Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Virus question? (Spams text, disappeared)


  • Please log in to reply
2 replies to this topic

#1 joejimm

joejimm

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 18 August 2017 - 09:27 PM

I was redirected here from Norton Forums saying that you may be of better assistance so here's what I know

 

"Around 2pm today while playing a video game my computer started being spammed with text that I could not control. The one time I saw it spammed in an area I could see I believe it said something along the lines of "cv://146", that might not exactly be it. I could not stop it so I turned off my computer. When I turned it back on and tried to log back in the log in area where I tried to type in my password was being spammed and so I couldn't log back in. The highlighted dash (whatever it's called) that flashes at the front of where you're typing was moving around. Not sure if it was automatic or a person was controlling it and moving the flashing line but whatever it was did not control my mouse.

 

I attempted restarting my computer multiple times, every time I was met with this so I tried starting in safe mode but even then I couldn't log in but the timing (of the spam after I restarted my computer) was always random. Sometimes it would start spamming the second I tried to type in my password and sometimes it would take about 5-10 seconds before it started, maybe a person was doing it but they weren't always watching. Eventually I managed to sneak past it and got into safe mode. Ran a Malware Bytes scan and a Norton scan both which found 0 threats. I then restarted after these scans and the computer was veery slow and some programs didn't work until I opened them 5+ times (this could've been either some effect of the virus or maybe everything was a bit hazy after having my computer be restarted 10+ times and being run in safe mode). But now everything seems normal but I'm afraid that whatever was doing this is just laying dormant waiting to go again or take passwords/do its work while I'm afk. Even though it seemed to have no control over my mouse so I'm not sure how it would do that. 

 

 

tl;dr: Weird virus spams text, went in safe mode to try to remove it, no threats found, back out of safe mode and I can't find where whatever this was came from."

 

When I was in safe mode I also was looking through recently added/edited files to see if I could find anything suspicious. I found this PRFO log and the lines seem to start reporting issues around the time I was having problems? If this is any help, I just thought I'd post it here.

__________________________________________________________________________________________________________________________________

8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\AntiSpamDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\IronRevo\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\SDSDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp3358.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp3358.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\IronRevo\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp3358.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\AntiSpamDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp3358.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\AntiSpamDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\IronRevo\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\SDSDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp3358.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\AntiSpamDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\IronRevo\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\SDSDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp3358.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\AntiSpamDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\IronRevo\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\SDSDefs\tmpb67.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:49 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp3358.tmp, |delete operation|, 0xc0000034
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\coIEPlg.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\coIEPlg.dll_Disabled, 0xc000003a
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\coIEPlg.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\coIEPlg.dll_Disabled, 0xc0000034
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\EFACli.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\EFACli.dll_Disabled, 0xc000003a
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\EFACli64.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\EFACli64.dll_Disabled, 0xc0000034
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\NavShExt.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\NavShExt.dll_Disabled, 0xc0000034
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\BuShell.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\BuShell.dll_Disabled, 0xc000003a
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\BuShell.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\BuShell.dll_Disabled, 0xc0000034
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\MsouPlug.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.4.8\MsouPlug.dll_Disabled, 0xc000003a
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\MsouPlug.dll, !\??\C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.4.8\MsouPlug.dll_Disabled, 0xc0000034
8/18/2017 14:21:50 - PFRO Error: \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.7.0.76\Definitions\WebProtectionDefs\tmp5d65.tmp, |delete operation|, 0xc0000034
_______________________________________________________________________________________________________________________________________________________________________________
 
There are many more lines than that but thought maybe that could help identify the culprit. I'll pretty much be constantly monitoring this thread and responding to any inquiries so anything you would like copies of (some sort of log or so) just let me now and I can get it to you very quickly.
 
I'm sort of in a rush because I have something important that I can only do on this computer that starts on Sunday morning (8/20/2017) so any help to fix this ASAP (or verify whatever caused this issue is gone) would be greatly appreciated

Edited by joejimm, 18 August 2017 - 09:41 PM.


BC AdBot (Login to Remove)

 


#2 joejimm

joejimm
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 19 August 2017 - 04:47 PM

So, no ideas? Was it even a virus? Maybe it was something else entirely, I'm not too sure myself.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 20 August 2017 - 08:49 PM

Hi, I am not certain myself. Lets get a tech to look.. Repost this info with an FRST LOG in a new topic. Start at step 6.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users