Microsoft Vulnerablities Scan

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have Windows XP. I use Trend Micro PC-cillin Internet Security 2007 as my
antivirus program. When it runs a weekly scan, I get the following 2 issues
listed as VERY HIGH RISK vulnerabilities: TARGET: Office / ISSUE:
VBS.DAVINIA.A (related bullitin MSOO-O34) and W97M.GOGA.A (related bullitin
MSO1-028). I have installed all the latest available updates and continue to
receive these 2 issues as problems week after week. Does anyone know what I
can do and if I should be concerned?

Thank you,
 
Elizabeth_H_2007 said:
I have Windows XP. I use Trend Micro PC-cillin Internet Security 2007 as my
antivirus program. When it runs a weekly scan, I get the following 2 issues
listed as VERY HIGH RISK vulnerabilities: TARGET: Office / ISSUE:
VBS.DAVINIA.A (related bullitin MSOO-O34) and W97M.GOGA.A (related bullitin
MSO1-028). I have installed all the latest available updates and continue to
receive these 2 issues as problems week after week. Does anyone know what I
can do and if I should be concerned?

Thank you,

Hi,
VBS.DAVINIA.A and W97M.GOGA.A are : Micro Viruses written in VBs
programming language, try to scan from other vendors with an online scanner
and also make sure the Trend definitions are up2date.
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
 
Hi Nass,

Thank you for your reply. I went onto HijackThis and ran a scan. I then
posted the log that I received on Castle Cops. No reply from there yet. I'm
really not sure what I should be looking for with these scans. My Trend
version is completely up-to-date and keeps finding the 2 issues. Those issues
don't appear when I run other scans with Spyware Doctor, etc. so I'm at a
loss.
 
Hi Elizabeth,
Could you please send me the Hijacklog at this address:
to_you_ross at yahoo.dot.co.dot.uk, replace the obvious to e-mail me (not
the underscore ( _ ) not (-) between to_you_ross.
Also could you include these info:
1- what operating system you are using, is XP Home or Pro?.
2- What version of Office you have install now on this machine?.
3- Your Connection to the Internet?.
4- When this happened, and did you install any software or copied old files
to your Outlook or received e-mail with attachment?.
5- Games installed on your Machine and other extra software.
Please try to use web based E-mail address not your Outlook/Express or other
Client to e-mail me, like Hotmail, Yahoo, Gmail...etc.

HTH.
nass
 
Hi Nass,

To answer some of your questions:
1 - XP Home
2- I have Word 2000 and Works 2005
3- Cable connection
4- I have been receiving these 2 issues as warnings for quite some time now.
Each time, I went to Microsoft's website for updates and thought it would be
resolved. But they continued to appear and I just dismissed them until
recently. I do not recall any particular thing being done before receiving
these msgs. I hadn't copied anything from Outlook, etc.
5- Pokerstars, Camedia Olympus Camera software, HP Officejet Printer
software, some games (that I don't play) that came loaded on my PC when it
was built for me in 2005. Powerpoint, Excel, Word, Works. Not sure if this is
what you meant (sorry, not very computer literate).

As I only use Outlook or Hotmail, I'll attach the log here. I'm not sure
what you meant by using a Web based email.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OE.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
Explorer Provided by SHAW Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} -
C:\WINDOWS\wcidBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program
Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program
Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet
Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security
2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media
Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1993962763-602162358-839522115-501\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft
Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Norton Confidence Online -
{144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -
http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163834479484
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) -
http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} -
http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -
http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend
Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend
Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks again!
 
Elizabeth_H_2007 said:
Hi Nass,

To answer some of your questions:
1 - XP Home
2- I have Word 2000 and Works 2005
3- Cable connection
4- I have been receiving these 2 issues as warnings for quite some time now.
Each time, I went to Microsoft's website for updates and thought it would be
resolved. But they continued to appear and I just dismissed them until
recently. I do not recall any particular thing being done before receiving
these msgs. I hadn't copied anything from Outlook, etc.
5- Pokerstars, Camedia Olympus Camera software, HP Officejet Printer
software, some games (that I don't play) that came loaded on my PC when it
was built for me in 2005. Powerpoint, Excel, Word, Works. Not sure if this is
what you meant (sorry, not very computer literate).

As I only use Outlook or Hotmail, I'll attach the log here. I'm not sure
what you meant by using a Web based email.

Please e-mail from either outlook or Hotmail. I meant by web based e-mail is
like accessing your e-mail account on the web/IE browser, not with a client
like Outlook/express, thunderbird..etc.

to_you_ross at yahoo.dot.co.dot.uk
This Microsoft Windows secuirty Newsgroup not Hijackthis Forums, so
analysing the log here not appropriate.
Just send me a ping with the subject in the header, I copied your log and
will have a look at it and see what we can do.
Regards,
nass
 
Hello again,
Sorry for my confusion. As I don't know what 'ping' means, how about if you
contact me at elizabeth underscore H underscore at hotmail dot com

Thanks again for your assistance.
 
