Jump to content

I have W32?Malware!Gemini that F-Secure online scan detected

Recommended Posts

Hello gang,

I have done numerous scans:

F-Secure- Detected W32?Malware!Gemini





Hitman Pro-0

One Care-0

Here is DDS log: Forum said to attach the other logs so they will follow.

DDS (Ver_10-10-05.01) - NTFSx86

Run by Cindarella at 14:58:30.93 on Sat 10/16/2010

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22




Link to post
Share on other sites

Hi and Welcome,

W32/Malware!Gemini is a heuristics detection which means the flagged item it is determined to be infected by its behavior not a signature:


Detections like this have a higher probability of being a "false positive" detection if the settings are tweaked very tightly.

Since all other scanners were negative then this is probably the case, but please copy/paste the log that contains that detection because I need to know the name of the file that created that alert.

This program was installed today:

2010-10-16 18:56:30 -------- d-----w- c:\program files\znmvzd12

It looks like it's a security program that uses random naming for self-protection, judging from your ARK report. Can you shed some light on this for me please? What program did you install today?

You also have a lot of security program drivers loaded, plus the Sandboxie driver which is not such a good idea:

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-13 28552]

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-10-7 41928]

R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-10-7 11776]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-10-7 2909536]

R2 ISRService;FirstDefense-ISR Service;c:\$isr\0\ISRService.exe []

R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-10-7 72808]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-10-1 124648]

Whatever you're not using in the above, you should uninstall. pavboot.sys is from Panda online scanner.

It looks like you are very security aware judging from your logs, which makes you a less likely candidate for being infected.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.