Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual entry...follows ? mark and library C flagged suspicious


  • Please log in to reply
3 replies to this topic

#1 kimberly001

kimberly001

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 PM

Posted 24 April 2014 - 02:57 PM

Hi,

Several years ago I was in training to be a malware removal tech, but previous obligations interfered with my continuing. I ran GMER and came across something that concerned me. I also need to change all my passwords, I just wanted to make sure that my computer was clean before doing so. I didn't know if I could post the results of the scan in this post, or another.Thank You in advance. Please advise. Kim 



BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 24 April 2014 - 03:21 PM

Hi Kim
Post that log in the Am I Infected forum
 
Moved topic from  Win7 To Am I Infected post the GMER log
 
I also need to change all my passwords
Is this due to the type of infection found?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kimberly001

kimberly001
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 PM

Posted 24 April 2014 - 04:01 PM

Thank you for your quick reply... I will post to am I infected.  What I found might not be a problem but it shows a unusual entry point, which might not be anything, but it might. In regards to p/w change, I hadn't changed them in a while and if infection is found, I don't want to change until I find out.  Thanks Again. Kim



#4 kimberly001

kimberly001
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 PM

Posted 24 April 2014 - 04:09 PM

Hi,

Several years ago I was being trained to be a malware removal tech, I was unable to continue. I run the program GMER and found an unusual entry, so I wanted to find out if it is an infection or it is ok. The questionable line follows the ? mark. Thank You for all you do. Kimberly

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-21 00:25:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d ST950032 rev.D005 465.76GB
Running: n7rflrt4.exe; Driver: C:\Users\kimberly\AppData\Local\Temp\uflirkog.sys

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                    0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                   0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                      0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                     0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                             0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                            0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3240] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                      0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3240] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                     0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
?        C:\windows\system32\mssprxy.dll [3528] entry point in ".rdata" section                                                                                                                                                                                              0000000074ea71e6
.text    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3528] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                        0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3528] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                       0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4232] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4232] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                               0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe[4316] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                     0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe[4316] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                    0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                 0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Browny02\BrYNSvc.exe[5932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                           0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Browny02\BrYNSvc.exe[5932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                          0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                 0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[2340] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                      0000000076d01465 2 bytes [D0, 76]
.text    C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[2340] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                     0000000076d014bb 2 bytes [D0, 76]
.text    ...                                                                                                                                                                                                                                                                 * 2
---- Processes - GMER 2.1 ----

Library  C:\windows\system3235Program Files (x86)\Nuance\Nuance Cloud Connector\LIBEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2656] (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)(2011-06-27 05:22:06)  0000000000410000

---- EOF - GMER 2.1 ----






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users