Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Removal Help - Advanced Trojan


  • Please log in to reply
6 replies to this topic

#1 sebasbs

sebasbs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 07 August 2014 - 08:40 AM

Hello,

Some months ago i downloaded a program I tought to be an audio editor in my laptop. It turned out to be a virus. After i changed all my passwords the virus kept infecting the laptop even after formatting 4 times.

Now around 3 months have passed and the virus has infecting my 3 home computers and 2 laptops. No antivirus will detect it. I really dont want to format my desktop for it has a lot of important information.

The virus installs Junos Pulse and stores it in the winsxs folders. I cant delete them for only the "trusted installer" user can


Edited by hamluis, 07 August 2014 - 10:37 AM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:20 PM

Posted 07 August 2014 - 10:31 AM

Junos Pulse is mobile security software.

 

http://www.juniper.net/us/en/products-services/security/junos-pulse/

 

What have you scanned your computer with?

 

Do you connect a ipad or other mobile devices to this computer?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 sebasbs

sebasbs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 07 August 2014 - 06:19 PM

If it helps i got the virus from audacity.com.es. I checked and only eset found the page as malicious. If anybody could tell me what virus it is would be really helpful but don"t risk getting infected.

Edited by sebasbs, 07 August 2014 - 06:24 PM.


#4 sebasbs

sebasbs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 07 August 2014 - 06:21 PM

Thanks for the quick reply, no i haven"t connected any mobile devices, problem is my new desktop has never been in contact with anything i used before, email accounts, mouses, keyboards or online accounts. Yet the 2 laptops do have it.

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:20 PM

Posted 08 August 2014 - 09:32 AM

Let's run a couple of scans and see what turns up.  I know you have already run a Eset scan, but I want you to run the online scanner so you can post the log here in your topic.

Please run the ESET OnlineScan

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 sebasbs

sebasbs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 08 August 2014 - 02:33 PM

I ran malwarebytes both antimalware and antirootkit. I also run the eset online scan and found nothing. The malwarebyte logs just said nothing had been found, I dont think they will prove useful. I also tried running combofix but it apparently does not support windows 8.1. Im starting to question the existance of the virus yet I found many junospulse exes scatteres in the winsxs directory, I cant edit or delete anything here for I dont have permissions, only TrustedInstaller has full acces. My administrator account can only read & execute.

#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:20 PM

Posted 09 August 2014 - 09:33 AM

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users