Centinel VxD help

FrnchDp · 03-23-2004, 02:31 AM

Alright.. from time to time now, I've been getting this "Ending Program" dialogue box when I shut down the pc.. Centinel VxD is the culprit.

From what I've found, this looks to be a Trojan. Unfrtunetly, most searches reveal that this appears to be a foreign problem as most web sites that come up are either dutch, spanish or italian (none of which I speak or understand well enough to get any kind of info!) So.. who here knows anything about this program?? It doesn show up in my task manager.. my AV doesn't pick it up and even the online TrojanScan couldn't find anything (althoug their listed database is dated to 12/03 so..)

Any suggestions?

Specs include XP pro, Sygate Personal FW, Panda AV, Linksys Wireless router (but I'm not on the wireless).. All software is updated although my extremely limited trojan knowledge leads me to remember that Trojan travel trhough ports..

Thanks in advance !!

Direct1 · 03-23-2004, 03:00 AM

You didn't say if you have done any on-line virus scans? That would be my first thing to try (installed AV programs can be fooled)...

http://security.symantec.com/sscv6/d...d=ie&venid=sym

http://housecall.trendmicro.com/

http://www.pandasoftware.com/actives..._principal.htm

Good luck!

BipolarBill · 03-23-2004, 10:01 AM

Here's one:

http://www.simplysup.com/tremover/details.html

Also:

www.moosoft.com

FrnchDp · 03-23-2004, 01:26 PM

Direct1 -> I have not run a online virus scan.. just the online trojan scan. I'll try one of the online VS. My Panda AV is usually updated almost every day..

To both of you, thanks for the prompt replies and links.. I'll look into them and work on the problem when I get home from work (is it friday yet!?

)

ps.. is there really any reason to have an AV running if I'm behind a router and firewall? Can't I just run online scans on a routine schedule?

Direct1 · 03-23-2004, 01:33 PM

Quote:

ps.. is there really any reason to have an AV running if I'm behind a router and firewall? Can't I just run online scans on a routine schedule?

A router/firewall is not going to stop/catch a virus sent to you in e-mail. Updated AntiVirus software can. I wouldn't pay for it though. My favorite is:

http://www.free-av.com/

A lot of people like this one too..

http://www.grisoft.com/us/us_index.php

Both are free and updated regularly.

Good luck!

BipolarBill · 03-23-2004, 01:34 PM

There's never a good time to turn off your AV program. Wrong thinking there...

Most viruses come via file-sharing or e-mail. The router does nothing for those.

Always run your AV program and always keep it updated.

FrnchDp · 03-23-2004, 03:25 PM

That's what I figured.. mine is always on and always updated. but I was wondering.

Thanks

FrnchDp · 03-24-2004, 01:17 AM

Well, after countless web research and what not, it appears that I have Backdoor.Delf.C trojan snaking intself on my machine.. Strangely enough though, this trojan was discovered back in 2002, yet all the onlin scans / Av scans I'v run have found nothing (currently running the symmantec online scan!) funny enough symmantec's solution to this problem is to run it's NAV product!

So still scanning.. I found a couple of dated threads on random forums (one in french) about this trojan, but apparently ppl don't like to share HOW they solved their problems.

I see nothing in the processes, nothing in msconfig startup.. but I still get the "Ending progarm" diag box when I shut down.. although not every single time

http://securityresponse.symantec.com...or.delf.c.html

I'll keep scratching my head.. meanwhile, I hope I don't have some lame hacker tapping into my system

Direct1 · 03-24-2004, 01:23 AM

This should help remove it...

http://www.pestpatrol.com/pestinfo/b...0and%20Removal

You had said you did an on-line trojan scan? One would think that would have caught it? Hmm??

Good luck!

BipolarBill · 03-24-2004, 08:51 AM

Viruses are fully capable of disabling or damaging an AV program.

You've been given many suggestions on how to deal with this, but you have not acknowledged any of them. Don't you think that this is a bit rude? You know that Norton missed it, yet you stubbornly refuse to try another method to deal with it.

Let me know if you plan to keep ignoring our recommendations so I can close the thread.

FrnchDp · 03-24-2004, 10:57 AM

Good Morning Bill,

My apologies for not acknowledging that I went to every single site you and Direct1 posted. I only mentioned Norton's online scan because I was in the process of using it as I was writing my last post. I had d/l Super Software's trojan remover, and ran it to no avail. My own evaluation copy of the Cleaner had expired and was going to remove it to try it again (I failed in this as I was exhausted and went to bed after the Norton scan).

I also ran Trend Micro's online scan with no detection. I did not run the Panda scan as it is my AV and I had run the offline version fuilly updated.

I have just read Direct1 post witht the link to PestPatrol and will try it when I get home tonight after work. I WILL post the results upon finishing the process because I do in fact appreciate and value your input as well as all other members that help each other out on this forum.

My apologies again, if in my tired state of mind I ommited detailing all of my attempts at solving this problem. I spent most of my evening researching this so as not to bombard you guys with oblivious questions. Interestingly enough, most hits that are returned upon a search for Centinel VxD come from spain and are therefore in Spanish.. interesting...

Thanks again, I do appreciate it..

Rob R. · 03-24-2004, 11:12 AM

VXD = virtual driver.

Centinel VxD = virtual driver for an anti virus program.

The worm you speak of, Backdoor.Delf.C, attempts to locate Centinel VxD among many other programs, processes, etc and shut them down in an attempt to avoid detection.

Just stop looking for this phantom menace worm and start looking for why your anti-virus program is not shutting down properly.

FrnchDp · 03-24-2004, 01:03 PM

Thanks Rob! That would explain why I can't seem to find it!! I'll uninstall and reinstall my AV prog tonight and see if that helps any.. I'll post the results.

Thanks for the help..

FrnchDp · 03-24-2004, 09:55 PM

to Rob R.

Good call on the antivirus improper shutdown.. I'd love to know how you figured it out.. must've been a different search engine than the ones I used!!

Removed my AV, shutdown... no probs. Rebooted, reinstalled AV, re-shutdown... still no more problem with Centinel vxd. virtual driver! what'll they think of next?! I'm just astounded that that information just didn't come up anywhere I looked..

Many thanks, many praises to BpB, Direct1 and Rob R.

Learn new things everyday, and I thank those who teach me..

Rob R. · 03-25-2004, 08:57 AM

I have had my fights with virtual drivers in the past. It just sounded peculiar that a worm or virus would have anything to do with a virtual driver to me.

I am glad your problem is solved now though.