Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I beileve that I have a malwere issue


  • Please log in to reply
14 replies to this topic

#1 Jayminja

Jayminja

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 17 January 2014 - 10:11 PM

Hello there I have a problem. A couple of days ago I decided to scan with norton power eraser due to my norton toolbar not showing up in google chrome, but it turned out due to the update my toolbar wasn't showing up. My power eraser scan though mentioned that file was bad. My sketchbook snapshot file that came with my sketchbookpro. I didn't do anything to it. What caused this? I herd that maybe malwere caused this due to the fact previous scans were clean, and this one wasn't. Can you help? I am using windows 7 64 bit currently and I am using norton 360. I did take the advice of one of the people and used Malwerebytes and it found some PUP's I don't know what those are though, and I had it remove them, but none of them mentioned about my snapshot file. So my question is am I infected with malwere or no?     


Edited by Jayminja, 17 January 2014 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 17 January 2014 - 10:22 PM

Hello Jay.. your Norton also said your snapshot.exe was infected? It is possible fore malware to find a poorly written file and attach to it.
They will use the same name as the legit file but be located in a different path. The proper snapshot.exe is located in the folder C:\Windows\System32

We can scan the system.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Jayminja

Jayminja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 17 January 2014 - 10:30 PM

Well only the power eraser did. Not the full scan itself. The snapshot file is in the same folder with the sketchbookpro program in the program files x86 folder. Does that help? Also soon I as I tired to install the minitoolbox norton said it is not safe and has to be removed is that normal? Lastly reading over this stuff kind of confuses me sorry i am really confused about some of your instructions.


Edited by Jayminja, 17 January 2014 - 10:41 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 17 January 2014 - 10:49 PM

OK.. I think the Eraser is too sensitive,

It is not uncommon for these tools to see the Mintoolbox etc as malware. But its not.. These tools are written by excellent malware security writers and have been used here and on other forums  many thousands of times.

 

 

I am trying to get a second opinion of your system as no one tool finds everything,


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Jayminja

Jayminja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 17 January 2014 - 10:53 PM

Oh okay so how exactly is this going to work? Do you want me to post the logs/reports on here? Also do i uninstall them afterwards? Lastly the problem is I can't use it norton removes it so I cannot run it. What should I do?


Edited by Jayminja, 17 January 2014 - 10:56 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 17 January 2014 - 10:56 PM

Yes copy/paste the logs in replies so we can review them.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Jayminja

Jayminja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 17 January 2014 - 11:00 PM

okay but how can I use it if norton deletes it? Also do you want my Malwerebytes log? Any advice with norton deleting it?


Edited by Jayminja, 17 January 2014 - 11:31 PM.


#8 Jayminja

Jayminja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 18 January 2014 - 12:20 AM

Can you help me? What should I do if the tools won't install? Should I turn off my firewall? Also as a note which I should of mentioned before if my computer is still running fine with no slow down or anything like that could it still be malwere? I just ask because I do not know sorry for the all the questions.


Edited by Jayminja, 18 January 2014 - 12:08 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 18 January 2014 - 04:31 PM

Turn off Norton if you cannot exclude the tools. Run the tools and then turn it on again. Don't go surfing while the AV  is off.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Jayminja

Jayminja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 18 January 2014 - 08:08 PM

Okay how do I do that? Sorry I never turned it off before. I am using norton 360 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 18 January 2014 - 08:49 PM

I had to find it

 

NORTON 360

  • Right-click the Norton 360 Premier Edition icon in the system tray and select Disable Antivirus Automatic-Protect.
  • You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until system restart, Permanently.
  • Choose 5 hours.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Jayminja

Jayminja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 19 January 2014 - 11:27 AM

Thank you. Before I start this last two questions. One If I have quarantined items that my norton quarantined will they come back or something when I turn off my norton for the time or no? Lastly when I tried to install the toolbox it mentioned something about a Suspicious.Cloud.2 what is that? Sorry for all the questions I am nervous.


Edited by Jayminja, 19 January 2014 - 11:28 AM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 19 January 2014 - 03:33 PM

No they are there until you delete them or uninstall Norton. Quarantined files cannot harm the computer while they are there.

Norton said Suspicious.Cloud.2 so once its disabled it won't.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Jayminja

Jayminja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 20 January 2014 - 12:15 PM

I am sorry for this please don't get upset but my computer is running fine. Thank you for your time, and if something develops I will let you know. Once again I apologize for all the questions and taking your time. I hope you are not upset I am really sorry.



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 21 January 2014 - 01:26 PM

No problem,,thanks for visiting!


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users