Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.exe *32 virus was found in my PC


  • Please log in to reply
25 replies to this topic

#1 kevinchan1567

kevinchan1567

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 18 September 2014 - 02:18 AM

Hi,

 

I found my PC was hacked by a hack tool. I am using Microsoft Security Essentials to protect my PC, but the virus change the protection setting to attack my PC, now I found some application were infected, please check the attached photo and helpl me to fix it.

I tried to re-install application - Chrome, but still found *32 behind the name. Really need help. Thanks!!

 

Best regard,

 

Kevin

Attached Files


Edited by hamluis, 18 September 2014 - 08:25 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 18 September 2014 - 12:19 PM

Hello, 
 
Please run the following programme. 
 
6gkmKHQ.png Autoruns

  • Please download Autoruns and save the file to your Desktop.
  • Right-Click Autoruns.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel, here.

Posted Image

#3 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:01:35 AM

Posted 18 September 2014 - 12:20 PM

*32 means the program is a 32 bit program, there is nothing to worry about.



#4 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 18 September 2014 - 10:50 PM

Hi,

 

I have sent the report to you, thanks for your kindly help.

Actually, I am not sure whether my PC was infected, because my security was broken before by a hack tool.

After that, my PC become running slow, and hard to open file folder.

 

This problem bother me for a week. Thanks for your help again.



#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 19 September 2014 - 08:54 AM

Hello, 
 

Actually, I am not sure whether my PC was infected, because my security was broken before by a hack tool.

Please clarify this statement. What "hack tool"? What do you mean by, "my security was broken"?


Posted Image

#6 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 19 September 2014 - 09:30 AM

Hi,

 

Sorry for confusion.

 

"Hack Tool" is a name of a application or software, which was found in the warning list of Microsoft Security Essential, and was considered to be harmful. Unfortunately, I have deleted the record, I just remember the name like 'Hacktool/Keygen'.

 

"my security was broken" means, the system have not noticed me about the Hack Tool, and put the 'Hack Tool' in the permitted list, so that the tool is permitted to run in my PC.

 

Best regard,

 

Kevin



#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 19 September 2014 - 09:32 AM

Hello, 
 
OK, thank you for the clarification. Please work your way through the following steps. 
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
iAdP9bf.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Right-Click MBAR.exe and select Run as administrator to run the programme.
  • Follow the prompts to update the programme and scan your computer. 
  • Upon completion, click Cleanup and reboot your computer. 
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more. 
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click List of found threats.... If no threats were found, skip the next two bullet points. 
  • Click Export to text file... and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to Uninstall Application on Close and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 5
rzqZvBe.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the programme.
  • Check the following items:
    • njvAG80.png
    • 6N6QY9z.png
    • zmWTIXg.png
    • VAFn5gg.png
    • AtULTyM.png
    • 4roTXa5.png
    • kLju9nY.png
    • chxHkm0.png
    • 6KiAnDw.png
    • bKYHfhP.png
    • rO2mCup.png & Ii0HSu5.png
    • fd89mAB.png
    • vz7b54X.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • MBAM log
  • mbar log
  • system log
  • ESET log
  • Result.txt

Posted Image

#8 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 September 2014 - 07:09 AM

Hi,

 

 

Firstly, I am very grateful for your technique support, the instruction is clear, and it is amazing that I get help by a professional, thank you.

I followed step 1-6 and got the reports, but for step 5, I can't complete, ESET online scanning could only process to 60% or 61%, the timer was still running, but the scanning was stopped, it may hold when scanning a JPG file type, antivirus installer or ISO file type etc. Every time I try to close the program, my PC result in no response, and I need to press the reboot button to reboot my PC unsafely. I also tried running the program at safe mode, but got the same result.

 

Before starting this post, sometimes my PC need spending few minutes on loading a file folder, please help.

The reports were enclosed.

 

Thank you.

