Page 1 of 2 1 2 LastLast
Results 1 to 15 of 18

Thread: Centinel VxD help

  1. #1
    Senior Member FrnchDp's Avatar
    Join Date
    Feb 2003
    Location
    Across the street
    Posts
    602

    Centinel VxD help

    Alright.. from time to time now, I've been getting this "Ending Program" dialogue box when I shut down the pc.. Centinel VxD is the culprit.

    From what I've found, this looks to be a Trojan. Unfrtunetly, most searches reveal that this appears to be a foreign problem as most web sites that come up are either dutch, spanish or italian (none of which I speak or understand well enough to get any kind of info!) So.. who here knows anything about this program?? It doesn show up in my task manager.. my AV doesn't pick it up and even the online TrojanScan couldn't find anything (althoug their listed database is dated to 12/03 so..)

    Any suggestions?


    Specs include XP pro, Sygate Personal FW, Panda AV, Linksys Wireless router (but I'm not on the wireless).. All software is updated although my extremely limited trojan knowledge leads me to remember that Trojan travel trhough ports..

    Thanks in advance !!

    "Why is it drug addicts and computer aficionados are both called users?" - C. Stoll

  2. #2
    Ultimate Member Direct1's Avatar
    Join Date
    Feb 2002
    Location
    Northern California
    Posts
    2,470
    You didn't say if you have done any on-line virus scans? That would be my first thing to try (installed AV programs can be fooled)...

    http://security.symantec.com/sscv6/d...d=ie&venid=sym

    http://housecall.trendmicro.com/

    http://www.pandasoftware.com/actives..._principal.htm

    Good luck!

  3. #3
    Extreme Member! BipolarBill's Avatar
    Join Date
    Oct 2000
    Location
    Norton Noo Joisey
    Posts
    41,528
    MS MCP, MCSE

  4. #4
    Senior Member FrnchDp's Avatar
    Join Date
    Feb 2003
    Location
    Across the street
    Posts
    602
    Direct1 -> I have not run a online virus scan.. just the online trojan scan. I'll try one of the online VS. My Panda AV is usually updated almost every day..

    To both of you, thanks for the prompt replies and links.. I'll look into them and work on the problem when I get home from work (is it friday yet!? )





    ps.. is there really any reason to have an AV running if I'm behind a router and firewall? Can't I just run online scans on a routine schedule?

    "Why is it drug addicts and computer aficionados are both called users?" - C. Stoll

  5. #5
    Ultimate Member Direct1's Avatar
    Join Date
    Feb 2002
    Location
    Northern California
    Posts
    2,470
    ps.. is there really any reason to have an AV running if I'm behind a router and firewall? Can't I just run online scans on a routine schedule?
    A router/firewall is not going to stop/catch a virus sent to you in e-mail. Updated AntiVirus software can. I wouldn't pay for it though. My favorite is:

    http://www.free-av.com/

    A lot of people like this one too..

    http://www.grisoft.com/us/us_index.php

    Both are free and updated regularly.

    Good luck!

  6. #6
    Extreme Member! BipolarBill's Avatar
    Join Date
    Oct 2000
    Location
    Norton Noo Joisey
    Posts
    41,528
    There's never a good time to turn off your AV program. Wrong thinking there...

    Most viruses come via file-sharing or e-mail. The router does nothing for those.

    Always run your AV program and always keep it updated.
    MS MCP, MCSE

  7. #7
    Senior Member FrnchDp's Avatar
    Join Date
    Feb 2003
    Location
    Across the street
    Posts
    602
    That's what I figured.. mine is always on and always updated. but I was wondering.

    Thanks


    "Why is it drug addicts and computer aficionados are both called users?" - C. Stoll

  8. #8
    Senior Member FrnchDp's Avatar
    Join Date
    Feb 2003
    Location
    Across the street
    Posts
    602
    Well, after countless web research and what not, it appears that I have Backdoor.Delf.C trojan snaking intself on my machine.. Strangely enough though, this trojan was discovered back in 2002, yet all the onlin scans / Av scans I'v run have found nothing (currently running the symmantec online scan!) funny enough symmantec's solution to this problem is to run it's NAV product!

    So still scanning.. I found a couple of dated threads on random forums (one in french) about this trojan, but apparently ppl don't like to share HOW they solved their problems.

