Home Support

<  Back to Homepage

AVG Support Community

Share tips and solutions on AVG Products

Have a question?

Community topics

Browse by categories

AVG Gurus

These community experts are here to help

  • (AB) Alan Binch
  • (BA) Borislav Angelov
  • (VB) Vladimir Bartl
  • (SK) Subhadeep Kanungo
  • (MS) Miloslav Serba
ShowAll Questionssorted byRecent Activity
Amy HallAmy Hall 

Win32/Zmist

I run a daily scan on my laptop and a few days ago it found 1 threat. I click on the veiw detections and it says Win32/Zmist  healed. I ran another scan it t & this threat keeps comin up and saying it is healed. What does this mean & do i need to be worried about it? Also how do i remove this so when i do a scan it wont keep showing up,it does not give me any options to click on.
 
Best Answer chosen by Petr Jezek (Avast)
Amy HallAmy Hall
Ok they can take their time. I ran another scan last night & now that threat is no longer showing up in the results. The only thing i can think i did different in the past few days is i put my laptop to sleep at night instead of shutting it down like i normal do everynight. Last night i had to restart my computer due to some updates it needed & when my scudule scan ran at the schudle time (9pm) the threat did not show up on that scan.

All Answers

Alan BinchAlan Binch
Amy, In order to analyze it please provide AVG with GMER (http://kb.avg.com/articles/en_US/How_to/GMER-Scan-Result/) and AVG scan result export (http://kb.avg.com/articles/en_US/How_to/AVG-scan-result-export/).
AVG Guru
Amy HallAmy Hall
Ok i did what you wanted & here is the info it gave me:  amyh974@yahoo.com_16081507.7z 
Amy HallAmy Hall
I also saved the files on my computer so if i need to copy & paste them here i can
Amy HallAmy Hall
Scan-Result:
"Scheduled Scan"
"High severity";"1";"1";"0"
"Scanned folders:";"Scan Whole Computer"
"Started:";"8/14/2014, 9:00:00 PM"
"Finished:";"8/14/2014, 9:27:02 PM"
"Scanned items:";"151203"
"Launched by:";"SYSTEM"

"Name";"Description";"Status";"Status";"Priority"
"c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (3416)";"Virus found Win32/Zmist";"Secured";"Healed";"High"
Amy HallAmy Hall
The other scanyou wanted me to do:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-16 10:05:31
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST750LM022_HN-M750MBB rev.2BA30001 698.64GB
Running: Tool.exe.exe; Driver: C:\Users\Amy\AppData\Local\Temp\uwldapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4552] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506  00007ffaa41c169a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4552] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514  00007ffaa41c16a2 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4552] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118     00007ffaa41c181a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4552] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142     00007ffaa41c1832 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[5612] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                        00007ffaa41c169a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[5612] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                        00007ffaa41c16a2 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[5612] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                           00007ffaa41c181a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe[5612] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                           00007ffaa41c1832 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[8120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                   00007ffaa41c169a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[8120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                   00007ffaa41c16a2 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[8120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                      00007ffaa41c181a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe[8120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                      00007ffaa41c1832 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[7936] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506             00007ffaa41c169a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[7936] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514             00007ffaa41c16a2 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[7936] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                00007ffaa41c181a 4 bytes [1C, A4, FA, 7F]
.text   C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe[7936] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                00007ffaa41c1832 4 bytes [1C, A4, FA, 7F]
.text   C:\Windows\System32\igfxpers.exe[7752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                              00007ffaa41c169a 4 bytes [1C, A4, FA, 7F]
.text   C:\Windows\System32\igfxpers.exe[7752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                              00007ffaa41c16a2 4 bytes [1C, A4, FA, 7F]
.text   C:\Windows\System32\igfxpers.exe[7752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                 00007ffaa41c181a 4 bytes [1C, A4, FA, 7F]
.text   C:\Windows\System32\igfxpers.exe[7752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                 00007ffaa41c1832 4 bytes [1C, A4, FA, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [5216:6896]                                                                                                  fffff9600080db90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----
Alan BinchAlan Binch
Amy, Your info will be analysed ASAP.. Re AVG Community Support expert assistance.. They will attend to your posting @ their earliest convenience but please bear in mind it's now the weekend (http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=190509)  in Brno, Czech Rep..
AVG Guru
Amy HallAmy Hall
Ok they can take their time. I ran another scan last night & now that threat is no longer showing up in the results. The only thing i can think i did different in the past few days is i put my laptop to sleep at night instead of shutting it down like i normal do everynight. Last night i had to restart my computer due to some updates it needed & when my scudule scan ran at the schudle time (9pm) the threat did not show up on that scan.
This was selected as the best answer
Alan BinchAlan Binch
Amy, It may well have been a false detection that was cleared by a vdb update.
AVG Guru
ZbynekZbynek (Avast) 
Hi Amy,
I am happy to see that your issue is resolved.
Thanks for posting back.
Amy HallAmy Hall
Ok it has been a week and guess what my scan results are showing the Win32/Zmist virus again saying it was healed. For two days in a row my scan has caught this & both times i restarted my laptop and ran another scan and then it did not show it again. What is going on here with this Win32/Zmist virus showing up and then not showing up again when i run another scan after i do a restart on my laptop? Do i need to be worried about this and how do i stop it?
Ask a question
Struggling with non-AVG technology? We can fix that, too!