Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do i have a virus? Or is this normal???


  • Please log in to reply
6 replies to this topic

#1 Radify25

Radify25

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 16 February 2016 - 09:22 PM

i opened up cmd and typed in "attrib" and got this:

 

A  SH   I    C:\Users\Rad\ntuser.dat
A  SH        C:\Users\Rad\ntuser.dat.LOG1
A  SH        C:\Users\Rad\ntuser.dat.LOG2
A  SH        C:\Users\Rad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
A  SH        C:\Users\Rad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
A  SH        C:\Users\Rad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

   SH        C:\Users\Rad\ntuser.ini 

 

i was wondering if any of these files or whatever are viruses and if there is a way to remove them.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 16 February 2016 - 09:27 PM

Hi Radify25 :)

These files are legitimate and part of Windows. In fact, they are used to store information about your HKCU and HKU hives in the Registry, so I wouldn't delete them since you can end up messing up your userprofile that way.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Radify25

Radify25
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 16 February 2016 - 09:32 PM

Hi Radify25 :)

These files are legitimate and part of Windows. In fact, they are used to store information about your HKCU and HKU hives in the Registry, so I wouldn't delete them since you can end up messing up your userprofile that way.

One more question and i have never had this issue before but why does google give me  "Unusual traffic from your computer network" and why wont google safe search turn off? I've tried multiple times to turn it off but it keeps bypassing my request and stays turned on.

Any idea how i can see if i have a virus or not in my computer through cmd or another program?



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 16 February 2016 - 09:39 PM

In order to spot a malware via the command line, you need to have decent knowledge in malware removal and computer security. So I don't think that in your case, it's the best way to go about it. What makes you think that you are infected?

Also, what program is sending you the message about unusual traffic from your computer network? And which web browser are you using?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Radify25

Radify25
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 16 February 2016 - 10:06 PM

In order to spot a malware via the command line, you need to have decent knowledge in malware removal and computer security. So I don't think that in your case, it's the best way to go about it. What makes you think that you are infected?

Also, what program is sending you the message about unusual traffic from your computer network? And which web browser are you using?

im using google chrome and when i search something on google it takes me to this ip4v.google web page telling me to enter a captcha. and thats never happened to me before. And the reason why i think i have an adware/virus is because i cannot turn off google safe search and because my Sophos says i have an adware too and so does anti-malware



#6 InsufficientFunds

InsufficientFunds

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Location, Location.
  • Local time:05:16 PM

Posted 16 February 2016 - 11:32 PM

 

In order to spot a malware via the command line, you need to have decent knowledge in malware removal and computer security. So I don't think that in your case, it's the best way to go about it. What makes you think that you are infected?

Also, what program is sending you the message about unusual traffic from your computer network? And which web browser are you using?

im using google chrome and when i search something on google it takes me to this ip4v.google web page telling me to enter a captcha. and thats never happened to me before. And the reason why i think i have an adware/virus is because i cannot turn off google safe search and because my Sophos says i have an adware too and so does anti-malware

 

 

This sounds like your computer is using a proxy to filter your web browser (or system) HTTP traffic, depending on your web browser, you must access Preferences and or Internet Options and find Network, then Proxy configuration, or proxy. Remove all the numbers and ports, and change it to automatically detect settings.

 

drkduwS.png

 

After reading Aura's posts, he/she seems overqualified to do this job, and probably going to help you get along. Good luck.


HP Pavilion dv6t-7k Custom Windows 7 Professional x64 iPhone 6, iOS 9.2 (awaiting jailbreak) 

 

Cyber Security Instructor in Linux, Cisco Networking Academy and  Windows (XP thru 10, Servers)

 

I try to make my tomorrow better than yesterday.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 17 February 2016 - 06:19 AM

Are you able to post your SOPHOS and Antimalware scan/protection logs, so I can see exactly what is being detected? Also, follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users