    I see nothing in the processes, nothing in msconfig startup.. but I still get the "Ending progarm" diag box when I shut down.. although not every single time

    http://securityresponse.symantec.com...or.delf.c.html


    I'll keep scratching my head.. meanwhile, I hope I don't have some lame hacker tapping into my system

    "Why is it drug addicts and computer aficionados are both called users?" - C. Stoll

  9. #9
    Ultimate Member Direct1's Avatar
    Join Date
    Feb 2002
    Location
    Northern California
    Posts
    2,470
    This should help remove it...

    http://www.pestpatrol.com/pestinfo/b...0and%20Removal

    You had said you did an on-line trojan scan? One would think that would have caught it? Hmm??

    Good luck!

  10. #10
    Extreme Member! BipolarBill's Avatar
    Join Date
    Oct 2000
    Location
    Norton Noo Joisey
    Posts
    41,528
    Viruses are fully capable of disabling or damaging an AV program.

    You've been given many suggestions on how to deal with this, but you have not acknowledged any of them. Don't you think that this is a bit rude? You know that Norton missed it, yet you stubbornly refuse to try another method to deal with it.

    Let me know if you plan to keep ignoring our recommendations so I can close the thread.
    MS MCP, MCSE

  11. #11
    Senior Member FrnchDp's Avatar
    Join Date
    Feb 2003
    Location
    Across the street
    Posts
    602
    Good Morning Bill,

    My apologies for not acknowledging that I went to every single site you and Direct1 posted. I only mentioned Norton's online scan because I was in the process of using it as I was writing my last post. I had d/l Super Software's trojan remover, and ran it to no avail. My own evaluation copy of the Cleaner had expired and was going to remove it to try it again (I failed in this as I was exhausted and went to bed after the Norton scan).

    I also ran Trend Micro's online scan with no detection. I did not run the Panda scan as it is my AV and I had run the offline version fuilly updated.

    I have just read Direct1 post witht the link to PestPatrol and will try it when I get home tonight after work. I WILL post the results upon finishing the process because I do in fact appreciate and value your input as well as all other members that help each other out on this forum.

    My apologies again, if in my tired state of mind I ommited detailing all of my attempts at solving this problem. I spent most of my evening researching this so as not to bombard you guys with oblivious questions. Interestingly enough, most hits that are returned upon a search for Centinel VxD come from spain and are therefore in Spanish.. interesting...

    Thanks again, I do appreciate it..

    "Why is it drug addicts and computer aficionados are both called users?" - C. Stoll

  12. #12
    Ultimate Member Rob R.'s Avatar
    Join Date
    Mar 2002
    Location
    Denver
    Posts
    1,081
    VXD = virtual driver.

    Centinel VxD = virtual driver for an anti virus program.

    The worm you speak of, Backdoor.Delf.C, attempts to locate Centinel VxD among many other programs, processes, etc and shut them down in an attempt to avoid detection.

    Just stop looking for this phantom menace worm and start looking for why your anti-virus program is not shutting down properly.

  13. #13
    Senior Member FrnchDp's Avatar
    Join Date
    Feb 2003
    Location
    Across the street
    Posts
    602
    Thanks Rob! That would explain why I can't seem to find it!! I'll uninstall and reinstall my AV prog tonight and see if that helps any.. I'll post the results.

    Thanks for the help..

    "Why is it drug addicts and computer aficionados are both called users?" - C. Stoll

  14. #14
    Senior Member FrnchDp's Avatar
    Join Date
    Feb 2003
    Location
    Across the street
    Posts
    602
    to Rob R.

    Good call on the antivirus improper shutdown.. I'd love to know how you figured it out.. must've been a different search engine than the ones I used!!

    Removed my AV, shutdown... no probs. Rebooted, reinstalled AV, re-shutdown... still no more problem with Centinel vxd. virtual driver! what'll they think of next?! I'm just astounded that that information just didn't come up anywhere I looked..

    Many thanks, many praises to BpB, Direct1 and Rob R.

    Learn new things everyday, and I thank those who teach me..

    "Why is it drug addicts and computer aficionados are both called users?" - C. Stoll

  15. #15
    Ultimate Member Rob R.'s Avatar
    Join Date
    Mar 2002
    Location
    Denver
    Posts
    1,081
    I have had my fights with virtual drivers in the past. It just sounded peculiar that a worm or virus would have anything to do with a virtual driver to me.

    I am glad your problem is solved now though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •