Does my computer have any threats or uneed files?

[aaa839]

because my computer sometimes slow

hope anyone can help me to fix the problem

 

scan repored

http://forums.iobit.com/attachment.php?attachmentid=2146&stc=1&d=1256280710

Hijacks scan reported.txt

[jelrikj]

Reply

 

this look suspicious! :roll:

 

O23 - Service: ¥D?¨¾±s (ZhuDongFangYu) - 360¦w¥þ¤¤¤ß - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe

[aaa839]

this look suspicious! :roll:

 

O23 - Service: ¥D?¨¾±s (ZhuDongFangYu) - 360¦w¥þ¤¤¤ß - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe

 

this is china anti-maleware tools...

call 360安全衛士 is for their cloud secruity engine

 

virus total scan

 

http://www.virustotal.com/analisis/54f19fe356493fb9bcd45ae1cc0805e0af4a2d6f09e22b7d786e8ecc4ee1a763-1255743699

[333halfevil]

Hello. Could you please:

 

Use Unlock and Delete to remove:

• C:\Program Files\ALiBaBar\ALiBaBar.dll
  

 

Select the corresponding box in Hijack Scan to remove:

• O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\Program Files\ALiBaBar\ALiBaBar.dll
  

[aaa839]

Hello. Could you please:

 

Use Unlock and Delete to remove:

• C:\Program Files\ALiBaBar\ALiBaBar.dll
  

 

Select the corresponding box in Hijack Scan to remove:

• O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\Program Files\ALiBaBar\ALiBaBar.dll
  

 

this file is my chinese traditional and simple chinese translation toolbar...

website

http://alf-li.pcdiscuss.com/e_index.html#alibabar

scan reported

Antivirus Version Last Update Result

a-squared 4.5.0.41 2009.10.07 -

AhnLab-V3 5.0.0.2 2009.10.06 -

AntiVir 7.9.1.33 2009.10.07 -

Antiy-AVL 2.0.3.7 2009.10.05 -

Authentium 5.1.2.4 2009.10.07 -

Avast 4.8.1351.0 2009.10.07 -

AVG 8.5.0.420 2009.10.04 -

BitDefender 7.2 2009.10.07 -

CAT-QuickHeal 10.00 2009.10.07 -

ClamAV 0.94.1 2009.10.07 -

Comodo 2527 2009.10.07 UnclassifiedMalware

DrWeb 5.0.0.12182 2009.10.07 -

eSafe 7.0.17.0 2009.10.06 -

eTrust-Vet 35.1.7055 2009.10.07 -

F-Prot 4.5.1.85 2009.10.06 -

F-Secure 8.0.14470.0 2009.10.07 -

Fortinet 3.120.0.0 2009.10.07 -

GData 19 2009.10.07 -

Ikarus T3.1.1.72.0 2009.10.07 -

Jiangmin 11.0.800 2009.10.07 -

K7AntiVirus 7.10.863 2009.10.06 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2009.10.07 -

McAfee 5763 2009.10.06 -

McAfee+Artemis 5763 2009.10.06 Artemis!E18997873DDF

McAfee-GW-Edition 6.8.5 2009.10.07 -

Microsoft 1.5101 2009.10.07 -

NOD32 4487 2009.10.07 -

Norman 6.01.09 2009.10.06 -

nProtect 2009.1.8.0 2009.10.07 -

Panda 10.0.2.2 2009.10.06 Adware/Alibabar

PCTools 4.4.2.0 2009.10.07 -

Prevx 3.0 2009.10.07 -

Rising 21.49.22.00 2009.09.30 -

Sophos 4.45.0 2009.10.07 -

Sunbelt 3.2.1858.2 2009.10.07 Alibaba Toolbar

Symantec 1.4.4.12 2009.10.07 -

TheHacker 6.5.0.2.032 2009.10.06 -

TrendMicro 8.950.0.1094 2009.10.07 -

VBA32 3.12.10.11 2009.10.07 -

ViRobot 2009.10.7.1974 2009.10.07 -

VirusBuster 4.6.5.0 2009.10.06 -

Additional information

File size: 970240 bytes

MD5 : e18997873ddf51bc377342d69f230f44

SHA1 : 9e2619db420f72d703e374f5e9fc4829b7b3aac5

SHA256: c7df5d740f825a5d41452ae5ec174b958eb8a2b697b90a951b4edb12a7d5349f

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x8B4D8

timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)

machinetype.......: 0x14C (Intel I386)

