Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection? - "Print Screen-B"


  • Please log in to reply
4 replies to this topic

#1 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 PM

Posted 02 March 2011 - 07:06 PM

Hello.

I ran a Quick scan using Avast Free Edition (definitions as of 1st March) on my computer yesterday.

It found the following:

File: mscorlib.ni.dll
Location: C:\Windows.Old\Windows\assembly\NativeImages_v2.0_50727_32\mscorlib\(..many numbers and letters..)\
Status: "Win-32: Spyeye-BG [Trj]".
Action: "Moved to Chest."
Outcome: "Succesfull."

Then Avast recommended I do a do a boot scan.
This found the following:

1)
File: servpw64.exe
Location: B:\(..PC-NAME..)\Backup Set 2011-02-23 215628\Backup Files 2011-02-23 215628\Backup files 4.zip|> (CONTINUED NEXT LINE)
C:\Users\(..Name..)\Desktop\Installers\ophcrack-win32-installer-3.3.1.exe|>$INSTDIR\pwdump\
Status: "Threat: Win32-PUP-gen [PUP]".
Action: "Moved to Chest."
Outcome: "Action Succesfull"

2)
File: hiberfil.sys
Location: C:\
Status: "Threat: Print Screen-B
Action: "Moved to Chest"
Outcome: "Error: The process cannot access the file as it is being used by another process (32)"

3)
File: servpw64.exe
Location: C:\Users\(..Name..)\Desktop\Installers\ophcrack-win32-installer-3.3.1.exe|>$INSTDIR\pwdump\
Status: "Threat: Win32-PUP-gen [PUP]"
Action: "Moved to Chest"
Outcome: "Action Succesfull"

OS is Windows 7 Ultimate. Recently upgraded (done myself) from Windows 7 Home Premium.

As Avast Free could not move the file to chest(also tried delete & repair but no luck), please help me to remove my PC from all malicious software.
Thanks.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic

  • Topic Starter

  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 PM

Posted 03 March 2011 - 04:57 PM

Hello.

Can anyone help with problem I raised on linked post please?

http://www.bleepingcomputer.com/forums/topic382662.html/

Thanks

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 dev00790

dev00790

    Bleeping Chocoholic

  • Topic Starter

  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 PM

Posted 04 March 2011 - 02:29 PM

Since I have got no replies in this section, and that I believe my computer is infected, please move this post (or the original linked above) to "Virus, Trojan, Spyware, and Malware Removal Logs".

Thank you.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#4 dev00790

dev00790

    Bleeping Chocoholic

  • Topic Starter

  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 PM

Posted 06 March 2011 - 06:36 PM

Resolved.

I disabled windows hibernation. After PC restarted hiberfil.sys was deleted.

Run a boot scan and no malicious files were found.

Dissapointed that nobody was able to help me with this.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 dev00790

dev00790

    Bleeping Chocoholic

  • Topic Starter

  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:25 PM

Posted 06 March 2011 - 06:40 PM

Problem resolved. Please see above linked post.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users