Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection, zero access (maybe)?


  • This topic is locked This topic is locked
11 replies to this topic

#1 saycore

saycore

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 17 February 2015 - 09:17 AM

Hi,

 

My friend's computer is possibly infected.  He likes to use internet explorer V11. when he tries to open a pdf file in his AOL email, he gets the message

 

XXX.pdf file contains a virus and was deleted.

 

 If I try to open pdf files in chrome, it works just fine.  Or since he likes to use internet explorer, he will forward the email to me and I can open it.

 

Windows 7 Pro, 64 bit operating system.

 

Thanks for any advice


Edited by saycore, 17 February 2015 - 11:18 AM.


BC AdBot (Login to Remove)

 


#2 jh1234l

jh1234l

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 17 February 2015 - 11:58 PM

Hello, saycore! Let's start with some important instructions:

  • Avoid installing or uninstalling programs during the malware removal process, because doing so can cause discrepancies between the information in different log files created by different programs at different times.
  • Do NOT run tools such as Combofix unless instructed by a BleepingComputer staff member. These tools can break your computer if used improperly, so you should only run them if you know what you are doing or if the person who told you to use Combofix knows what they're doing.
  • If you want to, you should back up all important documents and files to an external storage device or online file backup service. Malware infections--and attempts to fix them--can prevent your computer from booting up, making your files unaccessable; this means that backing up your files to an USB flash drive or to an online service like Dropbox before attempting to remove malware is a good idea.

 

Step 1: Please download MiniToolBox by Farbar, and save it to your desktop.

 

Run the program. Please select the following options:

 

  1. Flush DNS
  2. Report IE proxy settings
  3. Reset IE proxy settings
  4. Report FF proxy settings
  5. Reset FF proxy settings
  6. List content of Hosts
  7. List installed programs
  8. List restore points

After the program finishes its job, it will create a log file called "Result.txt" on your desktop. Post the contents of that file in your next reply.

 

Step 2: Run ESET online scanner

 

  1. Using Internet Explorer, navigate to http://www.eset.com/us/online-scanner-popup/ (If you used another web browser, such as Firefox, you will have to download an installer file)
  2. Read through the program's terms of use. If you agree with it, check the checkbox which confirms that you accepted the program's terms of use. If you do not agree with its terms of use, then notify me and I can find another virus cleaning solution for you.
  3. Accept any security warnings which may appear.
  4. Click on the advanced settings part, and select "Scan for potentially unsafe applications","remove found threats", and "Scan archives".
  5. Check "scan for potentially unwanted applications".
  6. Click "start".
  7. Eset will download updates and scan your computer; this may take a few minutes to a few hours.
  8. When the scan completes, click "list threats".
  9. Click "Export", and save the log file to your desktop.
  10. Post the contents of the log file to your next forum post. Please note that if ESET does not detect anything, it may not necessarily generate a log file.

Step 3: Please download AdwCleaner by Xplode, and save it to your desktop.

 

  1. Click on the "scan" button.
  2. The tool will scan your computer for adware; this may take a few minutes.
  3. After the scan has finished, click on the "Report" button. A logfile, AdwCleaner[R0].txt, will show.
  4. After viewing the log, close the log file window. View the list of adware detections, and uncheck ones that you do not want to remove(i.e. the ones which you're sure to be benign).
  5. Press the "Clean" button. You will be requested to restart your computer.
  6. After restarting your computer, a log file called AdwCleaner[S0].txt will show. Post the contents of that log file in your next reply.

Edited by jh1234l, 17 February 2015 - 11:59 PM.


#3 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:30 AM

Posted 18 February 2015 - 06:26 AM

High risk opening any type of attached email file without knowing who it was from and its content. One of the most common ways malware uses to infect  one's computer.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 saycore

saycore
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 18 February 2015 - 09:33 AM

Thank you for all of your help in advance. 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by Barry (administrator) on 18-02-2015 at 09:31:12
Running from "C:\Users\Barry\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1 localhost
 
 
 
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4418 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)
HP LaserJet 200 color MFP M276 Fax (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LaserJet 200 color MFP M276 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LJ200 M276 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
========================= Restore Points ==================================
 
17-02-2015 19:03:09 Scheduled Checkpoint
 
**** End of log ****


#5 saycore

saycore
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 18 February 2015 - 10:21 AM

