Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Avast! found Adware-gen and procces is360??


blacksea

Recommended Posts

Hi there blacksea ;

 

It's probably not a virus at all. Looks like an audio driver, but let's make sure and have it analysed at Virus Total :

http://www.virustotal.com/

 

Browse for this file :

C:\WINDOWS\system32\cmirmdrv.exe

 

You may get a "This file has already been analysed" message ; if so, just click for a new analysis. Paste the report here (or the URL of the page from Virus Total).

 

I don't know why Avast! is linking it to IS360 though. Maybe because the tool was scanning it and that triggered the detection (possibly a false positive).

 

===

Link to comment
Share on other sites

Hi so_sad,

 

I did what you've asked and I sended cmirmdrv.exe to VirusTotal AND Jotti's malware scan. First I sended the file to VirusTotal but after 5 minutes it was still sending. So I decided to upload the file also to Jotti's. And now it is 30 minutes later and still both are 'sending' the files to be scanned. The size is only 228 kb and my internet speed is good also.

 

Blacksea

 

Note: Now about 50 minutes later, VirusTotal has crashed; This webpage is not available.

 

The webpage at http://www.virustotal.com/vt/en/recepcion?4a2caae0c712de9d2eba787fe7690c38 might be temporarily down or it may have moved permanently to a new web address.

 

And Jotti is still sending the file..

Link to comment
Share on other sites

an other virus..

 

and now Avast! warns me about a other virus..:?

Which I didn't have before. Maybe they have have a similatiry? Don't know, I just posted it to be sure.

 

And I tried to upload the file again, and again virus total crashed.

Link to comment
Share on other sites

Hi blacksea,

 

Now that's strange. That second detection is in the Restore points, so not a danger, but having it linked to svchost worries me, because we have rootkits that hook svchost these days. Having said that, do not delete or touch svchost.exe - ever.

 

Tell you what : can you upload a copy of cmirmdrv.exe on Senduit for me ? :

http://www.senduit.com/

 

Just click the "Browse..." button, then locate the file and double-click it. Don't click "Upload" just yet ; first, change the "Expire in:" option to 3 days, then you can click "Upload".

Once uploaded, a link will appear, highlighted in blue. Please copy/paste that link here for me.

 

*Just a friendly warning to viewers : if that file is indeed infected, you don't want to play with it, not even download it so be warned. I'll grab it from a test machine which can be infected without any worries or risks.

 

===

Link to comment
Share on other sites

Hi blacksea,

 

Thanks for removing the link. The file is fine.

 

I scanned it at VirusTotal and was told it had already been analysed, so I had a look : 3 detections out of 41 antivrus scanners (2 for Avast!)

http://www.virustotal.com/fr/analisis/65c5af2c4879ea82ee1f08a533a76d72d66e06827ab2f6c67cd18300ee8a3baa-1275321378

 

I then had the file I have from your machine analysed : it scored a big fat 0

http://www.virustotal.com/fr/analisis/65c5af2c4879ea82ee1f08a533a76d72d66e06827ab2f6c67cd18300ee8a3baa-1275409950

 

File properties says it's "CmiRemoveDriver MFC Application" : it looks like an interface provided by C-Media and used by Microsoft ;

http://www.filename.info/f/cmirmdrv.exe.html

 

Avast! seem to have corrected the false positive.

============

 

Now, about your problem gettinig to VT and Jotti's : that's not supposed to happen. Can you try again please (with the same file) ? And also try with VirScan, just to see if you can access it Ok :

http://virscan.org/

 

If the problems persist with the online file scanners, try going to some of the following antivirus sites :

 

http://www.kaspersky.com

http://www.eset.com/

http://www.symantec.com/index.jsp

http://home.mcafee.com/

 

if those are blocked, you most definitely have a problem (infection).

 

Are you noticing any other problems like search redirects, fake warnings, popups, etc... ?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...