Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Obfiscator ACV virus back again


  • Please log in to reply
1 reply to this topic

#1 john944

john944

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 02 May 2014 - 07:56 AM

Despite the fact that I have an up to date Microsoft security system operating on my computer due to stupidity (on my part) I allowed a virus onto the system. I applied for a job that needed an application form filling out, downloaded the form (I thought) to find that I had allowed some nasty's on to my system. I ran MSE which discovered two types of Trojan Obfiscator ACV which were quarantined and then deleted. I checked the control panel and found three programmes that needed to be deleted as I didn't allow their access and they were added on the same day as my problems occurred. I breathed a sigh of relief and went back to work.

I updated all my software to latest levels including Explorer.

However my computer which was rock steady before this started to act strangely. I kept getting pop ups to update my Explorer and when I did I was taken to Bing to set up a home page.

I scanned again and MSE showed no problems. I ran the Microsoft security scanner which showed no problems.

Yet still I got these popups.

I added Avast antivirus and they ran a scan and found nothing.

Yet I still get these popups which lead me to change my home page to Bing.

I then went into task manager and checked processes and found something quite strange.

I have four files that show no user name or description. They are JME.load.exe, crss.exe, winlogon.exe (all of which I thought should be in the system 32 file) and wisptis.exe - which is in two places. I have a wispis. exe file in further up the processes list which has my user name and under the description has the Microsoft detail. They even take up different amounts of memory (3.8 for the one with information and 3.3 for the other one.)

So, I know that these exe files shouldn't be tampered with but should they be found twice on a system and shouldn't all files properly loaded have a user name and description?

If these are the Trojans, shouldn't MSE, MSS or Avast spotted them?

Am I going out of my mind???  


Edited by hamluis, 02 May 2014 - 08:19 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:02:09 AM

Posted 02 May 2014 - 01:50 PM

Please scan your computer with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  •  
  • Click the esetonlinebtn.png button.
  •  
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    •  
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    •  
  •  
  • Check "YES, I accept the Terms of Use."
  •  
  • Click the Start button.
  •  
  • Accept any security warnings from your browser.
  •  
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  •  
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    •  
    • Scan for potentially unsafe applications
    •  
    • Enable Anti-Stealth technology
    •  
  •  
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  •  
  • When the scan completes, click List Threats
  •  
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  •  
  • Click the Back button.
  •  
  • Click the Finish button.
  •  

 

 
Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log toQuarantined Items.  Copy and paste this in your next post.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users