 

( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

CODE 0x1000 0x8A514 0x8A600 6.51 c6670dc99c81696de15d6d24045b579a

DATA 0x8C000 0x137C 0x1400 4.22 2890e338df6c29fd2b53f181b9b03a51

BSS 0x8E000 0xAE62D 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.idata 0x13D000 0x27A6 0x2800 5.05 8f9ebce824003172609be85e551b7115

.edata 0x140000 0xA5 0x200 1.88 23b4983ee8b7ab27745f5038bd79b70f

.reloc 0x141000 0x9288 0x9400 6.66 408715fbf3becb5243b5666449385153

.rsrc 0x14B000 0x55200 0x55200 6.46 70c3fcc2eec86514e6e5c35e84ae8efb

 

( 10 imports )

 

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_LoadImageA, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls

> comdlg32.dll: ChooseColorA

> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExtTextOutA, ExtCreatePen, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt

> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle

> ole32.dll: CoTaskMemFree, StringFromCLSID, CoLockObjectExternal, CoDisconnectObject, CoRevokeClassObject, CoRegisterClassObject, CoUninitialize, CoInitialize, IsEqualGUID

> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen

> shell32.dll: ShellExecuteA

> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA

> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

 

( 1 exports )

 

> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

TrID : File type identification

Windows OCX File (63.0%)

InstallShield setup (21.9%)

Win32 Executable Delphi generic (7.4%)

Win32 Executable Generic (4.3%)

Win16/32 Executable Delphi generic (1.0%)

ssdeep: 12288:5Rh1OpNqPHe0aG8sRWp7OdSDBO0fsKRDkYcDWHQpG8ocH35Gx1665n/:5ZEIBJdW0KRDCvH23/

PEiD : -

CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=e18997873ddf51bc377342d69f230f44

RDS : NSRL Reference Data Set

-

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

[333halfevil]

As you can see from above, it is actually malware. So please remove :smile:

[aaa839]

As you can see from above, it is actually malware. So please remove :smile:

 

That is false positive

I send it to Avira Virus testing lab

Suspicious Files and Miscellaneous Uploads

 

Thank you for your submission. Below you can see the current status of the uploaded files.

 

 

--------------------------------------------------------------------------------

 

A listing of files alongside their results can be found below:

 

File ID Filename Size (Byte) Result

230288 ALiBaBar.dll 947.5 KB FALSE POSITIVE

 

 

Please find a detailed report concerning each individual sample below:

 

Filename Result

ALiBaBar.dll FALSE POSITIVE

 

The file 'ALiBaBar.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 6.38.0.94 .

 

 

--------------------------------------------------------------------------------

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

[333halfevil]

It depends on the verdict of the researcher. Some do classify this toolbar as adware, and for that reason it is detected by certain vendors. If you would like to keep the toolbar, you can of course, however, it is suggested that you remove it :smile:

[aaa839]

It depends on the verdict of the researcher. Some do classify this toolbar as adware, and for that reason it is detected by certain vendors. If you would like to keep the toolbar, you can of course, however, it is suggested that you remove it :smile:

 

that's okay

but my computer have any other threats?

[333halfevil]

that's okay

but my computer have any other threats?

 

Nope :smile:

[aaa839]

Nope :smile:

 

thanks for your help

but I don"t know why my computer have usally open more than one programmewill get the system freeze