Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible New Virus on P.C.

This is a discussion on Possible New Virus on P.C. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello! I might have one, might not. If the enclosed reports show that I do not, I apologize; please forgive


 
 
Thread Tools Search this Thread
Old 02-26-2016, 04:07 PM   #1
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hello!

I might have one, might not. If the enclosed reports show that I do not, I apologize; please forgive me.

Anyway, me mum was surfing away and clicked on a link (despite my having deactivated ads on her computer) and suddenly her P.C. is showing a blue screen complete with a literal alarm noise, saying, "Please call tech support". I think that's a scam, so I had her shut the computer down. Ran Avast's full, thorough scan and nothing, but I came here just to make sure.

So...below is the DDS scan report and attached is, well, the "attach" file.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.79.2
Run by Keith at 17:00:53 on 2016-02-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.288 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350322420296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: Interfaces\{4B8D6A3A-6B3B-438E-A56A-F97BCF5B6C36} : NameServer = 198.224.172.135 198.224.175.135
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\45.0.2454.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-17 58776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswvmm.sys [2014-4-17 221240]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-3-18 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-17 812720]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-4-17 447848]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-20 32792]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-17 91168]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-17 237096]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-3-6 54760]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\lte support\VZWMSConfig.exe [2011-3-21 148016]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-7-13 171608]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2012-6-13 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2012-6-13 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2012-6-13 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2012-6-13 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2012-6-13 113680]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-5-8 25600]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2014-3-6 35256]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [2010-10-7 19677]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [2011-6-14 287744]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [2011-6-14 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [2011-6-14 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [2011-6-14 176384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
S4 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\seagate\seagate dashboard 2.0\MobileService.exe [2014-2-10 157264]
.
=============== File Associations ===============
.
ShellExec: AvastSZB.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
ShellExec: Cdj.exe: null="c:\program files\padus\discjuggler\Cdj.exe"
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-02-11 20:02:02 52184 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2016-02-11 23:37:30 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-02-11 23:37:30 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-02-11 23:35:04 8230080 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-02-11 20:03:16 221240 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-11 20:02:06 91168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-02-11 20:02:06 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-11 20:02:06 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-11 20:02:06 171608 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-02-11 20:01:47 812720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-02-11 20:01:47 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
============= FINISH: 17:01:36.23 ===============
Attached Files
File Type: txt attach.txt (19.7 KB, 27 views)
KeithEKimball is offline  
Sponsored Links
Advertisement
 
Old 03-06-2016, 05:24 PM   #2
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi again! Hey, uh, I really have no idea how to read the above logs myself. So if they say I DON'T have a virus at all, just reply with that and I'll stop waiting and can do my taxes on my own computer without fear.
KeithEKimball is offline  
Old 03-07-2016, 01:36 AM   #3
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KeithEKimball,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

I don't see a problem in the reports. But let's check the computer. Now, let's get started, shall we?


Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 03-07-2016, 02:59 PM   #4
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hello, Tolga, it is very nice to meet you! And now I know how to spell Turkei properly also.

I downloaded and ran the Farbar Recovery Tool as instructed; I have attached both the FRST and ADDITION logs.

Thank you very much for your help and please let me know what to do next.
Attached Files
File Type: txt FRST.txt (28.5 KB, 25 views)
File Type: txt Addition.txt (28.8 KB, 19 views)
KeithEKimball is offline  
Old 03-08-2016, 08:48 AM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KeithEKimball,

Nice to meet you too. Please do the below instructions.

Please go to: VirusTotal

Click the Choose File button.
Please copy/paste the following bolded text into the 'File name:' box:

C:\Documents and Settings\Keith\Local Settings\Application Data\6j15m7i075wuce6i61jty20v5w3h52cd23iac

Click Open then click the Scan it! button just below.
This will scan the file. Please be patient.
If you get a message saying File already analyzed: click Reanalyse
Once scanned, copy and paste the URL from your browser address bar in your next reply.

=========================================================

Please do the above instructions for the following files.

C:\Documents and Settings\Keith\Local Settings\Application Data\728d8r8641b7v7slg6xd5614lw38o

C:\Documents and Settings\Keith\Local Settings\Application Data\h52x83l386po06s4q40er033a1tc4n1234a34ye07
__________________
tekir06 is offline  
Old 03-08-2016, 01:11 PM   #6
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi again! And I apologize; no sooner does my previous post proudly proclaim that I can now spell Türkiye properly than I...misspell it anyway. How very American of me, huh?

