Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i think i might have a nasty virus


  • Please log in to reply
17 replies to this topic

#1 wttwoa

wttwoa

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 12:19 AM

a few days ago someone started to try and login to my gmail account, and today they managed to get my password somehow. i found a sticky on reddit that ended up leading here to use rkiller in their guide. i did all that 2 days ago and they still managed to get my password, so i just done a fresh install and decided to use the guide again, and rtkiller found 3 things with the incorrect imagepath. is this a sign of having a bad virus or malware? here is what it says has the wrong imagepath:

 

 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
this is on a fresh reinstall of windows, not sure if that matters. im currently i nthe process of installing all the updates. i just ran malwarebytes again and it didnt find anything.
 
 
any help would be appreciated

Edited by wttwoa, 23 January 2016 - 12:58 AM.


BC AdBot (Login to Remove)

 


#2 wttwoa

wttwoa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 01:28 AM

ive also just scanned with adwcleaner,junkware remover, tdsskiller, and hitmanpro and they all came up with nothing except hitman pro pulled up a ask toolbar that i forgot to untick during installation, so should i be good to go?


Edited by wttwoa, 23 January 2016 - 01:44 AM.


#3 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:44 AM

Posted 23 January 2016 - 01:53 AM

Hello,

 

Which version of Windows do you have?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#4 wttwoa

wttwoa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 02:00 AM

Hello,

 

Which version of Windows do you have?

windows 10 64 bit, specifically os build 10586.63, and its a amd cpu if that matters



#5 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:05:14 PM

Posted 23 January 2016 - 02:43 AM

Try running Tweaking.coms all in one repair tool, download is here. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create a system restore point. Then go to the repair tab...


Notice create a registry backup is ticked by default, so no need to do so in step 5...mAcI3sC.png



Now run the program, with the boxes ticked in the picture below.

 

KWdvRSp.png


they call me te java mayster


#6 wttwoa

wttwoa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 03:25 AM

okay, i ran all that and now what?


Edited by wttwoa, 23 January 2016 - 03:27 AM.


#7 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:05:14 PM

Posted 23 January 2016 - 03:34 AM

Run an RKill scan again and see if the same results occur


they call me te java mayster


#8 wttwoa

wttwoa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 03:36 AM

Run an RKill scan again and see if the same results occur

the same results come up, here is the entire log file:

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/23/2016 02:25:36 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * fcvsc [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 01/23/2016 02:27:04 AM
Execution time: 0 hours(s), 1 minute(s), and 27 seconds(s)


#9 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:05:14 PM

Posted 23 January 2016 - 03:56 AM

Tweaking.com should of fixed it, I honestly have no clue, if you having no problems with the computer I think your fine and since your on a clean install of windows, you should be good to go 


they call me te java mayster


#10 wttwoa

wttwoa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 04:06 AM

Tweaking.com should of fixed it, I honestly have no clue, if you having no problems with the computer I think your fine and since your on a clean install of windows, you should be good to go 

ok, theres another post here about someone having the same problem and a few agree its a false positive. and i was digging around and someone else suggested checking my event viewer, and its full of errors and warnings that i believe either happened as i was doing the tweaking tool, or the boot right after.npSEoIO.png

 

assuming nothing is majorly wrong, as long as i dont get a email from google saying someone has my password i should be good to go right? ive also upgraded from windows defender to avast, and installed zemana anti keylogger, will this help any? and should i do any other "just to be sure" scans with any other programs?


Edited by wttwoa, 23 January 2016 - 04:07 AM.


#11 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:05:14 PM

Posted 23 January 2016 - 04:25 AM

Event viewer is full of errors and warnings that windows usually handles, nothing majorly to worry about. If your worried we can do some more scans to give you a peace of mind. Try this...

 

1. I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Download the file listed and run it.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

2. MBAM scan

  • Please download Malwarebytes Anti-malware from here
  • Launch Malwarebytes' Anti-Malware (MBAM) 
  • Choose to try the 7 day free trial
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

3. Remove adware with adwcleaner

Please download Adwcleaner by Xplode here

 

Now run the file, and you should have a screen with something like this

adwcleaner-start.jpg

 

Please click Scan  and then when finished Post the scan log (it will pop up after scan)

 

NOTE Please do not clean the items yet

 

4. Avast Antivirus scan

 

Please run a full scan with Avast and post the log here. To find the log open the Scan tab and choose Scan for viruses. Then click Scan history in the bottom right of the window.

avast2015.history01.jpg

 

Find the scan you just completed in Result column, click it once and then click the Detailed report button. Reports are not available for the scans that completed without detections.
avast2015.history02.jpg

 

This will open the log in Avast Scan Results window where you can see detected items, performed actions and results. You cannot perform any actions here.
 

Click Close after you're done.
avast2015.history03.jpg

 

NOTE: If Avast found nothing it will not display the detailed version of the log, don't worry about it if it's clean, I'll live

 

 

After this can you use your computer, then tell me if you have any remaining problems?

Edited by PuReinSAniTY , 23 January 2016 - 04:28 AM.

they call me te java mayster


#12 wttwoa

wttwoa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 05:41 AM

eset found nothing and didnt give me a option to export any form of a log, . here is the log of the scan for malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/23/2016
Scan Time: 4:23 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.23.02
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: justin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321128
Time Elapsed: 12 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
adwCleaner log:
 
# AdwCleaner v5.030 - Logfile created 23/01/2016 at 04:40:08
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : justin - DESKTOP-5NGOAL6
# Running from : C:\Users\justin\Downloads\adwcleaner_5.030.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [578 bytes] ##########
 
 
just 2 more questions and ill quit pestering you and i should have peace of mind on my pc being secure
 
1. on my partitions, when i went to reformat there ended up being 945MB of unallocated space that i couldnt add to my primary partition, and i was wondering if this is common? here is what the parititons look like:
UvhlOeH.png
 
2. assuming the avast scan comes out with nothing found which i think it will, i should be good to go on protecting my passwords shouldnt i? i think between all the scans ive done and what you suggested, i should be 100% clean unless i have one of those bios infections but i dont think i have one of those since my system is running if anything faster with the fresh install and some post suggests they are very specific to a bios and pretty rare to encounter.
 
edit: avast showed up nothing at all

Edited by wttwoa, 23 January 2016 - 06:06 AM.


#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:44 AM

Posted 23 January 2016 - 09:42 AM

You are NOT infected, rKill sometimes makes those "detections" in Windows 10. You are fine!!!!


Edited by severac, 23 January 2016 - 09:44 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 wttwoa

wttwoa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 23 January 2016 - 11:47 AM

You are NOT infected, rKill sometimes makes those "detections" in Windows 10. You are fine!!!!

sweet thanks, i havent had a email or text saying someone has tried to get into my account yet or my account for any other website so hopefullly im good to go


Edited by wttwoa, 23 January 2016 - 11:51 AM.


#15 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:05:14 PM

Posted 23 January 2016 - 05:59 PM

Don't worry, by the state of your scans you look all clean!  :bananas:


they call me te java mayster





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users