Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVC:UniversalUpdater Win32:Evo-gen[Susp]


  • Please log in to reply
3 replies to this topic

#1 ozstar

ozstar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Oz
  • Local time:09:19 AM

Posted 16 January 2015 - 02:36 AM

Hi,

 

I have Win 7 Pro up to date with all patches.

 

Just today started getting this message from Free Avast when booting up.

 

ROOTKIT FOUND

A suspicious object (rootkit) has been detected on your system.

This may be a sign of Malware.

It is recomended to remove it immedialtely.

 

SVC:Unversal Updater> C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe\

 

I have deleted it twice and done the root scan that Avast has requested at each new bootup, but it comes back.

 

It does not seem to stop anything I am doing.

 

I uploaded that exe file to VirusTotal and it gives it a 18 out of 57.

 

I have used Free Malwarebytes but it doesn't find anything.

 

The folder named \0ca45c95134d\ has a sub folder Crash Reports and other files such as bde9a3642b8c.json and cf3e08d747e4.log.

 

That log file goes back to 12/12/2014 and has 13135 lines in it to today.  Looks like an few entries each day.

 

Where do I go from here please?

 

Thanks

 

oz


Edited by ozstar, 16 January 2015 - 03:59 AM.


BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 16 January 2015 - 04:25 AM

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
    • mbar-log-{date} (xx-xx-xx).txt
    • system-log.txt

 

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document


#3 ozstar

ozstar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Oz
  • Local time:09:19 AM

Posted 16 January 2015 - 04:41 AM

Many thanks for these instructions.

 

I have to be away for 5 days so will do it on my return.

 

The box will be off all that time anyway.

 

oz



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 16 January 2015 - 05:04 AM

OK, :guitar:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users