Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Infection LavasoftTcpService.dll

10 May 2015   #1
GokAy

Windows 7 Ultimate x64 SP1
 
 
Infection LavasoftTcpService.dll

Hello all, last night after logging in to windows I received a warning from ZoneAlarm Extreme Security that 2 files have been infected with the next:

C:\Windows\System32\LavasoftTcpService64.dll - not-a-virus:HEUR.AdWare.Win32.OptimizerMonitor.heur
C:\Windows\SysWOW64\LavasoftTcpService.dll - not-a-virus:AdWare.Win32.OptimizerMonitor.j

I don't use Lavasoft products on my PC, so when I opened IE11 to check what they were there were no connection. My Internet connection was fine though. Anyway, I checked both files and clicked treat in ZA window and it told me after sometime that it wasn't able to treat them and needed to perform an Advanced Disinfection. After closing all open programs as instructed ZA took 5 or so minutes to finish what it was doing. Before it auto-restarted the PC I got a bunch of Bad Image warnings to my running processes.

After the restart the PC booted and logged in to Windows just fine, I then rescanned the PC with ZA/SuperAntiSpyware/Spybot S&D and found nothing.

I am not sure how I got the infection as I am careful about suspicious websites and only use freeware or licensed paid-for software/games etc. Everything is up-to-date and performing scans on a schedule. Also, I haven't installed anything the last few days. Only downloaded WinDirStat and 7StickyNotes from their official download locations (not installed yet).

So my question would be should I use any other scanners to make sure I don't have any left overs in anywhere on my PC? From what I have read in this forum, Malwarebytes/ TDSSkiller/ Rkill have been suggested before but I would like to wait for response from more experienced people.

Thanks for your time.


My System SpecsSystem Spec
.
10 May 2015   #2
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

If it was my computer what I would use is Malwarebytes and Eset online scanner.

https://www.malwarebytes.org/antimalware/


Free Virus Scan | Online Virus Scanner from ESET

I haven't used Z/A in years so I know very little about it.
I haven't read anything good about SpyBot in 5 years.
My System SpecsSystem Spec
10 May 2015   #3
jamis

Windows 7 Home Premium 64 bit SP1
 
 

I sometimes run MSERT in addition to NIS, Malwarebytes, & Spybot. It's free, but you have to download a new version every 10 days.

Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner
My System SpecsSystem Spec
.

10 May 2015   #4
GokAy

Windows 7 Ultimate x64 SP1
 
 

Hey guys, an update to the situation.

I went out for a walk and shutdown my PC before doing so. When I came back, I downloaded MBAM and started running a scan. While it was running, ZA showed another warning that the 2 dll's were back.

I haven't let ZA do anything just yet. And started to look deeper on what is going on. Meanwhile, MBAM finished the scan and found 3 entries for OpenCandy PUP, which I removed. Nothing with respect to the 2 dll files.

Anyway, here is what I have found:

- ZA list these dll's as medium threat.
- 1 of the dll's changed location and now both are inside SysWOW64.
- There is a service named LavasoftTCPService installed and running.
- The dll's seem to be digitally signed by Lavasoft and eventhough I am not an expert in these things, seems legit. Can put a screenshot if anyone wants.
- When I opened the service properties I saw that the executable is in Prog Files(x86)\Lavasoft\Web Companion\...
- Then I went to Programs and Features and found Web Companion listed there. Installed on 4/8/2015.
- I clean installed my OS that exact day so whatever it is, it has been there all along. Problem is I have never installed Lavasoft software in this install.

I suspect that web companion came with a freeware program I installed, perhaps I forgot to uncheck a checkbox to install it automatically. Hopefully I have just been dumb and don't have a real infection.

Now I wonder why I didn't get any warnings up until last night.

I will wait for ESET Online to finish and try a manual uninstall. 47% in and so far ESET found:
- Win32/Toolbar.Montiera.I
- Win32/Toolbar.Conduit
both in the category of potentially unwanted application.

How do we get these PUPs and is there a pro-active way of keeping safe? So far I have only been able to scan and remove these later after they somehow manage to get in the PC.
My System SpecsSystem Spec
10 May 2015   #5
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Quote:
How do we get these PUPs and is there a pro-active way of keeping safe? So far I have only been able to scan and remove these later after they somehow manage to get in the PC.
Hi:

I am not qualified to provide specific malware removal advice.
So, I will leave that to the more expert forum members with proper training, such as jacee and cottonball.

However, to address your specific question about PUPs and their "prevention".
Manual, on-demand scanners, including the Free version of MBAM, can only remove PUPs already on the sytem.
MBAM Premium is highly effective in preventing many PUPs.
More information here, in these articles:
What are the 'PUP' detections, are they threats, and should they be deleted?
Malwarebytes Adopts Aggressive PUP Policy

Having said that, most PUPs find their way on to the system through some sort of user action (or lack thereof). For example, failure to opt out of their installation during the setup wizard of other software is a common way to acquire PUPs. User diligence is very important, along with real-time anti-malware software.