 

 



#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 21 September 2014 - 10:31 AM

Hello, 
 
Please copy the contents of the logs and paste in your next post. 
 
Lets run an alternative scan to ESET.
 
A50erAh.png Sophos Virus Removal Tool

  • Please download Sophos Virus Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click SophosVirusRemovalTool.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Next.
  • Select I accept the terms in this license agreement, then click Next twice.
  • Click Install.
  • Click Finish to launch the programme.
  • Once the virus database has been updated click Start scanning
  • If threats are found click Details, followed by View log file.
  • Copy the contents of the log and paste in your next reply.
  • Close the Notepad document, close the Threat Details screen, and click Start cleanup.
  • Click Exit to close the programme. 
  • Re-enable your anti-virus software. 

Posted Image

#10 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 September 2014 - 12:17 PM

Hi,

 

 

Please check the detail below.

-----------------------------------------

 

2014-09-21 16:14:04.132 Sophos Virus Removal Tool version 2.5.3
2014-09-21 16:14:04.132 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2014-09-21 16:14:04.132 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2014-09-21 16:14:04.133 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2014-09-21 16:14:04.133 Checking for updates...
2014-09-21 16:14:11.600 Update progress: proxy server not available
2014-09-21 16:14:17.775 Option all = no
2014-09-21 16:14:17.775 Option recurse = yes
2014-09-21 16:14:17.775 Option archive = no
2014-09-21 16:14:17.775 Option service = yes
2014-09-21 16:14:17.775 Option confirm = yes
2014-09-21 16:14:17.775 Option sxl = yes
2014-09-21 16:14:17.777 Option max-data-age = 35
2014-09-21 16:14:17.777 Option EnableSafeClean = yes
2014-09-21 16:14:21.089 Option vdl-logging = yes
2014-09-21 16:14:21.099 Component SVRTcli.exe version 2.5
2014-09-21 16:14:21.099 Component control.dll version 2.5
2014-09-21 16:14:21.099 Component SVRTservice.exe version 2.5
2014-09-21 16:14:21.100 Component engine\osdp.dll version 1.44.1.2171
2014-09-21 16:14:21.100 Component engine\veex.dll version 3.56.0.2171
2014-09-21 16:14:21.100 Component engine\savi.dll version 8.1.4.2171
2014-09-21 16:14:21.100 Component rkdisk.dll version 1.5.30.0
2014-09-21 16:14:21.100 Version info: Product version 2.5
2014-09-21 16:14:21.102 Version info: Detection engine 3.56.0
2014-09-21 16:14:21.102 Version info: Detection data 5.04
2014-09-21 16:14:21.102 Version info: Build date 29/7/2014
2014-09-21 16:14:21.102 Version info: Data files added 574
2014-09-21 16:14:21.102 Version info: Last successful update (not yet updated)
2014-09-21 16:15:57.723 Downloading updates...
2014-09-21 16:15:57.723 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE505 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE506 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE507 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE508 LATEST 
2014-09-21 16:15:57.723 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-09-21 16:15:57.723 Update progress: [I19463] Syncing product SAVIW32 43
2014-09-21 16:16:05.156 Update progress: [I19463] Syncing product IDE505 175
2014-09-21 16:16:15.718 Installing updates...
2014-09-21 16:16:16.365 Update progress: [I19463] Syncing product IDE506 201
2014-09-21 16:16:16.366 Update progress: [I19463] Syncing product IDE507 162
2014-09-21 16:16:16.366 Update progress: [I19463] Syncing product IDE508 32
2014-09-21 16:16:32.369 Update successful
2014-09-21 16:16:49.559 Option all = no
2014-09-21 16:16:49.559 Option recurse = yes
2014-09-21 16:16:49.559 Option archive = no
2014-09-21 16:16:49.559 Option service = yes
2014-09-21 16:16:49.559 Option confirm = yes
2014-09-21 16:16:49.559 Option sxl = yes
2014-09-21 16:16:49.560 Option max-data-age = 35
2014-09-21 16:16:49.560 Option EnableSafeClean = yes
2014-09-21 16:16:49.606 Option vdl-logging = yes
2014-09-21 16:16:49.610 Component SVRTcli.exe version 2.5
2014-09-21 16:16:49.610 Component control.dll version 2.5
2014-09-21 16:16:49.610 Component SVRTservice.exe version 2.5


#11 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 21 September 2014 - 12:28 PM

I still need the logs from my previous post. 

