Got a warning by my Firewall....

Public Technical problems / FAQ
1

Yesterday evening (late), my firewall: [ Trend Micro Internet Security ] released a warning, that it found a virus or a spyware action. It made a protocoll:

Protokoll-Liste:

“Zeit”,“Art der Virensuche”,“Quelltyp”,“Virenname”,“Infizierte Datei”,“Erste Aktion”,“Zweite Aktion”

“02:07”,“Echtzeitsuche”,“Datei”,“SPYW_NETVZRVW.B”,“C:\WINDOWS\unvise32.exe”,“Zugriff verweigern”,""

“02:07”,“Echtzeitsuche”,“Datei”,“SPYW_NETVZRVW.B”,“C:\WINDOWS\unvise32.exe”,“Zugriff verweigern”,""

“02:20”,“Manuelle Suche”,“Datei”,“SPYW_NETVZRVW.B”,“C:\WINDOWS\unvise32.exe”,“Übergehen”,""
“03:20”,“Echtzeitsuche”,“Datei”,“SPYW_NETVZRVW.B”,“C:\System Volume Information_restore{EBAF0395-8946-41D0-955C-54ABA2911AAB}\RP275\A0079708.exe”,“Zugriff verweigern”,""

“03:23”,“Echtzeitsuche”,“Datei”,“SPYW_NETVZRVW.B”,“C:\System Volume Information_restore{EBAF0395-8946-41D0-955C-54ABA2911AAB}\RP275\A0079708.exe”,“Zugriff verweigern”,""

(übergehen=pass over, overlook, ignore
Datei=file
Manuelle Suche=manual search
Echtzeitsuche= Real Time Search
Zugriff verweigern= deny access)

Actually it didn’t know what kind of attack it was and called it: SPYW_NETVZRVW.B.

I put the unvise32.exe under quarantine first and looked it up. It is actually called unvise32qt.exe and I looked up its properties: Installer VISE uninstall application file; Copyright © MindVision Software 1995-99;

The file is in the windows main directory. C:\windows\unvise32qt.exe.

Since it is under quarantine now it can’t harm says my Firewall…

What is that?

Do you have that file as well in your windows directory?

Spybot found nothing btw nor Ad-Aware…

And what is this A0079708.exe ? :confused: :rolleyes:

PS: “Zeit”,“Art der Virensuche”,“Quelltyp”,“Virenname”,“Infizierte Datei”,“Erste Aktion”,“Zweite Aktion”= Time, way of virus search, source typ, virus name, infected file, first action, second action.

SPYW_NETVZRVW.B could be= Spyware_Networkvirus.B

2

A quick google, and one site lists it as a trojan/backdoor, I have Adaware and spybot, along with NAV with all the latest updates, and they didn’t detect it either … I had it (unvise32qt.exe) in the windows directory.
I just deleted it as normal, re-started the PC and re-searched , and it no longer exists.
I looked in the firewall logs, and it has not attempted to access the internet, or be accessed from it.
The A0079708.exe file I do not have.

3

read this HIaw:

http://securityresponse.symantec.com/avcenter/venc/data/spyware.spytech.b.html

4

a good anty spyware/ anti trojan horse and other stuff

hitman pro 2

does everything automaticly, and free

5

Majik & Nepe thx alooot already for your concerns and help…I checked my whole system again…all was fine nothing was found anymore…

before I also checked the Registry and found 2 unvise entries…1 referring to my Pinnacle Studio 9 the other to Quick Time: example:

C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

both times I deleted the unvise thing.

Here 2 screenies of the reg entries and where I found them with the help of find within the Reg running regedit:

Thx Cooper for the hint…fortunately enough my Firewall also got aware of the prob…but thx anyway. I also looked up the Symantec site Nepe and that was a great help as well registrywise. The paths they indicate there I followed but didn’t find anything…fortunately. Then I made the “find” procedure, explained above and found those 2 entries.

6

Hiawatha I have seen a similar file

unwise

-rather than

unvise

-as part of normal installations. Can’t remember now where I’ve noticed the file but it is unwise32.exe or unwise32.dll

I remember because I thought that an executable should not warn people not to run it… very odd. Some older game I think

Ah on googling I see it is something to do with Macromedia… not sure if any of this helps you but thanks for the heads-up mate!

Ming