Thank you,
My System SpecsSystem Spec
10 May 2015   #6
marsmimar

Microsoft Community Contributor Award Recipient

 
 

Sorry for jumping in but here's some additional info that might help.

Lavasoft is a legitimate company and probably best known for a free product called Ad-Aware. If you haven't already done so check in Control Panel > Programs and Features for any references to Lavasoft and Ad-Aware. If either or both show up see if you can uninstall.

Another free anti-malware tool I can recommend is called herdProtect. It uses 68 anti-malware search engines. If something questionable is found, whether it be known malware, PUPs, etc, the options to isolate, quarantine and/or remove are pretty easy to follow.

herdProtect - Anti-Malware Multiscanning Platform in the Cloud

One of the best ways to protect your computer is to make regular system images. If malware strikes you can return your computer to its clean condition in usually less than an hour. The machine will be exactly like it was on the day the image was created so the more recent the image the more up to date the restore will be. Here's a couple of tutorials for the native Windows 7 imaging tool and Macrium free.

Backup Complete Computer - Create an Image Backup

Imaging with free Macrium
My System SpecsSystem Spec
10 May 2015   #7
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

^^ Agree, those do appear to be legit Lavasoft files. But I will defer to more expert members on that. ^^
^^ And, yes, having good backups is an important strategy. ^^

As for Herdprotect, I had heard mixed reports about it.
The huge number of search engines can potentially lead to false-positives.
An equally serious concern for me is that it is alleged to employ the work-product of other software developers without full legal permissions. That makes me squeamish, even though the tool is (at least for now) still free.
But it's up to the user whether to try it, of course.

There are other tools, such as adwcleaner and JRT, that also target adware, junkware, PUPs.
However, these are not real-time protection applications, so they cannot *prevent* PUPs, as the OP requests. That's why I mentioned MBAM Premium (I am just a home user with no financial ties to the product or the company).

JMHO

Thanks,
My System SpecsSystem Spec
10 May 2015   #8
GokAy

Windows 7 Ultimate x64 SP1
 
 

Hey,

@Moxie: Thanks for the info. I am usually very careful about the opt out installations, I guess I missed this one.

@Marsmimar: I know Lavasoft is a legitimate company I used AdAware before, just not in this OS install. And thanks for the image advice. I use Acronis TI 2010 Home with pluspack and do daily images, but this thing was from the day I installed the OS.

Anyway, ESET found 5 more entries which all are Komodia related. From what I gather Komodia is also a legitimate company but has had a problem recently with SSL validation in their products which left people using their services open to abuse?

Here is a link if you are fluent in understanding this kind of tech talk
Will the madness never end? Komodia SSL certificates are EVERYWHERE | Marc's Security Ramblings

I have uninstalled the Web Companion from Programs and Features after ESET finished scan and fixed its findings. After restart, LavasoftTcpService64.dll and its service (Services - though not started) remained. I then went into registry, backed up just in case and deleted everything Lavasoft. It seems ok for now.

Marking the thread as solved for now. Thank you all for advice and information.
My System SpecsSystem Spec
10 May 2015   #9
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I see that Malwarebytes and Eset found thing. Here is another great program I have a lot of faith in. It's at Bleeping Computer.

AdwCleaner Download


Infection LavasoftTcpService.dll-adwcleaner-1-2-.jpg


My System SpecsSystem Spec
08 Jul 2015   #10
kabo0m

Microsoft Windows 7 Professional Edition Service Pack 1 (build 7601), 64-bit
 
 

Thank you. This information I think is helping me as I am having this issue right now. I wasn't told I was infected but a game that recently got updated won't update because of the LavasoftTcpService.dll file. I did recently allow Ad-Aware to install with another program so I think I will uninstall it. If it doesn't remove then I will either use AdwCleaner Download as mentioned earlier or, if that doesn't work, then Revo Uninstaller.
My System SpecsSystem Spec
Reply

 Infection LavasoftTcpService.dll




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Malware Infection
hello everyone, got a problem here, i use Avast! Free AV and Malwarebytes free, i already scan everything and nothing was detected, but once in a while Avast always detect this malware infection :( Infection Details URL: ...
System Security
Viral Infection
Hey guys.. I think my computer might be infected with a horrific virus caused by downloading a fake Flash update. I believe it's called the "Koob Virus"? It was done via Facebook.. :cry: I have Geek Squad support, but I was wondering if there might be a way for me to fix this myself. If not,...
BSOD Help and Support
Getting rid of the Sun infection
Anyone know the percentage of malware that uses java or flash to exploit the system? I decided to boycott it completely and my computers have had no crashes since, even running xp without an antivirus.
System Security
Possible infection?
For some reason when I go to ebay my cursor goes crazy. When I search begin to type anything in the search area it starts typing backwards. After I do this My cursor moves so fast, I can not select anything from drop down boxes etc because it continues to scroll. I think I have an infection. ...
System Security
How often does you AV save you from an infection?
Just to satisfy my curiosity. :geek: How often does your antivirus programs stop an infection from happening? I'm not talking about things like play.exe renamed to mp3 files. My mom gets those all the time and they do nothing. A real infection. Also, what where you doing that caused it? Thanks
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:00.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App