I too use Trend Micro PC-Cillin and Windows XP. I am getting the same two
alerts. I have had no luck in figuring it out. Please let me know if you
find anything helpful.

Lyci
 
Hi, Dear MSFT folks,
I believe this is common problem for those who bought Trend Micro product
(including myslef). Is there anyway you can try it out yourself (the
product) to find out this MSFT problem or simply contact Trend Micro to
resolve this issue. Please let us know howto solve the problem soon.
Thanks.

Best regards,
Thomas
 
Thomas said:
Hi, Dear MSFT folks,
I believe this is common problem for those who bought Trend Micro product
(including myslef). Is there anyway you can try it out yourself (the
product) to find out this MSFT problem or simply contact Trend Micro to
resolve this issue. Please let us know howto solve the problem soon.
Thanks.

Best regards,
Thomas
 
Thomas said:
Hi, Dear MSFT folks,
I believe this is common problem for those who bought Trend Micro product
(including myslef). Is there anyway you can try it out yourself (the
product) to find out this MSFT problem or simply contact Trend Micro to
resolve this issue. Please let us know howto solve the problem soon.
Thanks.

Best regards,
Thomas
I have been dealing with this also. I have been in contact with Trend and
they had me do several things including downloading their cleaner and the
hijackthis and nothing has worked. I am still trying to resolve this and will
let you know if I find a solution...if I can find this place again...lol
 
I have been receiving the same VBS_DAVINIA.A vulnerability warning from
Trend 2007 on my Windows XP 2003. I just downloaded Trend 2008 & I'm still
receiving the same warning even after repeatedly checking for Microsoft
updates. Has anyone come up with a solution yet?
 
jocelynnrenee said:
I have been receiving the same VBS_DAVINIA.A vulnerability warning from
Trend 2007 on my Windows XP 2003. I just downloaded Trend 2008 & I'm still
receiving the same warning even after repeatedly checking for Microsoft
updates. Has anyone come up with a solution yet?
 
I also use Trend Micro product and have been getting this warning on both of
my computers, XP pro and Vista prem. What I think this problem is related
to, at least im my case is the fact that I UPGRADED from Office 2000, to
Office 2003. Now that I have Office 2003, microsoft doesn't see any more
updates that I need, BUT in my computer when scans are done the Trend Micro
scan sees some of the left over old files from Office 2000, which if I was
using Office 2000 would be a legitamate flag to that VBS_DAVINIA_A
vulnerability. Since I am and some of you are using Office 2003 this MAY NOT
BE vulnerability issue. An answer from someone at Microsoft about this
upgrade issue would be geat to clear up this for everyone.

Thanks,
John A.
 
I just got my computer about a month ago..and i had 2 vunerbilities..I got
rid of one on my own after getting the run around from both Tech Pc and
microsoft..each was the other ones fault.I had MS)00-034 and MS01-028(this is
the one I;m having the problem with W97m_goga.a) I removed the first one from
downloading a patch.Now for some reason I'm unable to remove the other.I have
vista basic but i downloaded Microsoft 2000..you know for the word,
powerpoint etc..I did not need the lastest version..cause im only writing
basic papers for school..the the scan is not erasing the problem..and
according to Microsoft my updates are UTD. If anyone figures out the problem
please post the
link...http://www.microsoft.com/downloads/...-40cf-a84a-6284f5a15533&displayLang=en..Maybe
this link my help a few people out..cause that removed the (davina one..you
guys where talking bout)
 
IT IS THE TREND MICRO--sorry, but...just look at the posts. What a rip-off! I
have been on and offline for 6 mos. trying to figure this out! And dont try
sending TM an email (robo-mails w/20 pp of stuff to send them--even though
you cant send any mail out!), by phone (they spend alot of time repeating,
"So its not working for you...." and "Ew, wow...".)and end every mail/phone
with (i dont know if its sarcastic or not)HAVE a really really great
day!!!!!! Forget the $39.99--well, I'm still trying to get it back, but you'l
end up messing up your entire registry trying to fix it. I'm going to buy
something else. If you dont believe me, try www.trendmicro.complaints.com or
google I hate Trend Micro . I dont care if Geek Squad (who have gotten
wayyytoo involved with their badges and foot condoms lately) says it's "best
thing since sliced bread"! Like cCarlin said"You got a loaf of bread, you got
a knife, f***in' slice it!"
 
Back
Top