Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive packet loss, ISP says nothing wrong their end, do I have a virus??


  • Please log in to reply
4 replies to this topic

#1 sniperNZSAS

sniperNZSAS

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:06:11 PM

Posted 01 February 2017 - 11:27 PM

Hi guys,

As the title says, I am on a 100mb fiber connection and I get massive packet loss across multiple online games. I've been back and forth with my ISP for 6 weeks and they have come back with all their tests and find absolutely nothing wrong.

I have swapped the router out, problem still exists. So, the only thing left is our computers? We have 3 separate pc's, they all have the same problem, so if there is a virus, it's on all of our computers. But they run normally...... How do I check if I have virus that may be interfering with my internet?

 

Thanks,

Chris



BC AdBot (Login to Remove)

 


#2 Blindbatkid

Blindbatkid

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 February 2017 - 02:53 AM

Full Virus Scan AVZ

 

Disable your antivirus / antispyware programs prior to this scan!!
Download AVZ Create a new folder on your desktop and unzip it inside of the new folder.
Right click on AVZ Run as Admin.
Update the program by pressing the rrYeoht.png button.
Make sure all settings are the same in the pic below.

j0QfHnG.png

Next:
Under File Types Make sure the settings are the same as below.

9EC93k9.png

Next:
Under Search Parameters Make sure the settings are the same as below.

3SIF8I1.png

Now click the Start Button.

OLGG3jW.png

When the scan is complete then click on Save Log.

wnWcsaI.png

Save the log to the desktop -- Copy it and paste it here in your next reply.

 

 

Zemana Scan

 

Also, run a scan with Zemana Antimalware

  • Install the program and once the installation is complete it will start automatically.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.


  • Open Zemana AntiMalware again.
  • Click on  icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to Copy Paste saved report in your next message.
  • This will open a logfile, post that in your next reply

Edited by Blindbatkid, 07 February 2017 - 03:37 AM.


#3 sniperNZSAS

sniperNZSAS
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:06:11 PM

Posted 07 February 2017 - 04:26 AM

Thanks,

AVZ:
 

 

AVZ Antiviral Toolkit log; AVZ version is 4.46

Scanning started at 07.02.2017 22:12:21
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 07.02.2017 04:00
Heuristic microprograms loaded: 409
PVS microprograms loaded: 10
Digital signatures of system files loaded: 854606
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional", install date 07.10.2014 22:04:50 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 28
Extended process analysis: 3224 E:\Programs\Origin\QtWebEngineProcess.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 2492 E:\Programs\Origin\QtWebEngineProcess.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
 Number of modules loaded: 286
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIPUSER.HTM
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\MULTIUSERSSO.HTM
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSER.HTM
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERFED.HTM
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSERS.HTM
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
Direct reading: C:\ProgramData\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WAITPAGE.HTM
Direct reading: C:\Users\Spike2\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
C:\Users\Spike2\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\protobuf_lite.dll >>> suspicion for Trojan.Win32.Agent.fezl ( 08EC1C4F 02A95AD1 003DF1D0 002EC67F 178688)
File quarantined succesfully (C:\Users\Spike2\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\protobuf_lite.dll)
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 In the database 317 port descriptions
 Opened at this PC: 42 TCP ports and 37 UDP ports
 >>> Attention: Port 65000 TCP - Devil v1.03, Stacheldracht (nvcontainer.exe)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ and Help for more details)
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
 >>>  HDD autorun is allowed - fixed
 >>  Network drives autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
 >>>  Network drives autorun is allowed - fixed
 >>  Removable media autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
 >>>  Removable media autorun is allowed - fixed
Checking - complete
Files scanned: 108355, extracted from archives: 67229, malicious software found 0, suspicions - 1
Scanning finished at 07.02.2017 22:17:53
Time of scanning: 00:05:33
If you have a suspicion on presence of viruses or questions on the suspected objects,
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
 

Zemana:

 

 

Zemana AntiMalware 2.72.2.101 (Installed)