 

The sophos log is also incomplete. 


Posted Image

#12 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 September 2014 - 10:05 PM

Hi,

 

 

For Adwcleaner

-------------------------------------------------------------------------------------

 

# AdwCleaner v3.310 - Report created 19/09/2014 at 23:12:15
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User1 - PC00001
# Running from : D:\Docs\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\tencent
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\tencent
Folder Deleted : C:\Program Files (x86)\Common Files\tencent
Folder Deleted : C:\Users\User1\AppData\Local\SearchProtect
Folder Deleted : C:\Users\User1\AppData\Local\tencent
Folder Deleted : C:\Users\User1\AppData\LocalLow\tencent
Folder Deleted : C:\Users\User1\AppData\Roaming\tencent
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\tencentdl_RASAPI32
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EAAED308-7322-4B9B-965E-171933ADD473}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Tencent
Key Deleted : HKLM\SOFTWARE\Tencent
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.aci.aero/Site-Search-Results?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2234 octets] - [19/09/2014 23:07:36]
AdwCleaner[S0].txt - [2235 octets] - [19/09/2014 23:12:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2295 octets] ##########

Hi,

 

For MBAM

--------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19/9/2014
Scan Time: 23:28:42
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.19.05
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User1
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407037
Time Elapsed: 38 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, Quarantined, [c3bebd329ae13303b8422e76bc4712ee], 
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder, Quarantined, [4e33f8f7a3d88da9cc2e8d1758ab27d9], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.Extutil.A, C:\Users\User1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [e0a1de110c6f999d886819d4b84ac838], 
PUP.Optional.Managera.A, C:\Users\User1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [dba611de5427e3534ca532bbdb279d63], 
 
Files: 4
PUP.Optional.MindSpark.A, C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_televisionfanatic.dl.tb.ask.com_0.localstorage, Quarantined, [b0d1ba354932a0967da553186d971ce4], 
PUP.Optional.MindSpark.A, C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_televisionfanatic.dl.tb.ask.com_0.localstorage-journal, Quarantined, [89f8ca25b5c69d9961c17af130d429d7], 
PUP.Optional.Extutil.A, C:\Users\User1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [e0a1de110c6f999d886819d4b84ac838], 
PUP.Optional.Managera.A, C:\Users\User1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [dba611de5427e3534ca532bbdb279d63], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 September 2014 - 10:07 PM

Hi,

 

 

For MBAR result, no malware was found, so there is no log file provided.



#14 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 September 2014 - 10:13 PM

Hi,

 

 

For MinToolBox, I attached to your channel, please check.



#15 kevinchan1567

kevinchan1567
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 September 2014 - 10:17 PM

Hi,

 

 

For Sophos Log file

--------------------------------------------------

 

 

