Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SAS found a trojan may need help


  • Please log in to reply
23 replies to this topic

#1 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 28 April 2015 - 04:55 PM

Superantispyware turned up trojan.agent/gen-artimus, it looks as if it cleaned it up.  I did search and did find a post where it came back, the post was from 2013 should I be worried?

 


Honesty & Integrity Above All!


BC AdBot (Login to Remove)

 


#2 Gmer99

Gmer99

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:04:56 AM

Posted 28 April 2015 - 05:05 PM

Superantispyware has from time to time false positives , use something better like Kaspersky virus cleaning tool 2015 or Drweb CureIt tool , Sophos cleaning tool , Panda Cloud Cleaning tool etc... etc 



#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:56 AM

Posted 28 April 2015 - 05:11 PM

Hello there :)

Please follow the instructions below. If you do not understand anything, feel free to stop and ask.

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

===

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
===

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner

You will need to use Internet Explorer for this scan.
  • Hold down Ctrl and click here to open ESET Online Scanner in a new window.
  • Click the ESET Online Scanner button.
  • Put a checkmark in "YES, I accept the Terms of Use."
  • Click Start.
  • Accept any security warnings from your browser.
  • Under Scan settings, put a checkmark in Scan Archives.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Scan.
  • ESET Online Scanner will automatically update and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats.
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
How is the computer doing?

Regards,
Alex

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 PM

Posted 28 April 2015 - 05:14 PM

Both Gen and Artemis are typically generic detections for possible new malware. Without knowing the specific file name associated with the possible malware threat and where it was located (full file path) on the system, it's difficult to determine exactly what it was or what the scanning engine detected.

SuperAntispyware only has this information on Trojan.Agent/Gen-Artemis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 29 April 2015 - 04:47 PM

Thanks for the quick responses, I will be out of sorts for a few days I have a med issue and going for an operation tomorrow.  I will be around while I get myself together, don't feel like fooling with the little LT.  Thought I would add a little to the pie!  I had used the LT the day before was just fine, it is my doctors office toy makes long waits tolerable.  I did not do any mail that day even though I probably spent 3-4 hours on it.  Has me wondering if it was resident for awhile or just how the heck it climbed on board.  I will be using it over the next few days as it seems just fine, will let all know how it does.

 

Phil

 

P.S. will be poking in here from time to time.


Edited by OldPhil, 29 April 2015 - 04:48 PM.

Honesty & Integrity Above All!


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 PM

Posted 29 April 2015 - 04:57 PM

The file could have been on your computer for a while without detection.

After a security vendor updates its product version or releases an update to definition databases, it is not uncommon for subsequent scans to detect files or traces of remnants and registry entries which had previously gone undetected (not reported) by prior scans. In some cases the file or registry entry may have been on the computer for years. If the computer had previously been infected, this can even occur long after the initial infection was removed. In that same manner, it is not unusual for a previously detected threat to no longer be detected during subsequent scans after a database update. This can be attributed to further testing after users have submitted a sample file which is then determined to be false positive and removed from the detection list.

Again, without knowing the specific file name associated with the possible malware threat and where it was located (full file path) on the system, it's difficult to determine exactly what it was or what the scanning engine detected.

Good luck with your operation and a speedy recovery.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 29 April 2015 - 07:03 PM

I may have picked it up from a site or one of the many public nets, I have never used it for email.  I thought it was odd that it was perfect the day before, then pooped when I started it in another Doc's office.  It for now seems to be back to normal, I am sure I will have some wait time tomorrow I will see how it goes.  Again thanks!!!

 

Phil


Honesty & Integrity Above All!


#8 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 08 May 2015 - 12:21 PM

Sorry I have not responded, to many consultations and other med stuff will try to get it done after my surgery on the 14th.  Note it has been fine since and used quite a bit.  But  a chance it is till hiding some place.

 

Phil


Honesty & Integrity Above All!


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 PM

Posted 08 May 2015 - 01:00 PM

No problem Phil. Real life and especially health issues should always come first so concentrate on that....we will be here after you recover from surgery.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 30 May 2015 - 02:11 PM

Sorry I have been so long getting back to this.

 

Security Check

 

Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Secunia PSI (3.0.0.9016)   
 CCleaner     
 Adobe Flash Player     17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Honesty & Integrity Above All!


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 PM

Posted 30 May 2015 - 04:38 PM

No problem...we understand why.

Did you follow the rest of the instructions provided by Alexstrasza? If not, please do and post the logs for Alex to review.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 30 May 2015 - 05:09 PM

Emsisoft just finished, took about an hour!

 

Emsisoft Emergency Kit - Version 9.0
Last update: 5/30/2015 3:28:58 PM
User account: MOPA\MOP

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    5/30/2015 3:30:23 PM
C:\Windows.old\$Recycle.Bin\S-1-5-21-2062637124-714500427-3672310120-1000\$REIGT2M.exe -> (NSIS o) -> lzma_solid_nsis0000     detected: Application.Bundler.DC (B)
C:\Windows.old\Program Files\SearchProtect\Main\bin\uninstall.exe -> (NSIS o) -> lzma_solid_nsis0004 -> (NSIS o) -> zlib_nsis0000     detected: Application.SearchProtect.BS (B)
C:\Windows.old\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe     detected: Application.Generic.1016503 (B)
C:\Windows.old\Users\MOP\AppData\Local\Temp\nsi80A8.exe -> (NSIS o) -> zlib_nsis0000     detected: Application.SearchProtect.BS (B)
C:\Windows.old\Users\MOP\AppData\Local\Temp\nsyDF2D.exe -> (NSIS o) -> zlib_nsis0000     detected: Application.SearchProtect.BS (B)
C:\Windows.old\Users\MOP\AppData\Local\Temp\SearchProtectINT.exe     detected: Application.Win32.InstallTool (A)

Scanned    237736
Found    6

Scan end:    5/30/2015 6:01:25 PM
Scan time:    2:31:02

 

Seems as if all is clear, but this little bugger takes a long time for the HD light to go out.  Task manager shows high cpu but once done it stays normal.


Honesty & Integrity Above All!


#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:56 AM

Posted 30 May 2015 - 05:12 PM

That's typical, since Emsisoft will invest resources into the scan to finish it as fast as it can.

#14 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 30 May 2015 - 05:13 PM

It did finish a fair bit faster before, need to do a little more detective work!  There has been nothing added except windows updates, an chance one of those is the culprit?


Honesty & Integrity Above All!


#15 OldPhil

OldPhil

    Doppleganger

  • Topic Starter

  • Members
  • 4,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:10:56 PM

Posted 30 May 2015 - 05:16 PM

The high CPU usage is what I am looking for the reason, I did not even bother during the scans they always eat up a lot.

 

Will look for more ideas in awhile I am being dragged out kicking for dinner.

 

Phil


Edited by OldPhil, 30 May 2015 - 05:17 PM.

Honesty & Integrity Above All!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users