Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Threat detected message when in IE


  • Please log in to reply
13 replies to this topic

#1 cudaed

cudaed

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2017 - 01:28 AM

Errors encountered in IE when attempting Cisco VPN connection.

Message from avast

Threat blocked

[user profile path]\AppData\...\csvrelay32.dll

Infection IDP.ALEXA.51

 

The threat was detected and blocked just before the attack.

 

Message from avast

Threat blocked

[user profile path]\AppData\...\csvrelay64.dll

Infection IDP.Generic

 

The threat was detected and blocked just before the attack.



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 04 July 2017 - 02:29 AM

Find the two files on your system, upload a copy of each (one at a time) to VirusTotal.com and scan them there.


Edited by jwoods301, 04 July 2017 - 02:30 AM.


#3 cudaed

cudaed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2017 - 03:32 PM

I tried looking for anything called relay under the appdata folder and the only thing I came up with was a couple of htm files.  Is it possible those are hidden?  The Avast Anti-Virus is what produced the message and blocked the threat.  It did not log anything regarding a quarantine or removal?  Not sure how to paste images here.  I have a couple images but not able to paste here.

 

 

  



#4 cudaed

cudaed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2017 - 03:38 PM

this is the alt text extracted from the image using onenote

 

Object
C:\Users\Mustang 1 OO\AppData\...\csvrelay64.dII
Infection
IDP.Generic
The threat was detected and blocked just before the
attack.
 
Threat blocked
Object
C:\Users\Mustangl OO\AppData\...\csvrelay64.dII
Infection
I DP.Generic
The threat was detected and blocked just before the
attack.

 



#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 04 July 2017 - 03:41 PM

Saw that in your first post.

 

Do the following...

 

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run Malwarebytes Anti-Malware -

https://www.malwarebytes.org/antimalware/

Download and run the portable version of Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/

Create a System Restore point first.



#6 cudaed

cudaed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2017 - 09:26 PM

I made it to JunkWare Removal Tool.  when I tried to launch it it turned the screen black and hung the computer.  Now any righ click of opening of control panel etc is just a black box?  I created a restore point but dont know how to get back to it if I cant get to control panel?  What happened? It's like I'm clicking blind?

 

 



#7 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 04 July 2017 - 09:33 PM

I made it to JunkWare Removal Tool.  when I tried to launch it it turned the screen black and hung the computer.  Now any righ click of opening of control panel etc is just a black box?  I created a restore point but dont know how to get back to it if I cant get to control panel?  What happened? It's like I'm clicking blind?

 

 

 

Extremely odd...

 

The first thing JRT does is check for an update of itself.

 

Then it creates a System Restore point and goes through its checks.

 

Boot into Safe Mode and roll back from the restore point.

 

Did the other tools find any issues?



#8 cudaed

cudaed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2017 - 09:43 PM

zemana found 1 object and quarantined.  I went through the exercise last night of getting this thing into safe mode and it was a multi-step process.  I dont have the ability to see to click on things.  about the ony thing that is not a black box is chrome and some win 10 entry screens like display settings but even then if I try to see advanced new windows are all black boxes.  do you know of a simple way to boot into safe mode.  Windows 10 seems convoluted and cumbersome.

 



#9 cudaed

cudaed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2017 - 09:58 PM

I'm trying to restore now. The first one that I created before I started failed. So I'm trying one from a windows update from yesterday.

Edited by cudaed, 04 July 2017 - 10:13 PM.


#10 cudaed

cudaed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 04 July 2017 - 10:43 PM

so both restores failed but the black box has gone.  How important is the JWT?  I am really hesitant to run that after the problems I had.  Also I dont know if it means anything but I am experiencing 100% disk usage at start up.  I changed the paging to 1 1/2 times ram and disabled superfetch.  But it persists.  I'm hesitant to disable avast with everything else going on with this machine.  The object ID'd by zemana was an ad-ware not trojan or root kit or anything like that.  I could also mention I ran a Hijackthis log and it found no bad entries..Not sure where to go from here.  I can refresh the malware bytes and run again but I think that concludes the list sans the JWT. Where do I go from here? Thanks again for all your help greatly appreciated.  



#11 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 05 July 2017 - 01:14 AM

How to get into Safe Mode in Windows 10...

http://www.pcworld.com/article/2984712/windows/how-to-enter-windows-10s-safe-mode.html

 

Skip running Junkware Removal Tool and make sure System Restore is enabled.

 

Open Task Manager and see which process is running up disk usage.


Edited by jwoods301, 05 July 2017 - 01:18 AM.


#12 cudaed

cudaed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 05 July 2017 - 08:37 PM

Curious.. I can look but would it allow me to create a restore point and allow to attempt to restore if it were not enabled?

The disk bound issue goes away after a period of time. It seems to be a small host of windows processes. One of which was the superfetch.  I read where it can have an impact so I disabled it.  It does seem to use a lot of resources because after the disk stopped maxing out I restarted it and it took the disk back to 100% pretty quickly, and was reduced to minimal use when I stopped it again.  

 

Are there any other tools that you know of that I can run against this thing.  I looked at possibly using procmon to monitor only network traffic while attempting the Cisco VPN portal connection.  Any thoughts ?  

 

 

Thanks again

 

 



#13 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 05 July 2017 - 11:38 PM

I would enable Superfetch and disable Indexing and Thumbnail caching.

 

Desktop Windows Manager is also a known user of disk resources.

 

You can try changing Visual Effects to adjust for performance.

 

Check that your graphics drivers are up to date.



#14 marbet1

marbet1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 18 September 2017 - 02:30 AM

Curious.. I can look but would it allow me to create a restore point and allow to attempt to restore if it were not enabled?

The disk bound issue goes away after a period of time. It seems to be a small host of windows processes. One of which was the superfetch.  I read where it can have an impact so I disabled it.  It does seem to use a lot of resources because after the disk stopped maxing out I restarted it and it took the disk back to 100% pretty quickly, and was reduced to minimal use when I stopped it again.  

 

Are there any other tools that you know of that I can run against this thing.  I looked at possibly using procmon to monitor only network traffic while attempting the Cisco VPN portal connection.  Any thoughts ?  

 

 

Thanks again

 

 

Well cudaed, don't leave us hanging did it work?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users