Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something found by minitoolbox, has my antivirus been corrupted


  • Please log in to reply
5 replies to this topic

#1 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:04 AM

Posted 26 November 2014 - 09:52 AM

Last night, realy late, i ran a routine (every few weeks) scan with minitoolbox (MiniToolBox by Farbar Version: 21-07-2014) and found something scary looking. I have a windows 8 64 bit computer, i run avg as my antivirus. Mintoolbox found "code integrity errors" in a dll file belonging to my antivirus (AVG free 2015).


CodeIntegrity Errors:

===================================

Date: 2014-11-12 18:35:41.058

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.


Date: 2014-11-12 18:35:39.303

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.



Otherwise it found nothing out of the ordinary. I ran a scan with rkill (a version downloaded on 1st october this year) and it found nothing, security check also said i was fine. MBAM has not found any infections, AVGs own scans have found nothing. I recently ran kaspersky virus removal tool and it found nothing, i'll run it again with a newer version though. ESET online scanner (the downloaded exe file version, not the one run through internet explorer) also came up clean, but i'll run it again to check. I reported in another thread a while back that AVG had encountered some weird crashes and i don't know if this scary sounding error is related to them.

I need to work out

1) if this "code integrity error" is a symptom of a virus(or other malware)

2) if it is from a virus, how to find and kill the virus

3) if it isn't from a virus, what caused this error and how can it be repaired.


I'm guessing it means my antivirus is either currently not working properly or utterly compromised. What should i do about this?

I'll edit this post to include some more logs in about an hour's time.

Other things i can report is that my computer hasn't been acting to strangely lately but it has had a couple of freeze ups (half a minute of it refusing to let the mouse move or accept any key presses) and sometimes randomly switched between programs (as in i had multiple programs open, i was working in one and for no reason it switched to the other). It's happened at the worst possible time, i've got loads of urgent things i need to do on the computer this week. Please help me find the cause and cure it fast.

Currently running an ESET online scanner scan. Going to run MBAR (malwarebytes antirootkit) after that.

Thank you

Edited by rp88, 26 November 2014 - 12:09 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


m

#2 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:04 AM

Posted 26 November 2014 - 12:14 PM

When i opened ESET and tried to scan it gave an error warning in red text "cannot get update, is proxy configured?" Trying to open and run the program a second time gave the same error. This seems pretty suspicious to me.

After, disconnecting, restarting and reconnecting to the internet i was able to get eset to communicate with it's servers and start scanning. Still seems pretty creepy though. Scan will probably take 2 hours to finish from now. MBAR scan will be run immediately afterwards, it usually takes 20 minutes.

Eset has finished, it found nothing. Running MBAR now.

Mbar finished and found nothing.

Now trying a scan with AVG, but as the minitoolbox log seems to say AVG is damaged i don't know how much help this scan will be.

AVG just finished, it found some locked files (which it always finds) but didn't find any infections.

MBAM also didn't find any infections.

Extra observations: i haven't noticed anything new running under the proceses tab in task manager, i also haven't noticed any new startup items in CCleaner's list of startup items, this thing that minitoolbox found might be somehow related to the problems i had with AVG which i have detailed here some time ago.

http://www.bleepingcomputer.com/forums/t/555751/need-help-working-out-why-avg-crashedneed-to-know-if-a-virus-is-repsonsible/

I never worked out what caused that, this may be related, or it might not.

Edited by rp88, 26 November 2014 - 06:51 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:04 AM

Posted 28 November 2014 - 01:06 PM

Excuse me, can anyone help here. I've run more scans of the same types since and they've found nothing, i've also run minitoolbox several times and each time it has mentioned the same "code integrity error" in it's log.

Extra Information, I have noticed some weird flickering when trying to use firefox to upload files to google drive within gmail, upon opening the file browser the cursor was rapidly flashing between "hand" and "arrow" icons, more or less at random. This might be nothing, or just a harmless software bug but it serves to make me more suspicious. I've also seen some sismilar flickering on some webpages, it didn't happen when i uploaded files to google drive from chrome. If this matches anything you've heard of as a virus symptom please tell me.
thanks

Note: read from first post to understand what is going on, all subsequent posts just contain extra details.

Edited by rp88, 28 November 2014 - 03:25 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 AM

Posted 28 November 2014 - 10:33 PM


Code Integrity validates user-mode files loaded into Protected Processes that are part of the Protected Media Path. The validation compares the page hashes stored in the system security catalog files to the page hashes of the user-mode files themselves. There are several specialized tools which check for and report issues with Code Integrity. Since the file in question (avghooka.dll) belongs to AVG, you need to ask them why Code Integrity is unable to verify the image integrity of the file.

Code Integrity is a feature that validates the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative privileges. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.

Code Integrity
Code Integrity Event Log Messages
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:04 AM

Posted 29 November 2014 - 11:16 AM

I guess it's probably easiest to just reload from a system image and go back to a time before this whole affair started, i have a clean image lying on a USB stick somewhere.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:04 AM

Posted 30 November 2014 - 02:01 AM

I've just finished restoring from an image and am currently re-updating all my programs/windows itself. I think there must have been some sort of bug within AVG to cause some of the issues i had but i still have no clue what caused the code integrity problems.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users