Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitdefender shows as being active but windows warns me that it is off


  • Please log in to reply
5 replies to this topic

#1 GeekinPink

GeekinPink

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 AM

Posted 07 February 2017 - 03:19 AM

Hi there

 

My bitdefender total security 2017 is showing that I am protected....however, windows keeps alerting me that I am not protected by a virus program and when I click on the sidebar to correct the issue I get a pop up that asks me if I trust wscfix.exe to make changes to my computer.  

 

I dont want to click on yes because when I look at the certificate and view details it lists a website that directs to symantec.

 

I tried repairing bitdefender to correct the issue but I am still being warned about no virus protection.

 

 

Thank you

 

Lynn



BC AdBot (Login to Remove)

 


#2 Blindbatkid

Blindbatkid

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 07 February 2017 - 04:48 AM

Full Virus Scan AVZ

 

Disable your antivirus / antispyware programs prior to this scan!!
Download AVZ Create a new folder on your desktop and unzip it inside of the new folder.
Right click on AVZ Run as Admin.
Update the program by pressing the rrYeoht.png button.
Make sure all settings are the same in the pic below.

j0QfHnG.png

Next:
Under File Types Make sure the settings are the same as below.

9EC93k9.png

Next:
Under Search Parameters Make sure the settings are the same as below.

3SIF8I1.png

Now click the Start Button.

OLGG3jW.png

When the scan is complete then click on Save Log.

wnWcsaI.png

Save the log to the desktop -- Copy it and paste it here in your next reply.

 

 

Zemana Scan

 

Also, run a scan with Zemana Antimalware

  • Install the program and once the installation is complete it will start automatically.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.


  • Open Zemana AntiMalware again.
  • Click on  icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to Copy Paste saved report in your next message.
  • This will open a logfile, post that in your next reply

9-Lab Removal Tool Malware Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a Full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

Edited by Blindbatkid, 08 February 2017 - 01:47 AM.


#3 GeekinPink

GeekinPink
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 AM

Posted 08 February 2017 - 12:45 AM

I was not able to download the Zemana Scan using the link you provided.  

 

Here is the log for AVZ:

 

AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 07.02.2017 21:12:47
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 08.02.2017 04:00
Heuristic microprograms loaded: 409
PVS microprograms loaded: 10
Digital signatures of system files loaded: 854646
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 10.0.14393,  "Windows 10 Pro", install date 14.01.2017 02:07:03 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
Function kernel32.dll:CreateToolhelp32Snapshot (251) intercepted, method - APICodeHijack.JmpTo[7FE20250]
Function kernel32.dll:MoveFileExA (986) intercepted, method - APICodeHijack.JmpTo[7FE2077E]
Function kernel32.dll:MoveFileWithProgressA (991) intercepted, method - APICodeHijack.JmpTo[7FE207C2]
Function kernel32.dll:Process32NextW (1057) intercepted, method - APICodeHijack.JmpTo[7FE206D4]
Function kernel32.dll:ReadConsoleInputExA (1115) intercepted, method - ProcAddressHijack.GetProcAddress ->7672ABF1->77152C10
Function kernel32.dll:ReadConsoleInputExW (1116) intercepted, method - ProcAddressHijack.GetProcAddress ->7672AC24->77152C40
Function kernel32.dll:WinExec (1515) intercepted, method - APICodeHijack.JmpTo[7FE20294]
 Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:NtAdjustPrivilegesToken (206) intercepted, method - APICodeHijack.JmpTo[7FE20806]
Function ntdll.dll:NtClose (251) intercepted, method - APICodeHijack.JmpTo[7FE206F6]
Function ntdll.dll:NtCreateFile (271) intercepted, method - ProcAddressHijack.GetProcAddress ->7727EB20->66433260
Function ntdll.dll:NtCreateMutant (281) intercepted, method - APICodeHijack.JmpTo[7FE208B0]
Function ntdll.dll:NtCreateProcess (287) intercepted, method - APICodeHijack.JmpTo[7FE2033E]
Function ntdll.dll:NtCreateProcessEx (288) intercepted, method - APICodeHijack.JmpTo[7FE20360]
Function ntdll.dll:NtCreateSection (293) intercepted, method - APICodeHijack.JmpTo[7FE20A26]
Function ntdll.dll:NtCreateThread (296) intercepted, method - APICodeHijack.JmpTo[7FE2031C]
Function ntdll.dll:NtCreateThreadEx (297) intercepted, method - APICodeHijack.JmpTo[7FE202FA]
Function ntdll.dll:NtDuplicateObject (327) intercepted, method - APICodeHijack.JmpTo[7FE2042C]
Function ntdll.dll:NtLoadDriver (378) intercepted, method - APICodeHijack.JmpTo[7FE20718]
Function ntdll.dll:NtMapViewOfSection (393) intercepted, method - APICodeHijack.JmpTo[7FE2000E]
Function ntdll.dll:NtOpenEvent (402) intercepted, method - APICodeHijack.JmpTo[7FE2088E]
Function ntdll.dll:NtOpenProcess (416) intercepted, method - APICodeHijack.JmpTo[7FE203E8]
Function ntdll.dll:NtOpenProcessToken (417) intercepted, method - APICodeHijack.JmpTo[7FE2097C]
Function ntdll.dll:NtOpenSection (421) intercepted, method - APICodeHijack.JmpTo[7FE209E2]
Function ntdll.dll:NtQueryInformationToken (464) intercepted, method - APICodeHijack.JmpTo[7FE2099E]
Function ntdll.dll:NtQueueApcThread (499) intercepted, method - APICodeHijack.JmpTo[7FE2040A]
Function ntdll.dll:NtRaiseHardError (502) intercepted, method - APICodeHijack.JmpTo[7FE205E6]
Function ntdll.dll:NtReadFile (503) intercepted, method - APICodeHijack.JmpTo[7FE208D2]
Function ntdll.dll:NtSetContextThread (550) intercepted, method - APICodeHijack.JmpTo[7FE203C6]
Function ntdll.dll:NtSetInformationFile (564) intercepted, method - ProcAddressHijack.GetProcAddress ->7727E840->66433680
Function ntdll.dll:NtSetInformationProcess (568) intercepted, method - APICodeHijack.JmpTo[7FE2064C]
Function ntdll.dll:NtSetSecurityObject (584) intercepted, method - APICodeHijack.JmpTo[7FE20828]
Function ntdll.dll:NtSetSystemInformation (587) intercepted, method - APICodeHijack.JmpTo[7FE2073A]
Function ntdll.dll:NtSetValueKey (596) intercepted, method - ProcAddressHijack.GetProcAddress ->7727EBD0->66466B90
Function ntdll.dll:NtSuspendProcess (606) intercepted, method - APICodeHijack.JmpTo[7FE20470]
Function ntdll.dll:NtSuspendThread (607) intercepted, method - APICodeHijack.JmpTo[7FE2044E]
Function ntdll.dll:NtSystemDebugControl (608) intercepted, method - APICodeHijack.JmpTo[7FE20A48]
Function ntdll.dll:NtTerminateProcess (610) intercepted, method - APICodeHijack.JmpTo[7FE2062A]
