Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials "removed" 'PWS:Win32/Frethog.gen!B'


  • Please log in to reply
12 replies to this topic

#1 Benie

Benie

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 24 July 2014 - 02:37 PM

Ok, I'm in panic and rage mode at the same time. But here's all I know. I'm just playing my game, looking at the Steam forums and was suggested to get Gamebooster, told it'll disable programs that'll slow games down and make them CTD.

Went to Google, searched, and clicked on the first link I saw. It was this 'razerzone.com' site I went to. I'm hoping this is the official site. I downloaded it, installed it, then it asked me to enter my Razer ID and Password, which I never set up an account for, and began to wonder why. But went on and did it.

 

After doing so, I closed the game out that I was running, to have it run through Gamebooster. I then noticed Microsoft Security Essentials was a red color, opened it up yet thinking that GameBooster must've just disabled it, then claims it found something. So I checked and it found this 'PWS:Win32/Frethog.gen!B' thing and automatically removed it from my computer. Looking at it, says it's a password stealer, going after game account passwords and user info. Panic Mode activate.

Especially how I do a no-no; use the same password for almost everything.

 

It was around 3:02pm EDT when it caught the virus and removed it. But I never bothered looking up at the clock over my monitor to see what time it was. I was too scared and annoyed, thinking I'm going to have to change every single one of my passwords.

 

I don't know if the virus happened before or at 3:02pm. All I do know, it was around 2:59pm, when I got the verification email to activate my Razer account.

In Microsoft Security Essentials, I don't have "apply recommended actions" checked. So, either when I hit the red Check button and that's when it got removed, or Essentials removed it on its own.

 

The strange thing is, when I go to the History and All detected items, it shows this with the description of the virus; "The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer."

 

Was this just a false positive, caused by Gamebooster? Or do I have to scramble and change all of my passwords?

 

I'm using Windows 7 x64 SP1.


Edited by Benie, 24 July 2014 - 04:52 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 24 July 2014 - 03:11 PM

Please download Junkware Removal Tool and save it on your desktop.

 


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log.


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Please disable your antivirus, prior and during this scan.

Please Download Emisoft Emergency Kit from here.
Save the file to your desktop.

Now boot your machine into safemode with networking. 

 

Right click and run as administrator. (xp users double click)
Click Accept and Extract.
This file will appear on the desktop.
5mDYl2s.png
Right click it, select run as administrator. (xp users double click)
Select Emergency Kit Scanner.
XD8s6GY.png
A pop up requesting an update will appear, select yes.
GhaXlHz.png
After the update go to scan pc select the option in the picture below.
vo6qCbW.png
Now select Quarantine Detected Objects.

Bx2A8B2.png
When the update has finshed, go to scan pc ,select deep scan.
YUZY8NB.png
This scan will take a long time this is normal, as it scans your entire hard drive.
Click on view report, save report to your desktop attach here in your next reply.  



#3 Benie

Benie
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 24 July 2014 - 04:13 PM

Ok. So far I've done nearly every scan and doing the Emergency Kit scanner right now.

How exactly do I attach these logs? I don't see an option to add an attachment in here. Can I just post the results in code tags? But if I can, is there a character limit?


Edited by Benie, 24 July 2014 - 04:15 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:48 AM

Posted 24 July 2014 - 05:14 PM


Attachments are not permitted in this forum.

Just use the Board Editor to copy and paste your logs. If all the menu and tool functions in the Board Editor are grayed out, try clicking the toggle icon in the upper left hand corner. Doing that will activate all the functions and show the copy/paste options at the top. Otherwise you have to use Cntrl + V on the keyboard or right-click an open space and use the copy/paste options in the context menu.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Benie

Benie
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 24 July 2014 - 05:23 PM

Thank you. I will do that once this scan is complete and I get its log.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:48 AM

Posted 24 July 2014 - 05:27 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Benie

Benie
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 24 July 2014 - 06:34 PM

Mmk, Looking at the logs myself, I believe the virus is gone. The Emergency Kit scan shows several "viruses" on my external drive, but they're all trainers. So, false positives.

But does this mean, I don't have to worry about it anymore, and can do what I was doing before this 'virus scare'? I haven't seen any issues with my computer since this happened.

