Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Preventing Specific File from Being Created in Specific Folder


  • Please log in to reply
1 reply to this topic

#1 mrsaturn89

mrsaturn89

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 19 November 2015 - 08:00 PM

Hello all!

 

So I work tech support at my company and recently had one of our secretaries run into a virus. It was an email containing a fake resume in .doc format that once opened, attempted to direct the computer to download a trojan. AVG detected it right off the bat and quarantined it. I then ran a full system scan with AVG, Malwarebytes, and Spybot and everything came back clean.  I had assumed AVG along with Word being macro-disabled by default kept anything from actually happening.

 

However, at the time of the download she was running our company bookkeeping software (eClub for those interested) and it crashed once she tried to use it again. I check it out and see that the .exe to run eClub had been removed from the eClub folder (let's call it eclub.exe). Weird! So I go ahead and completely uninstall the program and reinstall, only to find eclub.exe was not reinstalled with it. I copy eclub.exe from another computer and try to paste it into the folder, and I'm told I don't have permission to do so. Then things get weird:

 

1. I uninstalled eClub completely again, removed the eClub folder and every possible saved setting for it.

2. I created a blank eClub folder (ex. C:\Program Files\eClub)

3. I can put anything I want into this folder, including .exes, EXCEPT for eclub.exe, getting the insufficient permission error.

4. I can put eclub.exe in subfolders of C:\Program Files\eClub without a problem

 

I checked all my permission levels and have full access to everything. I even manually added permissions to the eClub folder and eclub.exe. I ended up just installing the program under another folder name (C:\Program Files\eClub2) and it worked perfectly fine.

 

I'll probably end up just wiping the computer and starting over, but it got me wondering, what settings has this virus altered to affect a specific file being placed in a specific folder like this? I've never come across this and it baffles me. Any input would be greatly appreciated.

 

Thanks!


Edited by hamluis, 19 November 2015 - 08:20 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:02 PM

Posted 20 November 2015 - 08:51 AM

Please post the Malwarebytes Antimalware log in your topic.
 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.

 
================
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
================
 
Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  •  
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note:  This option is only available if malicious objects were detected during the scan.  If this is the case select Delete selected.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

=================

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 20 November 2015 - 08:53 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users