vundofix, BHODemon, XoftSpySE, Smitfraudfix and Malwarebytes Antimalware, amongst others.

    Most recently I followed this regime:

    ATF Cleaner
    Ad-Aware 2007
    Spybot S&D
    Spyware Doctor
    Spyblaster

    Then Panda Active Scan followed by Kaspersky.

    As we can see by what SuperAntiSpyware found none of them did any good. Though they often found Vundo and often claimed to have fixed it.

    Now apparently it is gone, finally. Thank you very much.

    There remains only the message on boot up: "Error loading c:\windows\system32\qcqwgtbi.dll" which I suppose is one of the BHO dll's I removed during the course of my attempts to fix this thing. What's causing it still to be looked for I don't know.

    If anyone can help we with this last little item it'd be great.

    Either way thanks a lot, I'm tremendously happy with what you've done.

    regards,

    ab :)
     
  9. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi ab, welcome to wilders.
    Glad you fixed your problem.
    SAS and CureIt are my weapons of choice when cleaning other computers.
    PrexvCSI is a good scanner, BUT it has a high rate of false positives, so be carefull...When I use PrevxCSI, I upload detected files to virustotal.com

    You say you use spywareblaster for cleaning. SpywareBlaster is a PREVENTION tool. It "inmunizes" some areas of you computer so malware can't install in the first place. It's not a cleaning tool.

    For a list of rogue scanners (the ones that say they are legit scanners but are indeed a form of malware), check out http://www.spywarewarrior.com/rogue_anti-spyware.htm
    or
    http://www.malwarebytes.org/roguenet.php

    As for the absense of HijackThis log in this forum, check out here
     
  10. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    abrogard,

    I'm glad you are getting your problems ironed out. The members here at Wilders are always very helpful. I am sure someone with some info on the error you are getting with that dll loading will be along eventually.

    Also, while I am sure you alreay did it, I just wanted to make sure that you had updated SAS after you installed it. You might also want to run a SAS scan in safe mode once as well.

    One other thing, if you use Windows System Restore you might want to clear all your previously created save points as they could harbor copies of any malware you just cleaned. I would hate to see you accidentally re-infect yourself with the same malware.


    @Longboard,

    Thanks for the compliment. :D
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, abrogard:

    Prevx 2 is still good, although I have not renewed it .

    I sense you are very much concerned with malwares. IMO, adding Prevx 2 is not the only viable solution. I have been where your are now.

    I would, if I were you, to consider these options: in addition to your regular firewall, antivirus, and backup.
    (1) TO adopt a shadow application,
    (2) To add a sandbox application
    (3) To add a behaviour blocker
    (4) To sprinkle with few on demand AS scanners(free)

    After all are done, you probably DO NOT need prevx2 any more. Most, if not all, protential malwares will be dealt with by those shadow/sandbox/behaviour blocker. When you take a shower or have a supper, just run those free AS scanners, to see what are your catch of the day.
     
    Last edited: May 14, 2008
  12. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    The RunDll item is a left over from the infection (not an infection, you are likley completely clean) - if you want to submit a support request here:
    http://www.superantispyware.com/support.html

    We can clean that last item up so it won't annoy you each time you start your system :)
     
  13. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    And here is one of the top reasons that SAS rocks. They will bend over backwards to help you with any problems. :thumb:
     
  14. abrogard

    abrogard Registered Member

    Joined:
    May 13, 2008
    Posts:
    6
    Well thank you, Nick, I've just logged the request after spending some time trying to find a way to get rid of it myself.

    I agree, threedog, I'm very impressed, especially after all the time I spent searching around and discovering and trying prog after prog that didn't fix the problem though claimed (loudly) that it would.

    I will be promoting them everywhere I can. If they had an affiliates prog I'd join it.

    regards,

    ab :)
     
  15. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    PM me, we do have a reseller/affiliate program :)
     
  16. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I must get another licence for SAS pro for myself. The last 3 licences I got I turned right around and put them on family's computers to cut down on the "My computer is working funny...can you fix it" calls. SAS is one product I really trust. :thumb:
     
  17. abrogard

    abrogard Registered Member

    Joined:
    May 13, 2008
    Posts:
    6
    I will PM you, Nick, I've been holding off while I went through the procedure for cleaning up that last irritation - which I've now done and, to my great surprise, it didn't work.

    Something is still looking for qcywgtbi.dll on startup and not finding it.


    regards,

    ab :)
     
  18. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    All that means is there is a leftover registry key - the infection is gone. Submit a support request here and we can take care of that:
    http://www.superantispyware.com/support.html
     
  19. abrogard

    abrogard Registered Member

    Joined:
    May 13, 2008
    Posts:
    6
    I thought it might be that. I'll just try my "Wise" registry cleaner and see if it gets rid of it...
     
Loading...
Thread Status:
Not open for further replies.