Function ntdll.dll:NtUnmapViewOfSection (625) intercepted, method - APICodeHijack.JmpTo[7FE20030]
Function ntdll.dll:NtWriteFile (659) intercepted, method - APICodeHijack.JmpTo[7FE20A04]
Function ntdll.dll:NtWriteVirtualMemory (662) intercepted, method - APICodeHijack.JmpTo[7FE203A4]
Function ntdll.dll:RtlCreateProcessParameters (824) intercepted, method - APICodeHijack.JmpTo[7FE20140]
Function ntdll.dll:RtlCreateProcessParametersEx (825) intercepted, method - APICodeHijack.JmpTo[7FE20162]
Function ntdll.dll:RtlEqualSid (925) intercepted, method - APICodeHijack.JmpTo[7FE209C0]
Function ntdll.dll:RtlExitUserProcess (934) intercepted, method - APICodeHijack.JmpTo[7FE201C8]
Function ntdll.dll:RtlQueryPerformanceCounter (1252) intercepted, method - APICodeHijack.JmpTo[7FE200B8]
Function ntdll.dll:RtlReportException (1305) intercepted, method - APICodeHijack.JmpTo[7FE20608]
Function ntdll.dll:ZwAdjustPrivilegesToken (1668) intercepted, method - APICodeHijack.JmpTo[7FE20806]
Function ntdll.dll:ZwClose (1713) intercepted, method - APICodeHijack.JmpTo[7FE206F6]
Function ntdll.dll:ZwCreateFile (1733) intercepted, method - ProcAddressHijack.GetProcAddress ->7727EB20->66433260
Function ntdll.dll:ZwCreateMutant (1743) intercepted, method - APICodeHijack.JmpTo[7FE208B0]
Function ntdll.dll:ZwCreateProcess (1749) intercepted, method - APICodeHijack.JmpTo[7FE2033E]
Function ntdll.dll:ZwCreateProcessEx (1750) intercepted, method - APICodeHijack.JmpTo[7FE20360]
Function ntdll.dll:ZwCreateSection (1755) intercepted, method - APICodeHijack.JmpTo[7FE20A26]
Function ntdll.dll:ZwCreateThread (1758) intercepted, method - APICodeHijack.JmpTo[7FE2031C]
Function ntdll.dll:ZwCreateThreadEx (1759) intercepted, method - APICodeHijack.JmpTo[7FE202FA]
Function ntdll.dll:ZwDuplicateObject (1788) intercepted, method - APICodeHijack.JmpTo[7FE2042C]
Function ntdll.dll:ZwLoadDriver (1838) intercepted, method - APICodeHijack.JmpTo[7FE20718]
Function ntdll.dll:ZwMapViewOfSection (1853) intercepted, method - APICodeHijack.JmpTo[7FE2000E]
Function ntdll.dll:ZwOpenEvent (1862) intercepted, method - APICodeHijack.JmpTo[7FE2088E]
Function ntdll.dll:ZwOpenProcess (1876) intercepted, method - APICodeHijack.JmpTo[7FE203E8]
Function ntdll.dll:ZwOpenProcessToken (1877) intercepted, method - APICodeHijack.JmpTo[7FE2097C]
Function ntdll.dll:ZwOpenSection (1881) intercepted, method - APICodeHijack.JmpTo[7FE209E2]
Function ntdll.dll:ZwQueryInformationToken (1924) intercepted, method - APICodeHijack.JmpTo[7FE2099E]
Function ntdll.dll:ZwQueueApcThread (1959) intercepted, method - APICodeHijack.JmpTo[7FE2040A]
Function ntdll.dll:ZwRaiseHardError (1962) intercepted, method - APICodeHijack.JmpTo[7FE205E6]
Function ntdll.dll:ZwReadFile (1963) intercepted, method - APICodeHijack.JmpTo[7FE208D2]
Function ntdll.dll:ZwSetContextThread (2010) intercepted, method - APICodeHijack.JmpTo[7FE203C6]
Function ntdll.dll:ZwSetInformationFile (2024) intercepted, method - ProcAddressHijack.GetProcAddress ->7727E840->66433680
Function ntdll.dll:ZwSetInformationProcess (2028) intercepted, method - APICodeHijack.JmpTo[7FE2064C]
Function ntdll.dll:ZwSetSecurityObject (2044) intercepted, method - APICodeHijack.JmpTo[7FE20828]
Function ntdll.dll:ZwSetSystemInformation (2047) intercepted, method - APICodeHijack.JmpTo[7FE2073A]
Function ntdll.dll:ZwSetValueKey (2056) intercepted, method - ProcAddressHijack.GetProcAddress ->7727EBD0->66466B90
Function ntdll.dll:ZwSuspendProcess (2066) intercepted, method - APICodeHijack.JmpTo[7FE20470]
Function ntdll.dll:ZwSuspendThread (2067) intercepted, method - APICodeHijack.JmpTo[7FE2044E]
Function ntdll.dll:ZwSystemDebugControl (2068) intercepted, method - APICodeHijack.JmpTo[7FE20A48]
Function ntdll.dll:ZwTerminateProcess (2070) intercepted, method - APICodeHijack.JmpTo[7FE2062A]
Function ntdll.dll:ZwUnmapViewOfSection (2085) intercepted, method - APICodeHijack.JmpTo[7FE20030]
Function ntdll.dll:ZwWriteFile (2119) intercepted, method - APICodeHijack.JmpTo[7FE20A04]
Function ntdll.dll:ZwWriteVirtualMemory (2122) intercepted, method - APICodeHijack.JmpTo[7FE203A4]
 Analysis: user32.dll, export table found in section .text
Function user32.dll:CallNextHookEx (1534) intercepted, method - ProcAddressHijack.GetProcAddress ->76DE7CF0->66432FE0
Function user32.dll:CreateDialogIndirectParamAorW (1610) intercepted, method - APICodeHijack.JmpTo[7FE20FDC]
Function user32.dll:CreateWindowExA (1623) intercepted, method - APICodeHijack.JmpTo[7FE20F98]
Function user32.dll:CreateWindowExW (1624) intercepted, method - APICodeHijack.JmpTo[7FE20F76]
Function user32.dll:DialogBoxIndirectParamAorW (1687) intercepted, method - APICodeHijack.JmpTo[7FE20FFE]
Function user32.dll:FindWindowA (1775) intercepted, method - APICodeHijack.JmpTo[7FE210A8]
Function user32.dll:FindWindowExA (1776) intercepted, method - APICodeHijack.JmpTo[7FE210CA]
Function user32.dll:FindWindowExW (1777) intercepted, method - APICodeHijack.JmpTo[7FE2110E]
Function user32.dll:FindWindowW (1778) intercepted, method - APICodeHijack.JmpTo[7FE210EC]
Function user32.dll:GetMessageA (1883) intercepted, method - APICodeHijack.JmpTo[7FE20EAA]
Function user32.dll:GetMessageW (1887) intercepted, method - APICodeHijack.JmpTo[7FE20ECC]
Function user32.dll:GetWindowLongA (1972) intercepted, method - APICodeHijack.JmpTo[7FE21130]
Function user32.dll:GetWindowLongW (1973) intercepted, method - APICodeHijack.JmpTo[7FE21152]
Function user32.dll:MessageBoxExA (2116) intercepted, method - APICodeHijack.JmpTo[7FE21020]
Function user32.dll:MessageBoxExW (2117) intercepted, method - APICodeHijack.JmpTo[7FE21042]
Function user32.dll:PeekMessageA (2152) intercepted, method - APICodeHijack.JmpTo[7FE20EEE]
Function user32.dll:PeekMessageW (2153) intercepted, method - APICodeHijack.JmpTo[7FE20F10]
Function user32.dll:SendNotifyMessageA (2257) intercepted, method - APICodeHijack.JmpTo[7FE211B8]
Function user32.dll:SendNotifyMessageW (2258) intercepted, method - APICodeHijack.JmpTo[7FE211DA]
Function user32.dll:SetWinEventHook (2332) intercepted, method - APICodeHijack.JmpTo[7FE20E88]
Function user32.dll:SetWindowLongA (2339) intercepted, method - APICodeHijack.JmpTo[7FE21174]
Function user32.dll:SetWindowLongW (2340) intercepted, method - APICodeHijack.JmpTo[7FE21196]
Function user32.dll:SetWindowTextA (2346) intercepted, method - APICodeHijack.JmpTo[7FE21064]
Function user32.dll:SetWindowTextW (2347) intercepted, method - APICodeHijack.JmpTo[7FE21086]
Function user32.dll:SetWindowsHookExA (2350) intercepted, method - APICodeHijack.JmpTo[7FE20E44]
Function user32.dll:SetWindowsHookExW (2351) intercepted, method - ProcAddressHijack.GetProcAddress ->76DEAB00->66466C10
Function user32.dll:ShowWindow (2359) intercepted, method - APICodeHijack.JmpTo[7FE20FBA]
Function user32.dll:UnhookWindowsHookEx (2395) intercepted, method - APICodeHijack.JmpTo[7FE20F54]
Function user32.dll:UserClientDllInitialize (2420) intercepted, method - APICodeHijack.JmpTo[7FE20AD0]
Function user32.dll:Wow64Transition (1503) intercepted, method - CodeHijack (not defined)
 Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:CreateServiceA (1145) intercepted, method - APICodeHijack.JmpTo[7FE20CCE]
Function advapi32.dll:CreateServiceW (1146) intercepted, method - APICodeHijack.JmpTo[7FE20CF0]
Function advapi32.dll:CryptAcquireContextA (1194) intercepted, method - APICodeHijack.JmpTo[7FE20D12]
Function advapi32.dll:CryptAcquireContextW (1195) intercepted, method - APICodeHijack.JmpTo[7FE20D34]
Function advapi32.dll:CryptCreateHash (1197) intercepted, method - APICodeHijack.JmpTo[7FE20D9A]
Function advapi32.dll:CryptEncrypt (1204) intercepted, method - APICodeHijack.JmpTo[7FE20D78]
Function advapi32.dll:CryptExportKey (1209) intercepted, method - APICodeHijack.JmpTo[7FE20DBC]
Function advapi32.dll:CryptGenKey (1210) intercepted, method - APICodeHijack.JmpTo[7FE20D56]
Function advapi32.dll:CryptGetHashParam (1214) intercepted, method - APICodeHijack.JmpTo[7FE20DDE]
Function advapi32.dll:CryptHashData (1218) intercepted, method - APICodeHijack.JmpTo[7FE20E00]
Function advapi32.dll:CryptImportKey (1220) intercepted, method - APICodeHijack.JmpTo[7FE20E22]
Function advapi32.dll:CveEventWrite (1233) intercepted, method - ProcAddressHijack.GetProcAddress ->76472F22->7716FCA0
Function advapi32.dll:I_ScRegisterPreshutdownRestart (1386) intercepted, method - ProcAddressHijack.GetProcAddress ->76473E49->741DAD30
 Analysis: ws2_32.dll, export table found in section .text
Function ws2_32.dll:GetAddrInfoExW (31) intercepted, method - APICodeHijack.JmpTo[7FE2130C]
Function ws2_32.dll:GetAddrInfoW (32) intercepted, method - APICodeHijack.JmpTo[7FE212EA]
Function ws2_32.dll:WSAConnect (46) intercepted, method - APICodeHijack.JmpTo[7FE213B6]
Function ws2_32.dll:WSARecv (91) intercepted, method - APICodeHijack.JmpTo[7FE213FA]
Function ws2_32.dll:WSASend (96) intercepted, method - APICodeHijack.JmpTo[7FE212A6]
Function ws2_32.dll:WSASocketW (120) intercepted, method - APICodeHijack.JmpTo[7FE21350]
Function ws2_32.dll:closesocket (3) intercepted, method - APICodeHijack.JmpTo[7FE21372]
Function ws2_32.dll:connect (4) intercepted, method - APICodeHijack.JmpTo[7FE212C8]
Function ws2_32.dll:gethostbyname (52) intercepted, method - APICodeHijack.JmpTo[7FE2132E]
Function ws2_32.dll:recv (16) intercepted, method - APICodeHijack.JmpTo[7FE213D8]
Function ws2_32.dll:send (19) intercepted, method - APICodeHijack.JmpTo[7FE21284]
Function ws2_32.dll:socket (23) intercepted, method - APICodeHijack.JmpTo[7FE21394]
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:NetFreeAadJoinInformation (130) intercepted, method - ProcAddressHijack.GetProcAddress ->73BFC40A->71910B20
Function netapi32.dll:NetGetAadJoinInformation (131) intercepted, method - ProcAddressHijack.GetProcAddress ->73BFC439->71910E90
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 29
Extended process analysis: 3216 C:\MSI\MSIRegister\MSIRegisterService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 8248 C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 3544 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 9636 C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 9256 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 11344 C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 5712 C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\bdwtxapps.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
 Number of modules loaded: 326
Scanning RAM - complete
3. Scanning disks
C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MOVOEM_Handler.xpi - PE file with non-standard extension(dangerousness level is 5%)
File quarantined succesfully (C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MOVOEM_Handler.xpi)
C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MP4OEM_Handler.xpi - PE file with non-standard extension(dangerousness level is 5%)
File quarantined succesfully (C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MP4OEM_Handler.xpi)
C:\Program Files (x86)\OpenOffice 4\program\unopkg.com - PE file with modified extension that still lets run it (it is often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\Program Files (x86)\OpenOffice 4\program\unopkg.com)
Direct reading: C:\Users\Lynn\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icnF6AB.tmp
Direct reading: C:\Users\Lynn\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icnF6C9.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Program Files\Bitdefender\Bitdefender 2017\Active Virus Control\Avc3_00106_012\avcuf32.dll --> Suspicion for Keylogger or Trojan DLL
C:\Program Files\Bitdefender\Bitdefender 2017\Active Virus Control\Avc3_00106_012\avcuf32.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
File quarantined succesfully (C:\Program Files\Bitdefender\Bitdefender 2017\Active Virus Control\Avc3_00106_012\avcuf32.dll)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
 In the database 317 port descriptions
 Opened at this PC: 84 TCP ports and 53 UDP ports
 >>> Attention: Port 65000 TCP - Devil v1.03, Stacheldracht (nvcontainer.exe)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ and Help for more details)
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 97750, extracted from archives: 47297, malicious software found 0, suspicions - 0
Scanning finished at 07.02.2017 21:16:08
Time of scanning: 00:03:21
If you have a suspicion on presence of viruses or questions on the suspected objects,
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/

AND HERE IS THE LOG FOR 9 LAB:

 

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com
 
Database version: 156.46801
 
Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.14393.0
Lynn :: WHITEFALCON-Z17
 
2/7/2017 9:25:26 PM
9lab-log-2017-02-07 (21-25-26).txt
 
Scan type: Full
Objects scanned: 50839
Time Elapsed: 10 m 54 s
 
Registry Keys detected: 2
PUP.RMPL.Baidu.vl [HKEY_CLASSES_ROOT\BDShellExt.BDMenu]
PUP.RMPL.Baidu.vl [HKEY_CLASSES_ROOT\BDShellExt.BDMenu.1]
 
 
Files detected: 1
[7675162EFC8B128488F968953B2B77C7] Adware.FMPL.Gen.se [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\DIFxInstallLog.txt]


#4 Blindbatkid

Blindbatkid

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 08 February 2017 - 01:47 AM

Zemana Link fixed.



#5 GeekinPink

GeekinPink
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:45 AM

Posted 08 February 2017 - 06:10 AM

here is the log

 

Zemana AntiMalware 2.72.2.101 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/2/8
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-6700 CPU @ 3.40GHz
BIOS Mode              : UEFI
CUID                   : 12BF2DAFD02A43394F0AC3
Scan Type              : System Scan
Duration               : 1m 16s
Scanned Objects        : 101544
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
No threats detected


#6 Blindbatkid

Blindbatkid

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 09 February 2017 - 07:23 PM

What issues remain?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users