Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with HackTool:Win32/Keygen and more


  • This topic is locked This topic is locked
11 replies to this topic

#1 Anexis

Anexis

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 02 May 2013 - 08:22 AM

Hi there Bleeping Computer

 

Due to too much work elsewhere, I have not been able to follow up my earlier attempts of cleaning my computer.

 

So, to the point. The virus stated in the title, HackTool:Win32/Keygen, pops up in MSE every time i start the computer. MSE fails to remove it.

 

 

A couple of weeks ago, the virus VirTool:Win32/Obfuscator.XZ showed in MSE. After i deleted the virus' containerfile, it stopped to show. I worry it's still present.

 

 

My computer setup:

I have Dualbios. They are both Windows 7 Home Premium and located on separate harddrives. Both viruses is(were) located on the old harddrive with it's old bios.

 

I have tried several Anti-virus programs in addition to MSE. I ran Malwarebytes in safe mode on the old bios. I have also run AdwCleaner here. None of them seemed to find the virus HackTool:Win32/Keygen.

 

 

Here is my DDS-log from my old (infected) bios:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.10.2
Run by Jonathan at 15:01:23 on 2013-05-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.47.1044.18.4094.2434 [GMT 2:00]
.
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaRegistry.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\PROGRA~2\AVG\AVG2012\Tuneup\TUMICR~1.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSPC~1.LNK - C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaUI.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5686321D-EA4E-485D-874C-66F7F8527404} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AA8D3B54-2E09-4DB3-9E2F-1D218F89DE92} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C1516D75-537E-4FF4-B077-A82070864D84} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D25B27D5-1736-493B-B386-89AB8CB3A22B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D25B27D5-1736-493B-B386-89AB8CB3A22B}\373616E6469636F556163797 : DHCPNameServer = 10.74.16.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 208.86.152.204 purplegreen.no
Hosts: 208.86.152.204 www.purplegreen.no
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h7xwux6p.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-4-17 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-24 55280]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-26 204288]
R2 ASUSWireless;ASUSWireless;C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe [2012-11-28 184320]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaRegistry.exe [2012-11-28 375872]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\System32\drivers\ladfBakerCamd64.sys [2011-3-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\System32\drivers\ladfBakerRamd64.sys [2011-3-18 335688]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-11-28 1808448]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-29 1255736]
.
=============== Created Last 30 ================
.
2013-05-02 12:32:27 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\TuneUp Software
2013-05-02 12:32:15 -------- d-----r- C:\Program Files (x86)\Skype
2013-05-01 20:49:03 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-19 13:39:09 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Malwarebytes
2013-04-19 13:39:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-19 13:39:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-19 13:39:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-19 13:38:43 -------- d-----w- C:\Users\Jonathan\AppData\Local\Programs
2013-04-17 19:49:50 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-17 19:49:50 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-17 19:49:49 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-17 19:49:49 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-17 19:49:49 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-17 19:49:49 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-17 19:47:08 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-04-17 19:47:07 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\LavasoftStatistics
2013-04-17 19:43:41 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-17 19:37:48 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-04-17 19:35:30 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-04-17 19:35:14 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-04-17 19:35:12 -------- d-----w- C:\Users\Jonathan\AppData\Local\adawarebp
2013-04-17 19:35:07 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-04-17 19:35:01 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-04-17 19:25:50 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-04-17 19:25:50 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-04-17 19:25:48 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Ad-Aware Antivirus
2013-04-17 14:24:42 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-17 14:24:42 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-17 14:24:41 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-17 14:24:41 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-17 14:24:41 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-17 14:24:41 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-11 01:18:40 384800 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
==================== Find3M  ====================
.
.
============= FINISH: 15:01:57,62 ===============

Attached Files


Edited by Anexis, 02 May 2013 - 08:25 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:55 PM

Posted 02 May 2013 - 04:16 PM

Good evening.

 

Due to too much work elsewhere, I have not been able to follow up my earlier attempts of cleaning my computer.

 

Please understand that, as I said in your previous thread when I locked it, not replying affects my ability to help somebody else while I await a response from you - if I need to, i'll take the same action again.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Have you tried to manually delete the file in question?


So long, and thanks for all the fish.

 

 


#3 Anexis

Anexis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 05 May 2013 - 01:33 PM

Please understand that, as I said in your previous thread when I locked it, not replying affects my ability to help somebody else while I await a response from you - if I need to, i'll take the same action again.

 

I understand that, and I am sorry for letting you wait.

 

I just deleted the containerfile of HackTool:Win32/Keygen. Will this wipe the virus and all its components?

And, is there any way VirTool:Win32/Obfuscator.XZ still hides inside my registry files?

 

 

Thanks in advance, I appreciate your patience.



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:55 PM

Posted 05 May 2013 - 01:47 PM

Good evening. :)

If you ran the file at any time then there would be a possibility that an infection vould have resulted - did you run the HackTool:Win32/Keygen file?

 


So long, and thanks for all the fish.

 

 


#5 Anexis

Anexis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 05 May 2013 - 02:14 PM

No, the containerfile of was HackTool:Win32/Keygen just downloaded, never opened.

But I opened the VirTool:Win32/Obfuscator.XZ file. I remember well I tried out the downloaded program several times. It didn't work. It's over half a year ago. Please understand that i didn't delete it because it didn't seem like any threat.

 

 

The viruses only showed up in my anti-virus program (MSE) after I reinstalled  Windows 7. I installed it on a separate harddrive some weeks ago.


Edited by Anexis, 05 May 2013 - 05:27 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:55 PM

Posted 05 May 2013 - 05:46 PM

Just so i'm clear, you have two hard drives and two separate installations of Windows 7,one on each drive, and the infection is on the hard drive that has the old Windows installation on it - is that correct?


So long, and thanks for all the fish.

 

 


#7 Anexis

Anexis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 06 May 2013 - 11:56 AM

Yes, that's my computer setup. 

 

By the way, I deleted the containerfile of Keygen when you asked about it earlier. This made MSE happy. It hasn't spotted any viruses since then.



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:55 PM

Posted 06 May 2013 - 01:25 PM

Good evening. :)

Some further questions... do you still use the older installation, and if so what for, and does that installation have an active anti-virus program installed?


So long, and thanks for all the fish.

 

 


#9 Anexis

Anexis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 06 May 2013 - 04:39 PM

Good evening Noviciate :)

 

No, I'm not using the old OS. There are some important files on it, but nothing that can't be retrieved before a total clean.

 

Is that what you're getting at? If so, I'll be delighted :) Is it possible to rid my pc of the old Windows 7? 



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:55 PM

Posted 07 May 2013 - 01:45 PM

Good evening. :)

I figure that if you aren't using the installation then deleting it is a quick way to resolve things, unfortunately having a dual boot system makes things a little tricky. There's a nice tutorial here which you may be able to follow but if you have any doubts I suggest you start a new thread in this part of this forum where somebody should be able to answer your questions..

The last Windows OS I dual booted was XP and that was slightly different to play with.


So long, and thanks for all the fish.

 

 


#11 Anexis

Anexis
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 08 May 2013 - 03:52 PM

I'll follow the tutorial. Thanks!

I will delete the old Windows 7 OS tomorrow.



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:55 PM

Posted 08 May 2013 - 05:18 PM

If you find the tutorial OK will you let me know - I may need it myself in the future. :)


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users