Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus?


  • Please log in to reply
1 reply to this topic

#1 Usko_Detra

Usko_Detra

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 22 September 2012 - 01:52 AM

Hey, so yesterday before I shut down My computer, I found a program running in the task manager, it was at the top of the list called aae.exe I googled what I could and couldn't find much information about this program. I scanned with Norton and uploaded to Virustotal, both didn't detect anything. But one thing I did find was it's a possible variation of Win32/Kryptik.PAC, and I noticed someone elses Combofix logged quarantined a file: C:\Qoobox\Quarantine\C\Users\tcarlson\AppData\Local\aae.exe.vir a variant of Win32/Kryptik.PAC trojan After doing a file insight, I got this:

Full Path: C:\Users\Matt\AppData\Local\Temp\aae.exe
____________________________
____________________________
Developers Not Available
Version Not Available
Identified 20/09/2012 at 9:22:48 PM
Last Used 21/09/2012 at 5:19:16 AM
Startup Item No
____________________________
____________________________
Reliable
With typical use this program crashes very infrequently.
____________________________
Many Users
Hundreds of thousands of users in the Norton Community have used this file.
____________________________
Mature
This file was released 3 years 1 month ago.
____________________________
Trusted
Norton has given this file a trusted rating.
____________________________
Source File:
aae.exe
____________________________
Performance

Avg. Resource Usage:Low
Avg. CPU Usage:Low
Avg. Memory Usage:Low
____________________________
Performance Alert
Time:
21/09/2012 5:19:16 AM

Process ID 3972
CPU Normal
Memory Normal
Handles Count Normal
Disk Read Activity Normal
Disk Write Activity Normal
____________________________
File Thumbprint - SHA:
31a33ccfd5fffad43c5554d68e23aed2da2c8bde94a42b0c4be6d8378ae68625
____________________________
File Thumbprint - MD5:
849902d75bf2a865fde5df7286cf4132
____________________________


Some sites say this file is dangerous, others say it's fine. Oddly enough it only appeared in the running processes once.
So, My question is, is this file dangerous and a virus lurking on My system? and if it's not a virus, what does this file do?

I use Norton for My anti-virus software.

Edited by Usko_Detra, 22 September 2012 - 05:41 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 22 September 2012 - 08:35 AM

Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download update and do a quick scan with malwarebytes and superantispyware


http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

REmove all that each of the programs above find and reboot.
Post the logs.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
http://download.sysinternals.com/files/Autoruns.zip




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users