Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Infected" locked files?


  • Please log in to reply
5 replies to this topic

#1 Free_my_toaster

Free_my_toaster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 11 August 2013 - 11:46 AM

Recently had a decent run-in with some Adware, AVG and MBAM appeared to clear the issue up no problem...

 

After taking care of the adware problem, I was changing some settings around in AVG's daily scans. For some reason I turned on the option to detect locked files. 

 

 

My experience with older versions of AVG (2011 & 2012) is that it simply lists the locked files and says cannot scan ( or similar); but, this time around it has claimed for the last couple days that all those locked files (100-120) are infected. And that AVG has done nothing about it. 

 

After turning off the option to detect locked files; AVG shows nothing, MBAM also shows nothing. I tracked down a couple of said "infected files" and scanned them both with AVG and MBAM, yielding no positive results. ESET online scan brought up two results; both which it regards as questionable applications. I have no real concern about those applications. 

 

 

ESET results:

Spoiler

 

 

My main concern is am I dealing with an infection or is this an issue with AVG?

 

 

AVG scan log with locked "infected" files:

Spoiler

Edited by Free_my_toaster, 11 August 2013 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 11 August 2013 - 02:02 PM

:welcome:

 

Run these tests if you have already run them, just post the log.

 

:step1: Install and run MBAM

===================================================

 

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run.
  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step3: ESET Online Scanner

 

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 Free_my_toaster

Free_my_toaster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 11 August 2013 - 05:20 PM

Quote

Spoiler

 

 

Thanks for you assistance. The requested logs are in the spoiler'tags to keep things clean in appearance. 

 

MBAM LOG:

Spoiler

 

 

TDSSKiller:

Spoiler
 

 

As for the ESET online scan, nothing was found. 


Edited by Free_my_toaster, 11 August 2013 - 05:24 PM.


#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 12 August 2013 - 03:10 AM

We will run some other 2 tools to be sure: 

 

:step1: Download Emsisoft Emergency Kit

  • Open EmsisoftEmergencyKit by  double-click Start.exe.
  • A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Deep Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply

 

:step2: Download SUPERAntiSpyware Free (aka SAS)

  •  Double-click SAS -setup.exe and follow the prompts to install the program.
  • At the end, be sure to Check for Updates to be sure it is current
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.
  • Be sure to reboot the computer after you post the log.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 Free_my_toaster

Free_my_toaster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 12 August 2013 - 12:20 PM

Quote:

Spoiler

 

EmsisoftEmergencyKit log:

Spoiler

 

SAS log:  

Spoiler

 

 

To me it appears that AVG may have mislabeled those locked files. 



#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 PM

Posted 13 August 2013 - 02:07 AM

Logs are clean.

 

===

 

:step1: My advice is to keep your computer up to date with Windows Updates, Java and Adobe Reader and Flash Player.

 

:step2: Use WOT to inspect sites if they are safe or not :http://www.mywot.com/

 

:step3: A good working AntiVirus is also important. I personally advice Avast free or Avira. MSE it's detection is not so great.

 

:step4: Let's check how good your security is:

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users