2014-09-21 16:14:04.132 Sophos Virus Removal Tool version 2.5.3
2014-09-21 16:14:04.132 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2014-09-21 16:14:04.132 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2014-09-21 16:14:04.133 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2014-09-21 16:14:04.133 Checking for updates...
2014-09-21 16:14:11.600 Update progress: proxy server not available
2014-09-21 16:14:17.775 Option all = no
2014-09-21 16:14:17.775 Option recurse = yes
2014-09-21 16:14:17.775 Option archive = no
2014-09-21 16:14:17.775 Option service = yes
2014-09-21 16:14:17.775 Option confirm = yes
2014-09-21 16:14:17.775 Option sxl = yes
2014-09-21 16:14:17.777 Option max-data-age = 35
2014-09-21 16:14:17.777 Option EnableSafeClean = yes
2014-09-21 16:14:21.089 Option vdl-logging = yes
2014-09-21 16:14:21.099 Component SVRTcli.exe version 2.5
2014-09-21 16:14:21.099 Component control.dll version 2.5
2014-09-21 16:14:21.099 Component SVRTservice.exe version 2.5
2014-09-21 16:14:21.100 Component engine\osdp.dll version 1.44.1.2171
2014-09-21 16:14:21.100 Component engine\veex.dll version 3.56.0.2171
2014-09-21 16:14:21.100 Component engine\savi.dll version 8.1.4.2171
2014-09-21 16:14:21.100 Component rkdisk.dll version 1.5.30.0
2014-09-21 16:14:21.100 Version info: Product version 2.5
2014-09-21 16:14:21.102 Version info: Detection engine 3.56.0
2014-09-21 16:14:21.102 Version info: Detection data 5.04
2014-09-21 16:14:21.102 Version info: Build date 29/7/2014
2014-09-21 16:14:21.102 Version info: Data files added 574
2014-09-21 16:14:21.102 Version info: Last successful update (not yet updated)
2014-09-21 16:15:57.723 Downloading updates...
2014-09-21 16:15:57.723 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE505 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE506 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE507 LATEST 
2014-09-21 16:15:57.723 Update progress: [I49502] Found supplement IDE508 LATEST 
2014-09-21 16:15:57.723 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-09-21 16:15:57.723 Update progress: [I19463] Syncing product SAVIW32 43
2014-09-21 16:16:05.156 Update progress: [I19463] Syncing product IDE505 175
2014-09-21 16:16:15.718 Installing updates...
2014-09-21 16:16:16.365 Update progress: [I19463] Syncing product IDE506 201
2014-09-21 16:16:16.366 Update progress: [I19463] Syncing product IDE507 162
2014-09-21 16:16:16.366 Update progress: [I19463] Syncing product IDE508 32
2014-09-21 16:16:32.369 Update successful
2014-09-21 16:16:49.559 Option all = no
2014-09-21 16:16:49.559 Option recurse = yes
2014-09-21 16:16:49.559 Option archive = no
2014-09-21 16:16:49.559 Option service = yes
2014-09-21 16:16:49.559 Option confirm = yes
2014-09-21 16:16:49.559 Option sxl = yes
2014-09-21 16:16:49.560 Option max-data-age = 35
2014-09-21 16:16:49.560 Option EnableSafeClean = yes
2014-09-21 16:16:49.606 Option vdl-logging = yes
2014-09-21 16:16:49.610 Component SVRTcli.exe version 2.5
2014-09-21 16:16:49.610 Component control.dll version 2.5
2014-09-21 16:16:49.610 Component SVRTservice.exe version 2.5
2014-09-21 16:16:49.610 Component engine\osdp.dll version 1.44.1.2171
2014-09-21 16:16:49.610 Component engine\veex.dll version 3.56.0.2171
2014-09-21 16:16:49.610 Component engine\savi.dll version 8.1.4.2171
2014-09-21 16:16:49.610 Component rkdisk.dll version 1.5.30.0
2014-09-21 16:16:49.610 Version info: Product version 2.5
2014-09-21 16:16:49.611 Version info: Detection engine 3.56.0
2014-09-21 16:16:49.611 Version info: Detection data 5.04G
2014-09-21 16:16:49.611 Version info: Build date 29/7/2014
2014-09-21 16:16:49.611 Version info: Data files added 574
2014-09-21 16:16:49.612 Version info: Last successful update 22/9/2014 0:16:32
 
2014-09-21 16:25:12.371 Could not open C:\hiberfil.sys
2014-09-21 16:25:24.752 Could not open C:\pagefile.sys
2014-09-21 16:27:51.175 >>> Virus 'Mal/Behav-155' found in file C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe
2014-09-21 16:27:51.175 >>> Virus 'Mal/Behav-155' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-09-21 16:27:51.176 >>> Virus 'Mal/Behav-155' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2014-09-21 16:27:51.176 >>> Virus 'Mal/Behav-155' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-09-21 16:27:51.177 >>> Virus 'Mal/Behav-155' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2014-09-21 16:31:53.487 Could not open C:\System Volume Information\{076f8af7-3e6f-11e4-b2c4-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.488 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.489 Could not open C:\System Volume Information\{a2d3696d-41a9-11e4-9c49-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.489 Could not open C:\System Volume Information\{bab3a0eb-3ebe-11e4-a039-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.490 Could not open C:\System Volume Information\{d8a6e3f5-3e71-11e4-b031-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.491 Could not open C:\System Volume Information\{d8a6e3f9-3e71-11e4-b031-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.492 Could not open C:\System Volume Information\{d8a6e414-3e71-11e4-b031-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.493 Could not open C:\System Volume Information\{d8a6e41a-3e71-11e4-b031-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.494 Could not open C:\System Volume Information\{e10c1877-3e8b-11e4-84f4-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.495 Could not open C:\System Volume Information\{e10c1ab8-3e8b-11e4-84f4-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:31:53.495 Could not open C:\System Volume Information\{e60ae96e-4163-11e4-a473-1078d2554662}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-09-21 16:32:15.765 Could not open C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Current Session
2014-09-21 16:32:16.041 Could not check C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2014-09-21 16:32:16.053 Could not check C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2014-09-21 16:32:17.438 Could not check C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2014-09-21 16:32:26.517 Could not check C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2014-09-21 16:32:26.555 Could not check C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdnfnkhpgegpcingjbfihlkjeighnddk\LOCK (virus scan failed)
2014-09-21 16:49:55.632 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-09-21 16:49:55.633 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-09-21 17:05:34.247 The following items will be cleaned up:
2014-09-21 17:05:34.248 Mal/Behav-155
2014-09-21 17:15:39.236 Threat 'Mal/Behav-155' has been cleaned up.
2014-09-21 17:15:39.248 File "C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe" belongs to malware 'Mal/Behav-155'.
2014-09-21 17:15:39.249 File "C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe" has been cleaned up.
2014-09-21 17:15:39.249 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" belongs to malware 'Mal/Behav-155'.
2014-09-21 17:15:39.249 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" has been cleaned up.
2014-09-21 17:15:39.249 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" belongs to malware 'Mal/Behav-155'.
2014-09-21 17:15:39.249 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" has been cleaned up.
2014-09-21 17:15:39.249 Removal successful
2014-09-21 17:15:39.282 Contents of SafeClean bin directory:
2014-09-21 17:15:39.282 {
2014-09-21 17:15:39.282    RecordID   : "0000000000000001",
2014-09-21 17:15:39.282    ItemType   : "1",
2014-09-21 17:15:39.282    Location   : "C:\Program Files (x86)\Common Files\Thunder Network\Kankan\",
2014-09-21 17:15:39.282    FileName   : "XLStartKankan.exe",
2014-09-21 17:15:39.282    ThreatName : "Mal/Behav-155",
2014-09-21 17:15:39.282    Checksum   : "b7bc0ec967c493f9912a0cac3bcb89179fff1ef630eb95598e595c3ee090985a",
2014-09-21 17:15:39.282    TimeStamp  : "Mon Sep 22 01:15:35 2014"
2014-09-21 17:15:39.282 }
 
2014-09-21 17:17:39.041 Scan completed.
2014-09-21 17:17:39.041
 
------------------------------------------------------------
 
2014-09-22 00:14:39.711 Sophos Virus Removal Tool version 2.5.3
2014-09-22 00:14:39.711 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2014-09-22 00:14:39.711 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2014-09-22 00:14:39.711 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2014-09-22 00:14:39.711 Checking for updates...
2014-09-22 00:14:43.019 Update progress: proxy server not available
2014-09-22 00:15:12.534 Option all = no
2014-09-22 00:15:12.534 Option recurse = yes
2014-09-22 00:15:12.534 Option archive = no
2014-09-22 00:15:12.534 Option service = yes
2014-09-22 00:15:12.534 Option confirm = yes
2014-09-22 00:15:12.534 Option sxl = yes
2014-09-22 00:15:12.534 Option max-data-age = 35
2014-09-22 00:15:12.534 Option EnableSafeClean = yes
2014-09-22 00:15:12.690 Option vdl-logging = yes
2014-09-22 00:15:12.877 Component SVRTcli.exe version 2.5
2014-09-22 00:15:12.877 Component control.dll version 2.5
2014-09-22 00:15:12.877 Component SVRTservice.exe version 2.5
2014-09-22 00:15:12.877 Component engine\osdp.dll version 1.44.1.2171
2014-09-22 00:15:12.877 Component engine\veex.dll version 3.56.0.2171
2014-09-22 00:15:12.877 Component engine\savi.dll version 8.1.4.2171
2014-09-22 00:15:12.924 Component rkdisk.dll version 1.5.30.0
2014-09-22 00:15:12.924 Version info: Product version 2.5
2014-09-22 00:15:12.924 Version info: Detection engine 3.56.0
2014-09-22 00:15:12.924 Version info: Detection data 5.04G
2014-09-22 00:15:12.924 Version info: Build date 29/7/2014
2014-09-22 00:15:12.924 Version info: Data files added 574
2014-09-22 00:15:12.924 Version info: Last successful update 22/9/2014 0:16:32
2014-09-22 00:15:27.541 Downloading updates...
2014-09-22 00:15:27.541 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2014-09-22 00:15:27.541 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2014-09-22 00:15:27.541 Update progress: [I49502] Found supplement IDE505 LATEST 
2014-09-22 00:15:27.541 Update progress: [I49502] Found supplement IDE506 LATEST 
2014-09-22 00:15:27.541 Update progress: [I49502] Found supplement IDE507 LATEST 
2014-09-22 00:15:27.541 Update progress: [I49502] Found supplement IDE508 LATEST 
2014-09-22 00:15:27.541 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-09-22 00:15:27.541 Update progress: [I19463] Syncing product SAVIW32 43
2014-09-22 00:15:27.541 Update progress: [I19463] Syncing product IDE505 175
2014-09-22 00:15:30.973 Update progress: [I19463] Syncing product IDE506 201
2014-09-22 00:15:30.973 Update progress: [I19463] Syncing product IDE507 162
2014-09-22 00:15:30.973 Update progress: [I19463] Syncing product IDE508 35
2014-09-22 00:15:31.051 Installing updates...
2014-09-22 00:15:32.143 Update successful
2014-09-22 00:15:40.333 Option all = no
2014-09-22 00:15:40.333 Option recurse = yes
2014-09-22 00:15:40.333 Option archive = no
2014-09-22 00:15:40.333 Option service = yes
2014-09-22 00:15:40.333 Option confirm = yes
2014-09-22 00:15:40.333 Option sxl = yes
2014-09-22 00:15:40.333 Option max-data-age = 35
2014-09-22 00:15:40.333 Option EnableSafeClean = yes
2014-09-22 00:15:40.380 Option vdl-logging = yes
2014-09-22 00:15:40.395 Component SVRTcli.exe version 2.5
2014-09-22 00:15:40.395 Component control.dll version 2.5
2014-09-22 00:15:40.395 Component SVRTservice.exe version 2.5
2014-09-22 00:15:40.395 Component engine\osdp.dll version 1.44.1.2171
