Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus: HEU_AEGISCS938 via Dropbox


  • This topic is locked This topic is locked
9 replies to this topic

#1 michelle012

michelle012

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 19 September 2014 - 04:13 PM

Hi,
 
First time posting. I'm using Windows 7. It seems that I've been infected with a virus "HEU_AEGISCS938" via my desktop Dropbox application. It was located in C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
Since then, I have uninstalled Dropbox, and ran a full scan on Trend Micro Titanium Security (clean). I was unable to run Malwarebytes Anti-Malware because the program would freeze and force to close everytime I tried to update it. I am also unable to download any form of media (eg. PDF, documents) to my computer. Chrome shows a message on the bottom: "Failed - Network error". This only started happening after the virus attack.
 
I am unable to download any new software because of 0 kb disc space in my C:/ drive. Sadly, this was due to a disc partitioning error that was done when my laptop got reformatted at a service centre last year. It is at the point where I can't even open image files.
 
What can I do to remove the virus? (and free up C:/ disc space?)
 
Thanks!


Mod Edit: moved to Virus, Trojan, Spyware, and Malware Removal Logs as they are unable to download any new software because of 0 kb disc space in my C:/ drive. ~~boopme


Edited by boopme, 19 September 2014 - 08:04 PM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 24 September 2014 - 04:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/549064 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 michelle012

michelle012
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 24 September 2014 - 05:13 PM

1. Nothing has changed since my first post.

2. I am unable to download DDS. There is an error message on the bottom of my Chrome window: "Failed - Disk Full". I have tried to change the download destination between C:/ to D:/ drives. Both did not work.

I am running on Windows 7 Home Premium, 64bit.

3. I do not have my original Windows CD/DVD

 

Thanks!



#4 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:52 AM

Posted 29 September 2014 - 12:41 PM

Hi michelle012,

Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. :welcome:
My name is Mako and I will be helping you with your computer problems.

Before we begin, please note the following:

  • Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • The instructions given are for your system only!
  • Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • If you don't understand something don't hesitate to ask before running the tools.
  • As you may have noticed: I live in Belgium. Meaning that due to the time difference it can take some time before I'm able to get back to you. Please allow me 24h to reply to your topic before sending me a PM or giving this topic a bump.

Now let's get started...
 

 

I am unable to download any new software because of 0 kb disc space in my C:/ drive. Sadly, this was due to a disc partitioning error that was done when my laptop got reformatted at a service centre last year. It is at the point where I can't even open image files.

 

If I understand correctly this issue began before you got infected? Even before the infection you weren't able to open any image file or download something to your computer?

We will need to look into this first since removing the malware from your computer will require some additional programs which need to be downloaded from the Internet.

 

Let's take a look at your current partition situation:

 

Hold down the Windows + R key and type: diskmgmt.msc and hit Enter

Make a screenshot of the window that pops-up. You can do this with ease by using the Windows snipping tool located in you Accessories folder in the start menu.

Please attach this screenshot to your next reply.

 

Good luck!

 

Regards,

Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#5 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:52 AM

Posted 03 October 2014 - 03:16 AM

Hello michelle012,

 

Are you still with me  :question:

Do these instructions work out for you?


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#6 michelle012

michelle012
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 03 October 2014 - 08:23 PM

Hi Mako,

 

Prior to the suspected virus infection, I had about 100MB worth of space left in the C:/ drive. Afterwards, it could not even load image files from pictures that were saved on my PC. It is now at the point where I am unable to save new files (including the screenshot).

 

Thanks for the advice, hope there is a way to work around this.



#7 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:52 AM

Posted 04 October 2014 - 09:25 AM

Hi michelle012,

 

Thank you for your reply and clarification. I'm afraid you forgot to attach the screenshot to your post... :rolleyes:

You can add the image file to your post by selecting "More reply options" and click "Choose Files..." under the text editor.

 

Attached File  editor.png   44.77KB   0 downloads


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#8 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:52 AM

Posted 08 October 2014 - 10:57 AM

Hello michelle012,

 

It's been another couple of days since your last post. Try to get back to me a little quicker please. There are a lot of tools that we'll need to run in order to check your computer on any malware. These results aren't very accurate if there are days in between.

Please reply within the next 24h to this thread, otherwise it will be closed.

 

Respectfully,

Mako 


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#9 michelle012

michelle012
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 08 October 2014 - 02:10 PM

Hi Mako,

 

Sorry for the late reply. The problem seems to have resolved (unsure why?).

 

Thanks for the help anyway!



#10 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:52 AM

Posted 09 October 2014 - 12:57 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users