 

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Benie on Thu 07/24/2014 at 16:16:54.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Benie\AppData\Roaming\mozilla\firefox\profiles\svbugk46.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/24/2014 at 16:20:31.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AwCleaner Log

# AdwCleaner v3.216 - Report created 24/07/2014 at 16:37:07
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Benie - BENIE-PC
# Running from : C:\Users\Benie\Desktop\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Benie\AppData\Roaming\Mozilla\Firefox\Profiles\rcvnqalp.default\prefs.js ]


[ File : C:\Users\Benie\AppData\Roaming\Mozilla\Firefox\Profiles\svbugk46.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [783 octets] - [24/07/2014 16:27:20]
AdwCleaner[R1].txt - [997 octets] - [24/07/2014 16:36:48]
AdwCleaner[S0].txt - [843 octets] - [24/07/2014 16:29:09]
AdwCleaner[S1].txt - [919 octets] - [24/07/2014 16:37:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [978 octets] ##########

MiniToolBox Log

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Benie (administrator) on 24-07-2014 at 16:35:29
Running from "C:\Users\Benie\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Benie-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cinci.rr.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : cinci.rr.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-3D-7E-BF-74-BB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2607:fcc8:bbc3:5600:b952:7536:44e5:2caf(Preferred)
   Temporary IPv6 Address. . . . . . : 2607:fcc8:bbc3:5600:44b6:d6f3:34f:28ac(Preferred)
   Link-local IPv6 Address . . . . . : fe80::b952:7536:44e5:2caf%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 24, 2014 4:31:07 PM
   Lease Expires . . . . . . . . . . : Thursday, July 24, 2014 5:31:07 PM
   Default Gateway . . . . . . . . . : fe80::21d:d1ff:febb:b531%11
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 248790398
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3C-FB-F3-D4-3D-7E-BF-74-BB
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1095:6b8:b57b:559a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1095:6b8:b57b:559a%12(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.cinci.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cinci.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4009:801::1008
      74.125.225.100
      74.125.225.102
      74.125.225.104
      74.125.225.103
      74.125.225.99
      74.125.225.101
      74.125.225.110
      74.125.225.105
      74.125.225.98
      74.125.225.97
      74.125.225.96


Pinging google.com [2607:f8b0:4009:801::1003] with 32 bytes of data:
Reply from 2607:f8b0:4009:801::1003: time=39ms
Reply from 2607:f8b0:4009:801::1003: time=37ms

Ping statistics for 2607:f8b0:4009:801::1003:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 39ms, Average = 38ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=116ms TTL=48
Reply from 206.190.36.45: bytes=32 time=116ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 116ms, Maximum = 116ms, Average = 116ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...d4 3d 7e bf 74 bb ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    266
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    266
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    266 ::/0                     fe80::21d:d1ff:febb:b531
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:90d7:1095:6b8:b57b:559a/128
                                    On-link
 11     18 2607:fcc8:bbc3:5600::/64 On-link
 11    266 2607:fcc8:bbc3:5600:44b6:d6f3:34f:28ac/128
                                    On-link
 11    266 2607:fcc8:bbc3:5600:b952:7536:44e5:2caf/128
                                    On-link
 11    266 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::1095:6b8:b57b:559a/128
                                    On-link
 11    266 fe80::b952:7536:44e5:2caf/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (07/24/2014 04:31:35 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (07/24/2014 04:31:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.


Microsoft Office Sessions:
=========================


=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 3.65 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8140.06 MB
Available physical RAM: 5873.73 MB
Total Pagefile: 16278.3 MB
Available Pagefile: 13901.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3938.72 MB

========================= Partitions: =====================================

1 Drive c: (Main) (Fixed) (Total:148.95 GB) (Free:98.9 GB) NTFS
2 Drive d: (Big Stuff) (Fixed) (Total:931.51 GB) (Free:644.82 GB) NTFS
3 Drive e: (Small Stuff) (Fixed) (Total:931.51 GB) (Free:883.13 GB) NTFS
5 Drive g: (External Storage) (Fixed) (Total:149.05 GB) (Free:36.79 GB) NTFS

========================= Users: ========================================

User accounts for \\BENIE-PC

Administrator            Benie                    Guest                    


**** End of log ****

Emsisoft Emergency Kit log

Emsisoft Emergency Kit - Version 4.0
Last update: 7/24/2014 4:52:23 PM
User account: Benie-PC\Benie