Anyway, thank you for making me run VirusTotal as it seems to have detected a virus after all!
Link #1: https://www.virustotal.com/en/file/6...is/1457470575/

Link #2:
https://www.virustotal.com/en/file/3...is/1457470922/

Link #3:https://www.virustotal.com/en/file/4...is/1457471083/

I think I got everything; let me know how to proceed.
KeithEKimball is offline  
Old 03-08-2016, 11:03 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KeithEKimball,

Not important. Now, the correct spelling. The meaning of the country's name in English is different, we do not use that word. Nice to know different people. In this way, my English is improving in.

And I love you all.

Thanks for the links. I wasn't sure about that file. Therefore I wanted to scan the VT. Now we can move on.

Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U3 TlntSvr; no ImagePath
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 03-09-2016, 02:58 PM   #8
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hello!

So after making the fixlist.txt log as directed, I tried to run FRST64 with my Internet connection active so it could get any updates it might need. Doing so just made the computer lock up without starting FRST64 about three times. Finally I gave up and left the Internet off, just running FRST64 without any updates. It seemed to run just fine that way, but I don't know if not having the updates made any difference.

Well, here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Keith (2016-03-09 15:45:52) Run:1
Running from C:\Documents and Settings\Keith\Desktop
Loaded Profiles: Keith (Available Profiles: Charles & Keith & Lois & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U3 TlntSvr; no ImagePath
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
IntelIde => service removed successfully.
RemoteRegistry => service removed successfully.
TlntSvr => service removed successfully.
EmptyTemp: => 54.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:46:09 ====
KeithEKimball is offline  
Old 03-10-2016, 12:19 AM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KeithEKimball,

Thanks for the log and informations. Please do the below steps and tell me How is the machine behaving ?

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

STEP 2

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.

=========================================================

Things I need to see in your next post:

1- MBAM log
2- ESET report
3- information about computer behaving
__________________
tekir06 is offline  
Old 03-11-2016, 05:21 PM   #10
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi! First, I apologize for the delay. Everything seemed to go so well, I wanted to get some work done on this computer and see if anything weird happened.

Still, #1: MBAM report:

Scan Date: 3/10/2016
Scan Time: 10:11:19 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.10.07
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Keith

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434787
Time Elapsed: 19 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

#2: ESET Report

ESET didn't detect anything, so it didn't provide a file to export.

#3: Computer behavior

While websurfing, suddenly my Avast antivirus insisted that the FRST program still sitting on my desktop was a virus! Avast moved it to its Virus Chest, saying it is a "Win32:Malware-gen" virus.

Other than the FRST, I noticed nothing wrong with my surfing.

So, please let me know the next step. And thanks again for all of your help.
KeithEKimball is offline  
Old 03-14-2016, 12:29 AM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KeithEKimball,

You're welcome. I apologize for the delay. MBAM report clean. Eset could not find anything. Good news.
Quote:
While websurfing, suddenly my Avast antivirus insisted that the FRST program still sitting on my desktop was a virus! Avast moved it to its Virus Chest, saying it is a "Win32:Malware-gen" virus.
FRST not malware. Some antivirus software can detect the virus. We use it all the time. There is nothing to worry about.

Quote:
Other than the FRST, I noticed nothing wrong with my surfing.
Can you explain more please ?
__________________
tekir06 is offline  
Old 03-15-2016, 02:52 PM   #12
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hello Tekir!

Don't worry about the delay; I don't mind.

Oh, when I said "Other than the FRST, I noticed nothing wrong my surfing" before, I just meant that the false positive for a malware from the FRST was the ONLY thing that Avast THOUGHT was a virus. Avast didn't detect anything else, and I didn't notice anything else wrong on the computer for the last few days as I've tried to use it normally.

My hopes are high that it might be fixed now! But just in case, please let me know what steps to take next.
KeithEKimball is offline  
Old 03-16-2016, 12:23 AM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KeithEKimball,

Okay, I got it. Thanks for the explanation. Yes, we fix it.

You know, there's no support for Windows XP.

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.
Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows XP

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows XP here (Please scroll down.)
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 03-16-2016, 04:22 PM   #14
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi Tekir!

So I ran the delfix, no problems. As you pointed out, Microsoft no longer updates XP, so I don't have to worry about that. Someday I'll have to upgrade when I have some money to spare.

Otherwise, I think my computer is good to go. I'll hold off on marking "Solved" on this one just in case there's something more you want me to do, though.
KeithEKimball is offline  
Old 03-17-2016, 12:07 AM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello KeithEKimball,

No. That is all. Congratulations. Thank you for your patience and cooperation.
__________________
tekir06 is offline  
Old 03-17-2016, 03:56 PM   #16
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi Tekir!

You're welcome; but in reality I thank you very much for helping me.

I'll mark this one "solved" now!
KeithEKimball is offline  
Old 03-18-2016, 12:50 AM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



You're welcome!
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:31 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts