Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hidden object OK or not?


  • Please log in to reply
5 replies to this topic

#1 PGHinBKK

PGHinBKK

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bangkok, Thailand
  • Local time:10:10 AM

Posted 23 July 2013 - 11:27 PM

Hi all! 

 

I ran an Avira total-system scan and it found no viruses (so it says) but it did detect a "hidden object". I suspect the unit has picked up a 'Sality Dropper' virus. I had this once before. It creates false ions in folders, which, when deleted, simply reappear the next time it is opened. Could the hidden object be it? Is there a way to find this thing on a scan? 

The unit's a Dell laptop with Windows 7.

 

Thanks


Life is strange......and then there's Thailand....

BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 24 July 2013 - 03:53 AM

:step1: Download Kaspersky Virus Removal tool to your desktop.

     
        Note: Kaspersky may ask to give your mail address. Please do, so you are able to download the tool.

  • Double-click the Removal Tool.
  • Click the cog in the upper right corner.
  • Select down to and including your main drive.
  • Once done please select the Automatic Scan tab and press Start Scan.
  • Allow AVP to first delete all infections found.
  • Once it has finished select the Report tab.
  • Select the Detected threats report from the left and press the Save button.
  • Save it to your Desktop and post the contents in your next reply.

 

:step2: ESET Online Scanner

==================

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » CHECK "Remove found threats" 
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:10 PM

Posted 24 July 2013 - 08:35 AM

Did Avira provide a log show the name and location (full file path) of the detection.

Not all hidden components detected by anti-virus and anti-rootkit (ARK) scanners and security tools are malicious. It is normal for a Firewall, anti-virus and anti-malware software, CD Emulators sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behavior or hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both legitimate programs and rootkits can hook into and alter this table.

API Kernel hooks are not always bad since some system monitoring software and security tools use them as well. If no hooks are active on a system it means that all system services are handled by ntoskrnl.exe which is a base component of Windows operating systems and the process used in the boot-up cycle of a computer. ARK scanners do not differentiate between what is good and what is bad...they only report what is found. Therefore, even on a clean system some hidden essential components may be detected when performing a scan to check for the presence of rootkits. As such, you should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.

In most cases further investigation is required after the initial scan by someone trained in rootkit detection or with advanced knowledge of the operating system. Report logs need to be analyzed and detected components identified in order to determined if they are benign, system critical or malevolent before attempted removal.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 PGHinBKK

PGHinBKK
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bangkok, Thailand
  • Local time:10:10 AM

Posted 27 July 2013 - 08:13 AM

GFK and Bleepin' Janitor, thank you both for your incredibly prompt replies. GFK, I hestitate only because I once before attempted to utilize Kaspersky's VRT and had a great deal of difficulty, then had trouble getting the remnanats of it out of my unit. (but on a different unit)

 

Janitor, what do you think of GFK's procedural suggestions?  BTW, thanks for all the info. Your reply makes rme realize just how little I know about the whole computer and internet world. Almost makes me wish I'd followed a different path, instead of becoming a 'bleepin' teacher... :smash:

 

Thanks again. :thumbup2:


Edited by PGHinBKK, 27 July 2013 - 08:18 AM.

Life is strange......and then there's Thailand....

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:10 PM

Posted 27 July 2013 - 04:25 PM

Janitor, what do you think of GFK's procedural suggestions?

Running those scans certainly will do no harm and they are two I recommend often. But you still have not provided any specific information on the detected hidden object (name and location).


Note in regards to the Eset Online scan: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 PGHinBKK

PGHinBKK
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bangkok, Thailand
  • Local time:10:10 AM

Posted 28 July 2013 - 08:49 PM

 

 

. But you still have not provided any specific information on the detected hidden object (name and location).



 

 

Quietman, I HAVE no specifics to give. The Avira scan just said a hidden object had been found. It was a few days ago that I ran the scan so I cannot remember much more than that. Sorry to be vague, as I know you need specifics to diagnose anything properly.

 

OK, I just ran the Kas[ersky tool and it says it found nothing. I'm sure the unit has a bug, though. For example, when I open my 'D' drive folder, there is a bogus folder labeled 'System Information' which shows as empty, and a supposed .docx labeled $Recycle Bin. When I delete either of them, then close and reopen the folder they pop back up. 

 

Thanks


Edited by PGHinBKK, 29 July 2013 - 02:36 AM.

Life is strange......and then there's Thailand....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users