Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some worrying behaviour on my laptop


  • Please log in to reply
1 reply to this topic

#1 Osprey95

Osprey95

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 22 December 2014 - 11:38 AM

Today I checked my Temp folder, and I found two things I did not expect to see - a "Low" folder and a file titled NitroSysFonts01.dat, both created at exactly the same time yesterday. These I already know are created when I open Internet Explorer and a PDF file respectively (I use Nitro Pro to read PDFs). This concerned me as I had not used either in a while (I exclusively use Firefox), and my thoughts were that something had tried to open a PDF in Explorer. I immediately scanned my laptop with Malwarebytes Antimalware. I ran a custom scan which did not detect anything, but what I noticed was that it took an extremely long time - about 10 minutes or so - to complete the "heuristic analysis" section of the scan, which usually finishes much quicker. This was the same again when running a threat scan later on.

 

After this I tried to run another scan using Windows Defender, and I ran into some problems.

 

The first time I started scanning, the scan appeared to freeze for about 20 seconds before starting. Also, the "items scanned" number was extremely high already - in excess of 1,600,000. After about 8 minutes the scan abruptly stopped. I tried to scan again, but was shown an error message saying:

 

"This service couldn't be started. The group or resource is not in the correct state to perform the requested operation.

 

Error code: 0x8007139f"

 

Only by closing and then re-starting Defender could I scan again. This time the scan lasted about 30 minutes before stopping, the same as again. Also notable is that the number by "items scanned" seemed to be the same as it was when the previous scan stopped.

 

From googling the error code it seems that this message appears if you have two conflicting antivirus programs, but I had since closed MBAM and I run no other program.

 

I am experiencing no other symptoms or signs of infection, but perhaps worth noting is that I briefly lost my internet connection after the second attempted Defender scan (this may be unrelated). I use Windows 8.1 if this is relevant.


Edited by Osprey95, 22 December 2014 - 11:58 AM.


BC AdBot (Login to Remove)

 


#2 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:04 PM

Posted 27 December 2014 - 05:10 PM

This is quite weird I would open up Mbam, update the database and run a threat scan and tell me what it finds. I presume you don't have an antivirus? If you don't you really need to get one if you do I would run a full scan with it and post your (if its ok with the moderators) antivirus logs.

Edited by awesomecooldude101, 27 December 2014 - 05:16 PM.

they call me te java mayster





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users