Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Unsure If the File I Ran was a Virus


  • Please log in to reply
9 replies to this topic

#1 EnigmaUser

EnigmaUser

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 22 July 2016 - 03:50 PM

Hi, 2 days ago I ran an unknown .exe file (I know stupid, but I wasn't in a good mindset at the time), and I'm paranoid that it was a virus.  I've scanned my laptop with 3 antivirus programs in safemode (malware bytes, bitdefender, and windows defender), but have been unable to find anything (I scanned for rootkits too).  I also checked my router's DNS, and nothing seemed out of the ordinary.  I've spent at least 6 hours going through files looking for anything suspicious, but have been unable to find anything.  The only difference I noticed was my startup may be a bit slower, but that could be just my imagination.  I would be VERY grateful if someone could check the file from the website I got it below on a virtual computer.

 

http://tradownload.com/results/modaco-superboot.html

 

It's the first .rar file.  I will be seriously gratified if anyone could tell tell me if the files are malware/viruses, it's been eating at me non-stop.  I know that was an incredibly stupid thing for me to do, but I was desperate to unlock my phones bootloader, as an important file had recently been deleted, and the only way to get it back was to root my phone (which I couldn't due to a locked bootloader)  Anyways, I've given up on that now.  Please, I'd be extremely gratified for anyone's help in this.



BC AdBot (Login to Remove)

 


#2 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:01:32 AM

Posted 22 July 2016 - 03:57 PM

That file is for rooting an android phone

 

you should ALWAYS unlock the boot loader FIRST before you try to root it, otherwise you could brick your phone (seen it happen many times).

 

and you shouldn't run your AV/AM software in safemode because safemode only starts services windows needs, you need to scan in regular mode (Disconnect from interwebz)

 

 

Boot in Regular mode and Run Rkill then you can scan normally.

 

Also that website looks odd to me, it looks.. unprofessional if that makes sense, suspicious rather.

 

 

haven't dug into the exe yet, but im pretty sure you're fine, unless you notice your system gradually slowing down and not acting the way it's supposed too


Edited by Viper_Security, 22 July 2016 - 04:08 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#3 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:32 AM

Posted 22 July 2016 - 04:15 PM

You could always run a Windows .exe through a few sites that will check it against a dozen or so search engines. They dont check .apks though.

Couldnt download it, looks like it requires a login/password. Dosnt look like a site I would download anything from.

 

https://virusscan.jotti.org/

https://www.virustotal.com/

https://www.metadefender.com/

 


How Can I Reduce My Risk to Malware?


#4 EnigmaUser

EnigmaUser
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 22 July 2016 - 04:19 PM

There is one thing suspicious I noticed: my desktop got logged into temporary user mode.  I fixed this problem.  Also windows security center service was unlocked, but I activated it again.  I also scanned the desktop, and no viruses were on it.  I also scanned out of safe mode as well, but I will try again with the advice you guys gave to me above.  Yeah, I know its a sketchy site, and I would hit my past self really hard if I could.  I can't check the file anymore, because I deleted it.  It installed a file compressor program called 7-zip on my laptop and desktop, which I uninstalled too.

Edit: RKill says no malware to stop, but I'm scanning with bitdefender again,


Edited by EnigmaUser, 22 July 2016 - 04:24 PM.


#5 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:01:32 AM

Posted 22 July 2016 - 04:23 PM

You could always run a Windows .exe through a few sites that will check it against a dozen or so search engines. They dont check .apks though.

Couldnt download it, looks like it requires a login/password. Dosnt look like a site I would download anything from.

 

https://virusscan.jotti.org/

https://www.virustotal.com/

https://www.metadefender.com/

 

don't Forget about

 

http://www.shouldiremoveit.com/


There is one thing suspicious I noticed: my desktop got logged into temporary user mode.  I fixed this problem.  Also windows security center service was unlocked, but I activated it again.  I also scanned the desktop, and no viruses were not it.  I also scanned out of safe mode as well, but I will try again with the advice you guys gave to me above.  Yeah, I know its a sketchy site, and I would hit my past self really hard if I could.  I can't check the file anymore, because I deleted it.  It installed a file compressor program called 7-zip on my laptop and desktop, which I uninstalled too.

I myself use 7Zip, GREAT program.


Edited by Viper_Security, 22 July 2016 - 04:22 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#6 EnigmaUser

EnigmaUser
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 22 July 2016 - 04:25 PM

 

You could always run a Windows .exe through a few sites that will check it against a dozen or so search engines. They dont check .apks though.

Couldnt download it, looks like it requires a login/password. Dosnt look like a site I would download anything from.

 

https://virusscan.jotti.org/

https://www.virustotal.com/

https://www.metadefender.com/

 

don't Forget about

 

http://www.shouldiremoveit.com/


There is one thing suspicious I noticed: my desktop got logged into temporary user mode.  I fixed this problem.  Also windows security center service was unlocked, but I activated it again.  I also scanned the desktop, and no viruses were not it.  I also scanned out of safe mode as well, but I will try again with the advice you guys gave to me above.  Yeah, I know its a sketchy site, and I would hit my past self really hard if I could.  I can't check the file anymore, because I deleted it.  It installed a file compressor program called 7-zip on my laptop and desktop, which I uninstalled too.

I myself use 7Zip, GREAT program.

 

So, I should be in the clear then?  Is the temporary user mode anything to be worried about?


Edited by EnigmaUser, 22 July 2016 - 04:27 PM.


#7 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:01:32 AM

Posted 22 July 2016 - 04:36 PM

So, I should be in the clear then?  Is the temporary user mode anything to be worried about?

 

 

 

This problem usually occurs if the user profile of the account was accidentally corrupted or deleted from the system.

 

 

try opening a command prompt windows as admin and type in sfc /scannow

 

 

SFC is System File Checker, it will scan and attempt repairs of your filesystem which should include the temporary user deal. 


    IT Auditor & Security Professional

hQBT2G3.png


#8 EnigmaUser

EnigmaUser
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 22 July 2016 - 04:40 PM

Okay, thanks bro.  Your help means a lot to me, I've been seriously paranoid these past few days.  I'll run the above command on my desktop, and I'll try 7-zip again. :)

On an unrelated note,  would you happen to know a non-sketchy was to unlock my phones bootloader?  My phone is a samsung galaxy core lte, model sm-g386w.



#9 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:01:32 AM

Posted 22 July 2016 - 04:44 PM

Okay, thanks bro.  Your help means a lot to me, I've been seriously paranoid these past few days.  I'll run the above command on my desktop, and I'll try 7-zip again. :)

On an unrelated note,  would you happen to know a non-sketchy was to unlock my phones bootloader?  My phone is a samsung galaxy core lte, model sm-g386w.

No Worries but i can't take all the credit, Shelf Life helped as well :)

 

and i do not have a phone so the last one i rooted was2 years ago (With Klingo), but for android the best site i found is.

 

http://forum.xda-developers.com/galaxy-core/help/how-to-root-galaxy-core-lte-g386w-t2925853


    IT Auditor & Security Professional

hQBT2G3.png


#10 EnigmaUser

EnigmaUser
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 22 July 2016 - 04:52 PM

Okay, I'll try this.

http://forum.xda-developers.com/showpost.php?p=54768458&postcount=1

Thanks, to Shelf life too.

Update: The root worked, and I now was able to retrieve the file!  Thanks for all your help guys! (Though it did trip my knox counter, but oh well the phone is almost a year and a half old anyways, and I didn't have warranty on it to begin with):P


Edited by EnigmaUser, 22 July 2016 - 11:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users