 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/2/7
Operating System       : Windows 7 64-bit
Processor              : 8X AMD FX™-8350 Eight-Core Processor
BIOS Mode              : Legacy
CUID                   : 12B58717548DE7E92320DC
Scan Type              : System Scan
Duration               : 2m 24s
Scanned Objects        : 81494
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Generic Root Trust CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob = 5C000000010000000400000000100000190000000100000010000000C3C6FF7213FE624BAE4831301BA17D090F0000000100000014000000AC596AC410AD9E88C97A631F2030F3D90D3C1A65030000000100000014000000CE1A3553BA6155DA5160097B4B1EA1FF4CBA71950B000000010000002C000000470065006E006500720069006300200052006F006F0074002000540072007500730074002000430041000000140000000100000014000000CE5FBC70E3290C4537046BC28AEAB9783D4E602D04000000010000001000000010FD129C4DE26F6B67B096D644CBEBC720000000010000005F0500003082055B30820347A00302010202100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05003020311E301C0603550403131547656E6572696320526F6F74205472757374204341301E170D3034303632373231303030305A170D3339313233313233353935395A3020311E301C0603550403131547656E6572696320526F6F7420547275737420434130820222300D06092A864886F70D01010105000382020F003082020A0282020100E3F7A3A92E8A1E450184F610ED122E2E95F8EEBEF310D633B33FB5B74BFB539EFB02511F2891D0CCCDE451EB360F00F93BD1C48C552899EA1B5FB973A6020F9B01871C0582810180EADD97FAC039B9F10265CA11BEC2BA9FEF5ED5530D0FF52FEF0E3EFA2A57CD716C588B379D5D836B7739A555F7FD035B04603CFA8767E2A4EDEF7BD8476C7E2D7F8856BD85B64B06489F0471EB45495FCC31E8197156009743BE16AE92FE2BF05B655856AF13B6EA148D4AAAECCD264CE8384FCFA0F814FB079395A129514DA2840EB2D6EEA591CE52DA683B484876437D54166FE8BCB77197589E328227D74F2766D137E1FEB53E6C7BA0DD6967C8B1B1D2486FFFC5346227335F938D023A9D3526BD7F956347D615685806E1B9331BD471C66A5BA65E0BE19DE81A32BA1E462B3E54B903D33EF4FC6B1FA54412201E485A3FBFD2E150043100860471C17CE2E769627C15A99910945502FEC75CC8C96C0744D86EF3237F49182760F5AB921EEEDC9925E13C9FDA8F2AE1F22359975D4FB96CE2FE1CC7E846180F504039A681573487E9FEF3CF0CA8E75B07D54C4B8D02B3E24B2CF4F66EA5F93D89D06D63634619D5F22862A42923F1A1A7FFB24C3652B432634994B2F711F25C855D79614A63ED4376AD7974C6DA2A7859DCAE775C6F3D691B90276A3A68A4C7D05E01F7FA3EA3BCF5903C744B4A62742042EAA3FBA041CDC1560CDAA90203010001A38198308195300F0603551D130101FF040530030101FF302F0603551D1F042830263024A022A020861E687474703A2F2F63726C2E67727369676E2E636F6D2F726F6F742E63726C30510603551D01044A3048801081CCA285444BBDF62F30A7426F3C0525A1223020311E301C0603550403131547656E6572696320526F6F7420547275737420434182100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05000382020100DDFF3647576E7AE7A101FB531683247AF3276623F6CFABA169B78039019FAD7D1297E568E8D8FD115F431F8FFAB1DED33BC78159F3277CDBC1E21B7C54300F21D26B1CF7C6DFF5EE507FDBFCC0D71B67462EFC664ABEC83F11D1C04D064129B4FB794893B46E87E8068774575DED1C66B90C5DBF59FD188495116301FC109F2314BB0AB2D2201339D9D0D2BFC11F4CA78340F3D221788E887DC62D38554BDC8C5CD928A7EE33F63559DF868192C667215B4D7B917E383D365CAFF123987F05E0B340B5083C87F037725D525136C5CCDA2ACDC2D229AD6794A764A1BEF40FBAB55E3A0D432124C449EF956AFB0E75C388C629189D0D065956A81179BBB96D9E29B1C994FA8EB1AD2BB87467BCEF4749FED2197F4A3D8AE58B6765041B7D7FEC600E62E05707998D480CB81C2F2125D0C41504FC0449BBF7FC97E028E37357EC9FEB96D35721428633527FFEF4D1E34BCA9DEB16B1AD1D682DC199B654DAF18BF6F1699C47AD9A2C8109F5A3053745CC196D3474D94AC9BC78E7C0D6B198A890B506E74D9F3989D1A6C5DEFF18B4AF9680AD945F7EA46C116A57E6A117FF6D1014EDD19A8C55260B40EA310FEEEED5BFB42BAF8CAABD20CBB6263289DAB5E1BB3023417BF97ED5D14C91106D2473BC71DE95BFCDEB18093FD8B78FAEA0F8BFA8FA2348CCC289CB5CC76A37701842661A40E9EE0DDED2A3ABBA0F29E761D9E7F8DC
 
