Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invisible Viruses


  • Please log in to reply
10 replies to this topic

#1 purfles

purfles

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 14 December 2010 - 05:00 AM

I followed a bad link and ended up with a ton of viruses on my computer. When running a virus scan with Norton, I can see files with names like trojan.zlob and spyware.isnake. But no matter what antivirus program I run, they all say my system has no viruses. I've tried Norton 360, malwarebytes, and norton power eraser. Any ideas how I can stop this, or what other antivirus I should try?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 14 December 2010 - 07:09 AM

When running a virus scan with Norton, I can see files with names like trojan.zlob and spyware.isnake. But no matter what antivirus program I run, they all say my system has no viruses. I've tried Norton 360,

That does not make any sense. First you say scanning with Norton finds malware...then go on to say the anti-virus says its clean.

Are you trying to say that Norton is finding the system clean on subsequent scans after removing detected threats?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 purfles

purfles
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 14 December 2010 - 02:17 PM

No, with Norton, in the panel where it says the names of the files it is currently scanning, I can see that it is scanning files with names like the ones I posted above. But at the end of the scan, it says I have no viruses.

In case it's still unclear what I'm referring to, here's a screenshot of a scan I just did. Note the name of the file it is currently checking.Posted Image

Edited by purfles, 14 December 2010 - 02:39 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 14 December 2010 - 02:40 PM

Did you try using Windows Search feature > More advanced options to see if the file(s) is present.


Get a second opinion by performing an Online Virus Scan like Eset Online Anti-virus Scanner or Kaspersky Online Virus Scanner.
{If given the option, choose "Quarantine" or "Cure" instead of Delete.)

Edited by quietman7, 14 December 2010 - 02:50 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 purfles

purfles
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 14 December 2010 - 02:46 PM

I tried searching already, and no luck. I tried using malwarebytes for a second opinion, but it said I have no viruses as well. Just in case, I'll try one of the two scanners you recommended.

Alright, the Eset scan just finished, and it also said 0 viruses.

Edited by purfles, 14 December 2010 - 07:34 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 14 December 2010 - 08:47 PM

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan a usb flash drives or other removable drives not listed, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 purfles

purfles
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 15 December 2010 - 04:05 PM

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 125ms


Scanning running processes and process memory...

Number of processes/threads found: 8578
Number of processes/threads scanned: 8578
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 11m 28s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Program Files\No$GBA\NO$GBA.EXE (Infected with W32/Refroso.B!genr)
Deleted file

C:\System Volume Information\{2b464d58-eabf-11df-9195-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c7976508-fd8c-11df-b500-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c797652b-fd8c-11df-b500-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c79765b4-fd8c-11df-b500-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (Error opening file: Access denied)

C:\Windows\Temp\symlcsv1.exe (Infected with W32/Agent.TVAA)
Deleted file

Scanning: D:\*.*

D:\hp\apps\APP21906\pcdr\Setup.exe/noname.nsis/file0/file56 (Error whilst scanning file: I/O Error (0x00220005))

Scanning: C:\System Volume Information\*.*

C:\System Volume Information\{2b464d58-eabf-11df-9195-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c7976508-fd8c-11df-b500-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c797652b-fd8c-11df-b500-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c79765b4-fd8c-11df-b500-001a92269386}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

Scanning: postscan


Running post-scan cleanup routine:
Set TCP/IP autotuning to "normal" (or it was already "normal")

Number of files found: 612107
Number of archives unpacked: 4025
Number of files scanned: 612021
Number of files not scanned: 86
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 6h 1m 47s

Autoscan: completed 7 minutes ago (events: 2, objects: 6436, time: 00:13:03)
15/12/2010 1:52:17 PM Task completed
15/12/2010 1:39:11 PM Task started

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 15 December 2010 - 11:04 PM

How is your computer running now? Are there any more signs of infection, strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 purfles

purfles
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 16 December 2010 - 03:48 PM

It still seems a bit slow, though its better than before. The thing is though, there was never any sign of viruses besides the fact my computer was running slowly, and all the virus filenames that showed up during norton scans. And the names still showed up during the most recent scan.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 16 December 2010 - 05:35 PM

Without knowing exactly what Norton is finding we are only fishing here. So far, we have not found much and yet Norton is still reporting the same thing. If you want a more detailed look at your system, then more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS log for further investigation.


Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 PM

Posted 17 December 2010 - 08:51 AM

BC Advisor Platypus came across this Norton discussion thread which may explain what you are encountering.

If that's the case, you will not need to post any logs unless you just want a double-check to make sure everything is ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users