2014-09-22 00:15:40.395 Component engine\veex.dll version 3.56.0.2171
2014-09-22 00:15:40.395 Component engine\savi.dll version 8.1.4.2171
2014-09-22 00:15:40.395 Component rkdisk.dll version 1.5.30.0
2014-09-22 00:15:40.395 Version info: Product version 2.5
2014-09-22 00:15:40.395 Version info: Detection engine 3.56.0
2014-09-22 00:15:40.395 Version info: Detection data 5.04G
2014-09-22 00:15:40.395 Version info: Build date 29/7/2014
2014-09-22 00:15:40.395 Version info: Data files added 577
2014-09-22 00:15:40.395 Version info: Last successful update 22/9/2014 8:15:32
2014-09-22 03:01:19.309 Sophos Virus Removal Tool version 2.5.3
2014-09-22 03:01:19.309 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2014-09-22 03:01:19.310 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2014-09-22 03:01:19.310 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2014-09-22 03:01:19.311 Checking for updates...
2014-09-22 03:01:22.267 Update progress: proxy server not available
2014-09-22 03:01:54.963 Downloading updates...
2014-09-22 03:01:54.964 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2014-09-22 03:01:54.964 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2014-09-22 03:01:54.964 Update progress: [I49502] Found supplement IDE505 LATEST 
2014-09-22 03:01:54.964 Update progress: [I49502] Found supplement IDE506 LATEST 
2014-09-22 03:01:54.964 Update progress: [I49502] Found supplement IDE507 LATEST 
2014-09-22 03:01:54.964 Update progress: [I49502] Found supplement IDE508 LATEST 
2014-09-22 03:01:54.964 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-09-22 03:01:54.964 Update progress: [I19463] Syncing product SAVIW32 43
2014-09-22 03:01:54.964 Update progress: [I19463] Syncing product IDE505 175
2014-09-22 03:02:04.701 Update progress: [I19463] Syncing product IDE506 201
2014-09-22 03:02:04.701 Update progress: [I19463] Syncing product IDE507 162
2014-09-22 03:02:04.701 Update progress: [I19463] Syncing product IDE508 36
2014-09-22 03:02:04.838 Update error: cancelled synchronise
2014-09-22 03:02:09.371 Option all = no
2014-09-22 03:02:09.371 Option recurse = yes
2014-09-22 03:02:09.371 Option archive = no
2014-09-22 03:02:09.371 Option service = yes
2014-09-22 03:02:09.371 Option confirm = yes
2014-09-22 03:02:09.371 Option sxl = yes
2014-09-22 03:02:09.372 Option max-data-age = 35
2014-09-22 03:02:09.372 Option EnableSafeClean = yes
2014-09-22 03:02:09.502 Option vdl-logging = yes
2014-09-22 03:02:09.510 Component SVRTcli.exe version 2.5
2014-09-22 03:02:09.510 Component control.dll version 2.5
2014-09-22 03:02:09.510 Component SVRTservice.exe version 2.5
2014-09-22 03:02:09.510 Component engine\osdp.dll version 1.44.1.2171
2014-09-22 03:02:09.510 Component engine\veex.dll version 3.56.0.2171
2014-09-22 03:02:09.510 Component engine\savi.dll version 8.1.4.2171
2014-09-22 03:02:09.510 Component rkdisk.dll version 1.5.30.0
2014-09-22 03:02:09.510 Version info: Product version 2.5
2014-09-22 03:02:09.511 Version info: Detection engine 3.56.0
2014-09-22 03:02:09.511 Version info: Detection data 5.04G
2014-09-22 03:02:09.511 Version info: Build date 29/7/2014
2014-09-22 03:02:09.512 Version info: Data files added 577
2014-09-22 03:02:09.512 Version info: Last successful update 22/9/2014 8:15:32
 
2014-09-22 03:03:16.376 Scan completed.
2014-09-22 03:03:16.376
 
------------------------------------------------------------





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users