Solved

Microsoft windows provide

Posted on 2010-09-21
11
321 Views
Last Modified: 2013-11-22
Hi experts, I have windows Vista on my home pc and after that my Bullguard antivirus caught a trojan and deleted it I start getting messages that Provide does not work anymore with the options of looking for a solution online or close the application or search for errors in the application. It keeps opening lots of windows of microsoft windows .NET. While my blullguards which gets updated every day can't find any more infections, these windows keeps opening one after another. Very annoying. It gets also more aggressive when I remove provide from the msconfig startup and doing a scan with Bullguard.Yesterday I saw the entry of the registry and I removed it and my PC was OK for the whole day. Today I turned it on again and it started again. It also ask methat provide wants access to internet if that is allowed. Can someone tell me what provide is and what is microsoft using it for?
0
Comment
Question by:sharscho
  • 5
  • 5
11 Comments
 
LVL 22

Expert Comment

by:optoma
ID: 33729215
Hi. Not sure what it is. Can you post a screenshot?

Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

If still having issue run Combofix(right click + run as admin) and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 92

Accepted Solution

by:
nobus earned 500 total points
ID: 33732181
what trojan was it?
i also use these  :
   Spybot :        http://www.download.com/3000-8022-10122137.html
http://www.malwarebytes.org/mbam.php                         MBAM
0
 

Author Comment

by:sharscho
ID: 33867921
Sorry that it took so long. Lot of things going on and I still have the same issue on my pc. I did not apply your advices yet. I wanted to send more info first.
it is these trojans:
4792875 and 4794262

This is what my virus scanner app (Bullguard) is detecting:
C:\Users\shartjon\AppData\Roaming\Extractor Services\Update Services.exe which it says it is infected and also this one C:\Users\shartjon\AppData\Roaming\Extractor Services\update services.exe.vir This update services keeps trying to damamge my pc but bullguard blocks it.
sometimes more than one and it can remove all except one of them. And I can get to the map C:\Users\shartjon\AppData\Roaming but I don't see the rest even though I deselected hidden files from the app data directory and its sub dir. I run a scan twice after each other and everytime it detects the same. I wonder what the updates services is. Also provide ask permission to the internet but bullguard blocks it. But it keeps tryig and the notifications stays on screen like 249 of them and it keeps going up.
I am also loading screen images. The prive path is what it puts in the registry.
provide-path.doc
viruserror.doc
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 92

Expert Comment

by:nobus
ID: 33869419
try running MBAM, as suggested !
0
 

Author Comment

by:sharscho
ID: 33884913
I did download the MBAM and it did find 3 text files which he removed and I still don't see any signs of the update services and or provide. I will keep an eye on it for the next couple of days.
are these fles the problem of the whole issue? And not the update services.exe? Can you explain how these malware work and how the cause these issues?

these are the files:
Bestanden geïnfecteerd:
C:\Users\shartjon\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\shartjon\AppData\Local\Temp\XX--XX--XX.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\shartjon\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
0
 
LVL 92

Expert Comment

by:nobus
ID: 33885695
>>  Can you explain how these malware work and how the cause these issues?<<  they have to be identified properly first

and yes - those files do not look ok..
run spybot too...

btw  - dutch speaking??
   
0
 

Author Comment

by:sharscho
ID: 33955720
Hi nobus, yes I am dutch speaking. I did run the spybot but it did not give more results. I waited to see if the pc was going to behave strange again but it continued working fine after I ran the MBAM. So I assume that the problem is solved now and want to thank you for your help and effort.
0
 

Author Closing Comment

by:sharscho
ID: 33955726
Very good advice!!
0
 
LVL 92

Expert Comment

by:nobus
ID: 33956187
me also speaky dutch; who catched it? mbam or spybot?
anyway, tx for the feedback !
0
 

Author Comment

by:sharscho
ID: 33956743
Hi Nobus, mbam did the thing, after I ran mbam all issues dissappeared. Now I think it is better to buy mbam next time instead of the expensive virus scanner. btw leuk dat je ook een dutch speaker bent, krijg je niet vaak! thanks again for your help.
0
 
LVL 92

Expert Comment

by:nobus
ID: 33958431
ik woon rond Antwerpen-
and you need :
1 - a good virus scanner
2- mbam, and spybot, if any gets around the corner !
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is CCleaner a virus?  Do you use CCleaner? 18 387
Event ID: 7023 / Source: Service Control Manager 4 145
PCAnywhere 2 135
EICAR File 5 72
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question