Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup


  • Please log in to reply
16 replies to this topic

#1 Josef1994

Josef1994

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 26 October 2013 - 07:01 AM

Hi,

 

I recently opened a webpage and another window opo up came up saying Threat Detected on this windows but Avira detected nothing. Is this a virus?

 

Thanks



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:44 AM

Posted 26 October 2013 - 07:05 AM

Hi Josef1994,

 

Please take a screenshot of it for me, upload it to an image sharing site and then post the reply in your next post.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Josef1994

Josef1994
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 26 October 2013 - 07:09 AM

Hi Toffee,

 

Thanks for your reply. I closed the window already though. 



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:44 AM

Posted 26 October 2013 - 07:28 AM

Hi Josef1994,

 

Okay, if you want I can get you to run some scans to check whether your computer is clean?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Josef1994

Josef1994
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 26 October 2013 - 07:30 AM

Hi Toffee,

 

Ofcourse :) I appreciate your help!



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:44 AM

Posted 26 October 2013 - 09:05 AM

Hi Josef1994,
 
You are very welcome, please run these scans for me (some of them may take some time so please be patient):
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
--------

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
--------
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
--------
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 
--------
 
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Josef1994

Josef1994
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 28 October 2013 - 10:28 AM

Mini tool box log:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Josef (administrator) on 28-10-2013 at 16:12:25
Running from "C:\Users\Josef\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Qualcomm Atheros AR5BWB222 Wireless Network Adapter = WiFi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : JOSEF-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 74-E5-43-75-0F-17
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-E5-43-74-C4-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter WiFi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR5BWB222 Wireless Network Adapter
   Physical Address. . . . . . . . . : 74-E5-43-74-C4-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 20-6A-8A-D5-97-91
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a442:aca9:3ba1:13f9%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, October 28, 2013 4:06:32 PM
   Lease Expires . . . . . . . . . . : Monday, October 28, 2013 6:06:32 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 186673802
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CE-76-8A-20-6A-8A-D5-97-91
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1c7f:2a10:3f57:fe95(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c7f:2a10:3f57:fe95%16(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{C0D2036A-7D47-40AC-94E4-124D44807584}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2a00:1450:4002:802::100e
 212.56.132.144
 212.56.132.187
 212.56.132.152
 212.56.132.176
 212.56.132.165
 212.56.132.163
 212.56.132.181
 212.56.132.174
 212.56.132.166
 212.56.132.177
 212.56.132.185
 212.56.132.148
 212.56.132.159
 212.56.132.155
 212.56.132.154
 212.56.132.170
 
 
Pinging google.com [212.56.132.159] with 32 bytes of data:
Reply from 212.56.132.159: bytes=32 time=10ms TTL=61
Reply from 212.56.132.159: bytes=32 time=10ms TTL=61
 
Ping statistics for 212.56.132.159:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 10ms, Average = 10ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=167ms TTL=48
Reply from 98.139.183.24: bytes=32 time=251ms TTL=47
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 167ms, Maximum = 251ms, Average = 209ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...74 e5 43 75 0f 17 ......Bluetooth Device (Personal Area Network)
 15...16 e5 43 74 c4 b7 ......Microsoft Wi-Fi Direct Virtual Adapter
 14...74 e5 43 74 c4 b7 ......Qualcomm Atheros AR5BWB222 Wireless Network Adapter
 12...20 6a 8a d5 97 91 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.106     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    276
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 16    306 2001::/32                On-link
 16    306 2001:0:9d38:6abd:1c7f:2a10:3f57:fe95/128
                                    On-link
 12    276 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::1c7f:2a10:3f57:fe95/128
                                    On-link
 12    276 fe80::a442:aca9:3ba1:13f9/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/26/2013 07:13:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/26/2013 07:11:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/25/2013 09:53:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3422
 
Error: (10/25/2013 09:53:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3422
 
Error: (10/25/2013 09:53:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/25/2013 06:13:55 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {54751a36-f30a-4f72-a195-7d6cb4a65626}
 
Error: (10/21/2013 07:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5141
 
Error: (10/21/2013 07:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5141
 
Error: (10/21/2013 07:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/21/2013 07:37:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3938
 
 
System errors:
=============
Error: (10/28/2013 04:06:11 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.104 with the system
having network hardware address AC-22-0B-41-8E-E8. Network operations on this system may
be disrupted as a result.
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/26/2013 00:50:32 PM) (Source: DCOM) (User: JOSEF-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JOSEF-PCJosefS-1-5-21-4138362383-185457395-2840985730-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (10/26/2013 07:13:31 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe
 
Error: (10/26/2013 07:11:26 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\microsoft visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe
 
Error: (10/25/2013 09:53:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3422
 
Error: (10/25/2013 09:53:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3422
 
Error: (10/25/2013 09:53:24 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/25/2013 06:13:55 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {54751a36-f30a-4f72-a195-7d6cb4a65626}
 
Error: (10/21/2013 07:37:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5141
 
Error: (10/21/2013 07:37:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5141
 