C:\Users\Barry\AppData\Local\fyysxyqxupazu\aol\tmp\marcchaumette.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Users\Barry\AppData\Local\Temp\wzmnni14dugelq1.dll a variant of Win32/Bayrob.O trojan cleaned by deleting - quarantined
C:\Users\Barry\AppData\Local\Temp\wzmnni14dugelq2.dll a variant of Win32/Bayrob.O trojan cleaned by deleting - quarantined
C:\Users\Barry\Downloads\Java_Setup.exe a variant of Win32/InstallCore.WQ potentially unwanted application deleted - quarantined
C:\Users\Barry\Downloads\olympus-camedia-master.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\11petrica.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\11simona.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\16ozana.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\20ghita.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\21eremia.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\22alberta.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\26cosmina.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\27cristobal.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\29iridenta.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\2cezara.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\32crenguta.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\34profira.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\35heracleea.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\40casiana.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\43cezar.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\47andrada.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\48pavel.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\51liliana.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\51teohari.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\52petrisor.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\53george.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\54zamfira.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\55luciana.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\56ecaterina.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\58octavia.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\58savina.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\62emanuil.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\67ionut.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\68leonard.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\74cornel.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\77gheorghita.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\7viorel.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\88larisa.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\91leonard.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\93draga.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\94emanuel.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\99mariana.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\albertina60.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\aleodor38.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\arian21.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\avram88.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\axenia25.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\claudiu62.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\codruta76.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\costache17.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\dora65.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\dorian81.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\emil39.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\fabiana65.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\florentina17.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\gabriela68.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\ionica86.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\maxim47.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\mina97.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\mitica20.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\niculita98.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\octavia51.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\ovidiu38.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\pompilia49.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\sabrina63.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\sanziana19.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\stefania10.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\tiberia87.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\violeta90.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\tmp\visarion29.zip a variant of Win32/Agent.VNC trojan deleted - quarantined
C:\Windows\fyysxyqxupazu\aol\exefile a variant of Win32/Rodecap.BG trojan cleaned by deleting - quarantined

#6 saycore

saycore
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 18 February 2015 - 10:33 AM

# AdwCleaner v4.110 - Logfile created 18/02/2015 at 10:30:03
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Barry - MININT-RN7VFT2
# Running from : C:\Users\Barry\Downloads\AdwCleaner (2).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [3204 bytes] - [16/02/2015 12:11:58]
AdwCleaner[R1].txt - [874 bytes] - [18/02/2015 10:23:59]
AdwCleaner[R2].txt - [932 bytes] - [18/02/2015 10:29:03]
AdwCleaner[S0].txt - [3257 bytes] - [16/02/2015 12:13:22]
AdwCleaner[S1].txt - [860 bytes] - [18/02/2015 10:30:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [918 bytes] ##########

#7 jh1234l

jh1234l

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 18 February 2015 - 06:45 PM

Saycore, it appears as if your computer is infected with several trojans (deleted). Let's run a scan with malwarebytes to take a closer look. 

Please open Malwarebytes Antimalware.(Download it from www.malwarebytes.com, if you do not already have it.)

  1. Press the blue "update now" link on the dashboard.
  2. After the program updates, press "Scan now" to run a threat scan.
  3. Wait for the scan to finish.
  4. If Malwarebytes detects any malware, press "Apply Actions" to remove all of the malware programs.
  5. You may have to restart your computer.
  6. Open Malwarebytes again, and go to history tab > application logs.
  7. Double click the "Scan log" with the time at which the scan was run.
  8. Click "Export" and save it as a .txt file.
  9. Add the contents of that file to your next reply.

Edited by jh1234l, 18 February 2015 - 06:46 PM.


#8 saycore

saycore
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 19 February 2015 - 10:07 AM


Here is the report from Malwarebytes.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/19/2015
Scan Time: 9:47:18 AM
Logfile: malware 2 19 15.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.19.05
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Barry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330503
Time Elapsed: 4 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

#9 saycore

saycore
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 19 February 2015 - 10:08 AM

I still am getting the same message, *.pdf contained a virus and was deleted. in IE.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 19 February 2015 - 11:26 AM

Hello the Bayrob and VNC Trojans.. Open backdoors and allow remote access to your comp by the bad guys. If you do banking on here notify your bank you have a back door infection...

I would get a deeper look at this machine.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 saycore

saycore
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 19 February 2015 - 12:23 PM

I have followed the Preparation Guide and created a new topic.

I will let you know how all works out!

Thanks much for all help so far!!

Carolynn

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 19 February 2015 - 03:58 PM

Ok, thanks Carolynn

You may still have 0access...

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users