Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe_flash_player.exe Virus?


  • This topic is locked This topic is locked
2 replies to this topic

#1 alepro

alepro

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 03 July 2011 - 10:30 AM

Recently, I received a notice saying adobe_flash_player.exe wants to run on my computer. I am running Windows 7 Starter on an HP netbook Mini 210-2080NR. It kept popping up and asking permission to run but I kept hitting NO. After about 30-40 minutes of it continually popping up, my son came over and accidentally hit OK, allowing it to run. Now, a notice pops up saying "Sata drive not found! Critical errors in Hard drive!" and a Windows 7 Repair screen comes up, telling me it's running a scan and I need to pay to have it fixed with an "Advanced Analysis Module". It looks like a legit microsoft program, but I am aware it isn't. I tried to ctrl+alt+del to get to task manager, but it was not on the option screen. Then I treid to directly run taskmanager from the run bar and it said "Your administrator has removed that option for this user name." I am the only admin on the computer, as well as the only available login besides the default user. I did not change it. I tried to run a system restoe which seems to have stopped the virus partially, but I am still unable to get to task manager. Also, I ran an AVG 2011 full scan in safe mode and found that it didn't test an amazingly high number of files because they were "locked and not tested" when they shouldn't be. I'm including that log below. It had detected 24 infections but only healed 2.

AVG 2011 Anti-Virus command line scanner
Copyright © 1992 - 2011 AVG Technologies
Program version 10.0.1388, engine 10.0.1516
Virus Database: Version 1516/3740 2011-07-02

C:\Documents and Settings\ Locked file. Not tested.
C:\hiberfil.sys Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\HP Games\Dream Chronicles\dream-WT.exe:\dream-WT.exe Virus found Win32/Heur
C:\Program Files\HP Games\Dream Chronicles\dream-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe:\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Jewel Quest II\JewelQuest2-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Mahjongg Artifacts\mahjong_artifacts-WT.exe:\mahjong_artifacts-WT.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\HP Games\Mahjongg Artifacts\mahjong_artifacts-WT.exe Virus found Win32/Heur.dropper Object was moved to Virus Vault.
C:\Program Files\HP Games\Slingo Deluxe\Slingo-WT.exe:\Slingo-WT.exe Virus found Win32/Heur
C:\Program Files\HP Games\Slingo Deluxe\Slingo-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe:\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\Program Files\HP Games\Wedding Dash\Wedding Dash-WT.exe Virus found Win32/Heur.dropper
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Alex Lepro\AppData\Local\History\ Locked file. Not tested.
C:\Users\Alex Lepro\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Alex Lepro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Alex Lepro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Alex Lepro\Documents\My Music\ Locked file. Not tested.
C:\Users\Alex Lepro\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Alex Lepro\Documents\My Videos\ Locked file. Not tested.
C:\Users\Alex Lepro\NetHood\ Locked file. Not tested.
C:\Users\Alex Lepro\NTUSER.DAT Locked file. Not tested.
C:\Users\Alex Lepro\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Alex Lepro\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Alex Lepro\PrintHood\ Locked file. Not tested.
C:\Users\Alex Lepro\Templates\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
C:\Users\Default\Cookies\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\default Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\sam Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\security Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\software Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\system Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
C:\Windows\Temp\0000007E Corrupted executable file Object was moved to Virus Vault.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 878200
Found infections : 24
Found PUPs : 0
Healed infections : 2
Healed PUPs : 0
Warnings : 1
------------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:10 AM

Posted 15 July 2011 - 04:35 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:10 AM

Posted 23 July 2011 - 03:00 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users