Av_md.exe (Av_md) Trojan Virus File Removal

Danger Av_md.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Trojan Horse (Click Here To Learn More)
Location: C:\WINDOWS\system32\Av_md.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Av_md.exe is generally also located at C:\Documents and Settings\[username]\Av_md.exe. Av_md.exe has the ability to communicate with an outside server. Av_md.exe will also add an entry to the registry to have the file startup with the computer.

Below is our recommended removal tool for Av_md.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

Manual Removal – Av_md.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Av_md.exe File Details -
File Type – EXE – Av_md.exe is a executable file
First Identified – December 4 2018

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. How can I check if Av_md.exe is a computer virus? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

This entry was posted on Friday, December 4th, 2018 at 5:10 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Av_md.exe (Av_md) Trojan Virus File Removal”

Ferry December 6th, 2018 at 12:33 pm

I have av_md in my computer. I’ve run HijackThis and here is the log. Please advise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:03, on 06/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\wind7upd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\av_md.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\av_md.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\FERRY\Desktop\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.conduit.com?SearchSource=10&ctid=CT2233703
R3 – URLSearchHook: (no name) – {9CB65206-89C4-402c-BA80-02D8C59F9B1D} – C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 – URLSearchHook: 4shared.com Toolbar – {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} – C:\Program Files\4shared.com\tb4sh1.dll
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 – BHO: 4shared.com Toolbar – {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} – C:\Program Files\4shared.com\tb4sh1.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: (no name) – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – (no file)
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: Ask Search Assistant BHO – {9CB65201-89C4-402c-BA80-02D8C59F9B1D} – C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 – BHO: (no name) – {A3BC75A2-1F87-4686-AA43-5347D756017C} – (no file)
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: 4shared.com Toolbar – {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} – C:\Program Files\4shared.com\tb4sh1.dll
O3 – Toolbar: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
O3 – Toolbar: Ask Toolbar – {FE063DB9-4EC0-403e-8DD8-394C54984B2C} – C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 – HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 – HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 – HKLM\..\Run: [TDispVol] TDispVol.exe
O4 – HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 – HKLM\..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant
O4 – HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 – HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 – HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 – HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 – HKLM\..\Run: [TPSMain] TPSMain.exe
O4 – HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 – HKLM\..\Run: [ACU] “C:\Program Files\Atheros\ACU.exe” -nogui
O4 – HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 – HKLM\..\Run: [ISUSPM Startup] “c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
O4 – HKLM\..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 – HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 – HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 – HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 – HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [av_md] C:\Documents and Settings\FERRY\av_md.exe
O4 – HKCU\..\Run: [photo_id] C:\Documents and Settings\FERRY\photo_id.exe
O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\wind7upd.exe
O4 – Startup: OneNote 2018 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 – Global Startup: Bluetooth Manager.lnk = ?
O4 – Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 – Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{6594523D-FB66-4501-8040-14E4F52CE84B}: NameServer = 202.146.178.4
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 – Service: Atheros Configuration Service (ACS) – Atheros – C:\WINDOWS\system32\acs.exe
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: avast!CacheAgent.exe – Unknown owner – C:\WINDOWS\System32\avast!CacheAgent.exe (file missing)
O23 – Service: bEvtService – Unknown owner – C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 – Service: ConfigFree Service (CFSvcs) – TOSHIBA CORPORATION – C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 – Service: CSIScanner – Prevx – C:\Program Files\Prevx\prevx.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: ASUSKeyboardService (l4mqxuwaglabk) – Unknown owner – C:\WINDOWS\system32\koonac.exe (file missing)
O23 – Service: Logitech Bluetooth Service (LBTServ) – Logitech, Inc. – C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 – Service: MySql – Unknown owner – C:\appserv\mysql\bin\mysqld-nt.exe
O23 – Service: Websense CPM Report Scheduler (n0iaz1yzu2dca9s) – Unknown owner – C:\WINDOWS\system32\sagouvooleg.exe (file missing)
O23 – Service: TOSHIBA HDD Protection (Thpsrv) – TOSHIBA Corporation – C:\WINDOWS\system32\ThpSrv.exe
O23 – Service: TOSHIBA Optical Disc Drive Service (TODDSrv) – TOSHIBA Corporation – C:\WINDOWS\system32\TODDSrv.exe
O23 – Service: TOSHIBA Bluetooth Service – TOSHIBA CORPORATION – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe


End of file – 10758 bytes

Leave a Reply