Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection?


  • Please log in to reply
8 replies to this topic

#1 Winterland

Winterland

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:56 AM

Posted 13 February 2015 - 08:45 AM

Well, I'm starting to get quite a few Red Banner pop-ups in the lower right hand corner.

 

 

Most of them indicating a location in the D:/.../AppData/Local/Temp.... and most seem to be of the Trojan.Win32.Generic variety.

 

 

         Egads, they are starting to come at me fast & furious-like.

 

Finish time is still showing unknown and the Stop Objects Scan is holding steady at 1%.

 

 

Once this completed, is it safe to Delete? Or should I Quarantine, and if I do, how does that work, since I'm running from a Live Disk?

 

 

 

 

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 13 February 2015 - 08:57 AM

Go ahead and Quarantine them.

 

Edit: I believe Kaspersky writes a folder to the drive, encrypts the files and places the infected files in the folder.


Edited by JohnC_21, 13 February 2015 - 09:23 AM.


#3 Winterland

Winterland
  • Topic Starter

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:56 AM

Posted 13 February 2015 - 11:05 AM

Hello JohnC_21 - thanks for the update & the info.

 

As you can tell from my Time Stamp - it's already close to 11:00 here  - the Scan is still running.

 

 

I was starting to get worried - checking in on it in between laundry & other chores - but the Stop Objects Scan has finally jumped up to 18% from the 1% where it had been holding steady for quite some time.

 

On the other hand, the Finish time is now showing 15 Hours - but, I suspect, MMMV.

 

Updates as I get them.

 

Thanks again for staying with this.

 

Winterland

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#4 JohnC_21

JohnC_21

  • Members
  • 24,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 13 February 2015 - 11:16 AM

I can't understand why it would take that long unless you have a very large drive and it's checking all files. Or, possibly the files system is damaged. If possible I would let it complete and see what happens.


Edited by JohnC_21, 13 February 2015 - 11:16 AM.


#5 Winterland

Winterland
  • Topic Starter

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:56 AM

Posted 13 February 2015 - 02:28 PM

           Uh, uum....oh, hi there!

 

           Well, how did I get here?    (sung to the tune of the old Talking Heads song)

 

 

If you're new to the Topic and you're thinking, "Hmm, seems like I walked in on the middle of a conversation..." it's because you have.

 

This whole exchange began a few days ago over here and one of the Mods moved it here.

 

Confusing I know, but we'll get it all sorted out. Appreciate you checking it out.

 

 

In the meantime, for those of you who have been keeping up, that Kasperksy Rescue Disk 10 keeps chugging along, currently at 45% and showing a finish time of 8 hours.

 

Now, it's not lost on me that it's Friday evening and lots of folks probably have better things to do than to help me tackle this Dell laptop, so I probably won't update again until tomorrow's first cup of coffee is poured.

 

 

 

@JohnC_21 - what do you think of my new digs? Spiffy, eh?

 

I'm going to, per your advice, let this run the Full Scan and will Quarantine (assuming it lets me) anything and everything it finds.

 

Appreciate your patience and tenacity with regards to this project.

 

Winterland


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#6 Winterland

Winterland
  • Topic Starter

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:56 AM

Posted 14 February 2015 - 08:06 AM

And Good Morning.

 

I'm thinking I'm setting some kind of record with this Scan, which is almost complete - holding at 99%

 

The laptop was up all night and when I woke up this morning and poured my first cup o' delicious coffee there was a big Amber info window asking me to perform an action.

 

Among my options were: Delete (Recommended) Ignore or Skip - an option to Quarantine was not there, so I selected Delete (and apply to all) and now it appears to be rolling through the found infections and either deleting and/or quarantining them.

 

The pop up info window in the lower right corner is slowly listing an item in Red, then flashing to Green when it details what was done.

 

It lists some as Deleted and Back Up Copy is Created and others (maybe the same?) as Moved to Quarantine.

 

 

 

Oh, and as I was making this post, another Red window popped up with the Header Alarm and showed a Trojan program: rootkit.Boot.Pihar.c

 

Options are to either Disinfect or Skip. I selected Disinfect (and Apply to All).

 

 

                          And, the Scan has just finished! Woo Hoo.

 

 

I'll be back after a reboot...I think.

 

Winterland

 

 

 

 

 

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#7 Winterland

Winterland
  • Topic Starter

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:56 AM

Posted 14 February 2015 - 09:42 AM

and then *pow* we've got a desktop and no (currently) BSOD. :guitar:

 

 

@JohnC_21 - well, that is 1 huge step in the right direction - major, major props to you for keeping me on task. :thumbup2:

 

 

Upon reboot, I've got a desktop that's been on for over 1/2 hour now.

 

I've got a few of the usual suspects - Adobe Update, expired McAfee, Skype (ugh, I hate Skype) and then, ironically, a prompt from Dell DataSafe telling me I should create a backup.  :mellow:

 

I selected the option to do so and then I get a window that says, "Dell DataSafe has not been able to detect the Recovery Partition on this computer. It may be missing or corrupted."

 

I'm going to run through the Standard Roll Out of cleaning up this laptop and see if I come up against anything nasty.

 

Ideas on how to tend to the most-likely missing/corrupted Recovery Partition?

 

 

Headed off to MBAM, Avast, Eset Online Scanner, etc.,several reboots and, perhaps, one more cup of coffee.

 

 

                                I love this place.

 

Winterland


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#8 JohnC_21

JohnC_21

  • Members
  • 24,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 14 February 2015 - 09:50 AM

I am glad you finally got to Windows. I would suggest  you also run Adwcleaner and Junkware RemovalTool. If you have internet then download and scan with HitmanPro.

 

After everything is up and running you can create a disk image with either Macrium Free or Aoemi Backupper. With the bootable disk that is created with each program you can recover your OS even if the computer does not boot or the hard drive fails.

 

Edit: You can download and run Security Check to find any programs out of date. For a free antivirus I like either Bitdefender Free or Panda Free. I prefer PDFXchange Viewer over Adobe Reader for a PDF viewer.

 

Also take a look at HitmanPro Alert2. It works alongside your AV and hardens your browser against attack. There is a free and paid version.

 

Edit Edit: And if you have Adobe Air installed, get rid of that also. If you need it you can always donwload it again. Not many programs use it.

 

Just another option. Check out Aoemi One Key Recovery. It will put a Recovery Partition on your Computer. Here is a video on it. Of course, if the drive becomes damaged you cannot recover the OS like having a Disk Image on an external drive.


Edited by JohnC_21, 14 February 2015 - 10:05 AM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:56 AM

Posted 14 February 2015 - 11:48 AM

And the Scan has just finished! Woo Hoo.

It is not uncommon for some security scans to take many hours to complete.

The speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
    ...see How an Anti-virus Program Works.
  • Options to scan for rootkits, adware, riskware and potentially unwanted programs (PUPS).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk size and used capacity (number of files that have to be scanned).
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system/CPU resources by the scanner.
  • Other running processes and programs in the background.
  • Whether the scanning engine stalls, hangs or freezes.
  • Interference from malware.
  • Interference from other security programs attempting to scan at the same time.
  • Interference from other programs attempting to update (download/install) components from the Internet.
  • Interference from the user (whether or not you use the computer during the scan).
Note: Using two or more program security scanning engines at the same time can cause each to interfere with the other, cause systems hangs, false detections, unreliable results and other unpredictable behavior.

For future reference...To speed up a scan, clean out temporary (junk) files first, temporarily disable any other real-time protection tools, close all open programs, perform a Quick Scan instead of a Full one and do not use the computer during the scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users