GlobalSign CodeSigning CA - G2
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob = 190000000100000010000000C84538EE0D3FBA9AFB3B1CAE2067EA9E0F00000001000000140000009EF9494BA4967B969E1061163DD655AAC1F8EFF60300000001000000140000002EE8D6982CEDAA5666E9B5F55535A36E3A3932A2140000000100000014000000937F80F06D9A1B5779B9BA11A27914D06E52C3922000000001000000C0040000308204BC308203A4A00302010202121121356405609AB95F8DDB13164B82F96DE5300D06092A864886F70D01010505003051310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D7361312730250603550403131E476C6F62616C5369676E20436F64655369676E696E67204341202D204732301E170D3132303532393137353230325A170D3135303533303137353230325A308188310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65206369747931163014060355040A130D4469736320536F6674204C7464311630140603550403130D4469736320536F6674204C74643122302006092A864886F70D010901161366696E707240646973632D736F66742E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100BE8F3BCF9AE445DBC426AEA6FAAFA55A2BC9970F33D6B07C0DC723F7AA5723B6089A2913FDC3C0E86A9E9683DB416ECAF4A108D110BA5B6F462DEF825E810AFA540DFA11D524B99297C37F36429A891A0B612A4E7A2742673AF6F76F72C9C1467A3861254C27CD45A65D413743E57FDE2D2D43A23FA3DDA9F1FD4B1CC6F1E069CDBDFCAC1FFC71D7DF74F87E3CC9BAB7473916302F439546634B47DAFF625FD92BFC6A435ED4B7C063C19F8066357BDD1A919FDE5DF5D04B54D1FC3973A4ACB2891076388B2A3D8D2CD452577CE860A1EFD6E5D5A906CCB0D65AB9AF9EF9A3F5B9A43A315DF56D55CA534190B250787351CA6F045200175D0DF3F82F9F6CD0DD0203010001A382015430820150300E0603551D0F0101FF040403020780304C0603551D2004453043304106092B06010401A03201323034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F30090603551D130402300030130603551D25040C300A06082B06010505070303303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F67732F6773636F64657369676E67322E63726C305006082B0601050507010104443042304006082B060105050730028634687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F6773636F64657369676E67322E637274301D0603551D0E04160414937F80F06D9A1B5779B9BA11A27914D06E52C392301F0603551D23041830168014086ED8B69C8ABFED3ED7C3745DCC801FA82F507A300D06092A864886F70D0101050500038201010039D923CA8BACB7A13AEB2C1114A92E27353871F58AC1DD9D0B7E930F795C7D86CB2BE9FD0F30FD0449D3029A0E6B1350432D29B012CA85A627C8A92F239D380084BCFA456629BDC20243553F4E3AD43EB714F580793C6B955319FC0CE47326F9E6B0EA1610EFDCA100895F23D2527779A6A13B22BD54A7B4A0C57A655768ACE3ACD87B91EAC4B42B1057BA017865B7E027B919175607DF73CFD1AEF66E296181A5B28B54A329910C80619D0329D3B46E98D62574E37E10135DC4A26F3F7FE256F09F93839B6692E04233B7626CDA00773A214C474F645AFF7DBAB6343A4CBE9FACDE015D89B19945698475315D04F6A17BF0D2F5A41916E629DC91C87F7E3692
 
{6c82cb40-edde-48ff-8286-c95cb0e4be55}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{6c82cb40-edde-48ff-8286-c95cb0e4be55}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 


#4 Blindbatkid

Blindbatkid

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 February 2017 - 04:42 AM

9-Lab Removal Tool Malware Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a Full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#5 Blindbatkid

Blindbatkid

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 February 2017 - 05:13 AM

After the 9-Lab scan run these tools in order listed.

 

Junkware Removal Tool.

Adware Removal Tool.

Zhp Cleaner.

Adware Cleaner.

 

Post the logs generated, then tell us what issues remain.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users