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, G:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7/24/2014 4:53:06 PM
Value: HKEY_USERS\S-1-5-21-4101753261-682918943-2202490102-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4101753261-682918943-2202490102-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
D:\NirSoft\Mail PassView\mailpv.exe     detected: Riskware.Win32.PSWTool.MailPassView (A)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Bully; Scholarship Edition 1.2 Trainer.exe     detected: Backdoor.Generic.746864 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Dead Space 2 Trainer.exe     detected: Trojan.Generic.8775747 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Far Cry 2 (1.0.3 Steam) Trainer.exe     detected: Trojan.Generic.7532478 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Mirror's Edge Trainer for me.exe     detected: Trojan.Generic.6760713 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\STALKER - CoP Trainer 1.6.02.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Zips\bully_se_1.2_trainer.zip -> Bully_SE_1.2_Trainer.exe     detected: Backdoor.Generic.746864 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Zips\ds2-benie76-499910aee0dd347.zip -> ds2-Benie76.exe     detected: Trojan.Generic.8775747 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Zips\fc2s-benie76-a740b08e0b46087.zip -> fc2s-Benie76.exe     detected: Trojan.Generic.7532478 (B)
G:\6-5-13 Desktop Icon Backup\Games\Trainers\Zips\mest-benie08-343faf403d619a9.zip -> mest-Benie08.exe     detected: Trojan.Generic.6760713 (B)
G:\BACKUP FOLDERS\1-11-10\Desktop\Steam-Based Games\Trainers\mest-benie08-343faf403d619a9.zip -> mest-Benie08.exe     detected: Trojan.Generic.6760713 (B)
G:\BACKUP FOLDERS\1-11-10\Desktop\Steam-Based Games\Trainers\Mirror's Edge Trainer for me.exe     detected: Trojan.Generic.6760713 (B)
G:\BACKUP FOLDERS\1-11-10\Desktop\Steam-Based Games\Trainers\S.T.A.L.K.E.R. COP Trainer +10_.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\mest-benie08-343faf403d619a9.zip -> mest-Benie08.exe     detected: Trojan.Generic.6760713 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\Mirror's Edge Trainer for me.exe     detected: Trojan.Generic.6760713 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\STKCOP1602.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\trainers_pack+12.rar -> modified sphere\modified_sphere_STKCOP1600.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\trainers_pack+12.rar -> modified sphere\modified_sphere_STKCOP1601.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\trainers_pack+12.rar -> modified sphere\modified_sphere_STKCOP1602.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\trainers_pack+12.rar -> STKCOP1600.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\trainers_pack+12.rar -> STKCOP1601.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\1-14-10\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\trainers_pack+12.rar -> STKCOP1602.exe     detected: Gen:Variant.Strictor.12787 (B)
G:\BACKUP FOLDERS\11-5-09\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\mest-benie08-343faf403d619a9.zip -> mest-Benie08.exe     detected: Trojan.Generic.6760713 (B)
G:\BACKUP FOLDERS\11-5-09\C DRIVE BACKUP\Desktop\Steam-Based Games\Trainers\Mirror's Edge Trainer for me.exe     detected: Trojan.Generic.6760713 (B)

Scanned    650294
Found    26

Scan end:    7/24/2014 7:24:09 PM
Scan time:    2:31:03

D:\NirSoft\Mail PassView\mailpv.exe    Quarantined Riskware.Win32.PSWTool.MailPassView (A)
Value: HKEY_USERS\S-1-5-21-4101753261-682918943-2202490102-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4101753261-682918943-2202490102-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    3

Edited by Benie, 24 July 2014 - 06:56 PM.


#8 Benie

Benie
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 25 July 2014 - 11:22 AM

I'm still on edge here. I just changed all of my passwords, just to be safe. Was able to do so with no problems. Thought that would be it of this virus scare. I then left my computer to do a few things. When I got back, Microsoft Security Essentials is doing a full scan... by itself. It's not even set to automatically scan this day. It's only set to do a full scan on Monday at 6pm. And it's Friday, around 11:27am when it did the scan. So... what's going on?

 

It's done. Going by the history, all I see is the virus from yesterday. It found nothing else. Strange... maybe I may've clicked the scan button by mistake. I did have the window open.

Don't see anything that looks suspicious in Task Manger. Also, I got rid of Gamebooster, after being told it's nothing but a scam to sell the email/password they force you to make an account with, to 3rd parties(at least what my friend says).

 

I feel like a level beyond "idiot" for falling for it. But at least I changed all my passwords, so I should be safe.


Edited by Benie, 25 July 2014 - 12:08 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:48 AM

Posted 25 July 2014 - 06:08 PM

InadequateInfirmity will review your logs and continue with assistance next time logged in so please be patient.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 AM

Posted 14 August 2014 - 09:06 PM

Hello, thanks for posting in the 3 day waiting topic.

PWS:Win32/Frethog .gen!B is a DLL component dropped by one variant of Win32/Frethog - a large family of password-stealing trojans that targets confidential data, such as account information, from Massive Multiplayer Online Role Playing Games (MMORPG).

It appears you have removed it and changed your passwords so things should be OK.

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Benie

Benie
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 14 August 2014 - 09:16 PM

Thanks for the response. I got the thing, installed and ran, and restarted. I would give a log if I had one.

What do I do now? Am I ok? Will Microsoft Security Essentials stop scanning by itself?



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 AM

Posted 18 August 2014 - 02:03 PM

You should be good.

It should stop on it's own.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Benie

Benie
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 19 August 2014 - 07:53 PM

Well, I'll be monitoring it and see if it happens again, and report back if it does. If I don't, then the problem is fixed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users