Error: (10/21/2013 07:37:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/21/2013 07:37:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3938
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.1.0)
Acer Device Fast-lane (Version: 1.00.3003)
Acer Instant Update Service (Version: 1.00.3012)
Acer Power Management (Version: 7.00.3003)
Acer Recovery Management (Version: 6.00.3006)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Atheros Outlook Addin 2010 (Version: 1.0.0.0)
Avira Free Antivirus (Version: 13.0.0.4052)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.25)
Core Temp 1.0 RC5 (Version: 1.0)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dolby Advanced Audio v2 (Version: 7.2.8000.13)
Dotfuscator Software Services - Community Edition (Version: 5.0.2300.0)
Dropbox (Version: 2.0.22)
ETDWare PS/2-X64 11.6.4.001_WHQL (Version: 11.6.4.001)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Identity Card (Version: 2.00.3002)
Intel® Manageability Engine Firmware Recovery Agent (Version: 1.0.0.36354)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2867)
Intel® Rapid Storage Technology (Version: 11.5.0.1207)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.1.11)
Java 7 Update 13 (64-bit) (Version: 7.0.130)
Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130)
Launch Manager (Version: 7.0.4)
Live Updater (Version: 2.00.3002)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SQL Server 2012 Setup (English) (Version: 11.1.3128.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (Version: 4.0.14.35)
MyWinLocker Suite (Version: 4.0.14.24)
NetBeans IDE 7.2.1 (Version: 7.2.1)
Office Addin (Version: 2.01.3102)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (Version: 11.41)
Realtek Ethernet Controller Driver (Version: 8.2.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6690)
Realtek PCIE Card Reader (Version: 6.1.8400.27023)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.7 (Version: 6.7.102)
Spotify (Version: 0.8.4.99.ga249b5f1)
swMSM (Version: 12.0.0.1)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
VLC media player 2.0.8 (Version: 2.0.8)
Web Deployment Tool (Version: 1.1.0618)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 43%
Total physical RAM: 3891.59 MB
Available physical RAM: 2184.72 MB
Total Pagefile: 7859.59 MB
Available Pagefile: 5733.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.98 MB
 
========================= Partitions: =====================================
 
1 Drive c: (ACER) (Fixed) (Total:451.28 GB) (Free:388.29 GB) NTFS
3 Drive f: (JOSEF DRIVE) (Fixed) (Total:596.17 GB) (Free:344.4 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JOSEF-PC
 
Administrator            Guest                    Josef                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
17-10-2013 16:07:24 Removed QuickTime
25-10-2013 17:13:54 Scheduled Checkpoint
 
**** End of log ****
______________________________________________________________________________________________________
 
JRT Log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 8 x64
Ran by Josef on Mon 10/28/2013 at 16:20:09.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\apn"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Josef\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/28/2013 at 16:25:27.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________________________________________________________________
ADW Cleaner log 1:
# AdwCleaner v3.010 - Report created 28/10/2013 at 16:13:29
# Updated 20/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Josef - JOSEF-PC
# Running from : C:\Users\Josef\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\ProgramData\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\Software\Freeze.com
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [770 octets] - [28/10/2013 16:13:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [829 octets] ##########
 
Log 2:
# AdwCleaner v3.010 - Report created 28/10/2013 at 16:15:39
# Updated 20/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Josef - JOSEF-PC
# Running from : C:\Users\Josef\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Freeze.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [912 octets] - [28/10/2013 16:13:29]
AdwCleaner[S0].txt - [838 octets] - [28/10/2013 16:15:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [897 octets] ##########
 
 
These are the scans I've run so far.
 
Thanks
 

 



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:44 AM

Posted 28 October 2013 - 11:42 AM

Hi Josef1994,

 

Good job on the logs so far, I'll wait until you have provided the others, but so far it's clean.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Josef1994

Josef1994
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 28 October 2013 - 05:56 PM

Hi Toffee,

 

Thanks for your help. I'm at the moment scanning with ESET and a threat has been detected. Its a variant of Win32/Bundled.ToolBar.Ask.D.

 

What shall I do?


Edited by Josef1994, 28 October 2013 - 06:03 PM.


#10 Josef1994

Josef1994
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 29 October 2013 - 04:07 AM

The scan with ESET:

 

C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
 


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:44 AM

Posted 29 October 2013 - 04:33 AM

Hi Josef1994,

 

What ESET detected is nothing to worry about, more of a false positive than anything.

 

I still need the MBAM scan, but we will do some housekeeping now:

 

Just to note, using p2p software such as µTorrent is one of the biggest ways to infect your computer. Personally I suggest uninstalling p2p software because of the security risk, but this is of course up to you.

 

Java 7 Update 13 (64-bit) (Version: 7.0.130)
Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130)
Uninstall both of these, and then go to the Java website and download the latest version. Only reinstall if you need Java for a certain reason, otherwise you probably find yourself not needing it. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
 
Feel free to just delete any of the tools we have used, although ESET will need uninstalling.
 
xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 Josef1994

Josef1994
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 29 October 2013 - 04:46 AM

Hi Toffee,

 

Thanks for your reply. I use NetBeans which requires Java. 

 

What should I do? What ESET detected isn't a virus?

 

Thanks



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:44 AM

Posted 29 October 2013 - 05:04 AM

Hi Josef1994,

 

Unless NetBeans uses a certain version of Java, you should still update it.

 

No, Avira is bundled with Ask (toolbar). It has some slightly dodge behaviour such as being deceptively installed in most cases and has similar behavior not unlike some malware, but is technically not malware. The file is part of Avira, and I'm not completely sure how it will work without that file.

See here on how to unquarantined the item.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 Josef1994

Josef1994
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 29 October 2013 - 07:16 AM

So its nothing for me to worry about?

Thanks

#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:44 AM

Posted 29 October 2013 - 10:28 AM

If you unquarantine it? No, it's nothing to worry about. If you don't then I'm not sure the effect on your antivirus not having that file.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users