Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very stubborn .exe in Windows/Temp


  • Please log in to reply
4 replies to this topic

#1 Fourd1

Fourd1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 September 2017 - 11:05 AM

Hi guys,

 

First post here.

I have a file named "msrazwbsrv.exe" in Windows/Temp folder. File purports to be from Toshiba and refuses to be deleted even under safe mode.

I am pretty sure this is a virus.

 

With your expert help, what are my next moves.

Here is a HijackThis log:

 

Log removed.  Hijack This Logs are not permitted in the Windows forums.
 
I will escort you over to the "Am I infected?  What do I do?" forum, which is where issues with suspected infections are addressed regardless of the specific platform on which they are occurring.

Edited by britechguy, 23 September 2017 - 11:43 AM.
Redacted Hijack This Log. Will move thread shortly


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:09 AM

Posted 23 September 2017 - 12:01 PM

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open, click on Update Now to update to the newest definitions.

3)  Click on Settings, when Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.
  • *Open Malwarebytes Anti-Malware.
    *Click the Scan Tab at the top.
    *Click the View detailed log link on the right.
    *Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    *Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
    *Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
     
     
    Please download AdwCleaner and install it.

    When AdwCleaner opens click on Scan to start the scan.

    Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

    If there are no malicious programs are found you will receive a message informing you of this.  
     
    Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
     
    You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
     
    When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Edited by dc3, 23 September 2017 - 12:02 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Fourd1

Fourd1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 September 2017 - 12:17 PM

Thanks for the reply. Doing all as suggested. I will post when completed.

 

Thanks!



#4 Fourd1

Fourd1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 September 2017 - 03:30 PM

ESET found zero

ADW found and removed 1

MalwareBytes well that's another story:

It found 2181 malware but the log shows zero!

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/23/2017
Scan Time: 1:00 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.09.23.06
Rootkit Database: v2017.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: David
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 708457
Time Elapsed: 21 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:09 AM

Posted 27 September 2017 - 09:50 AM

I very specifically requested that the logs for these scans be posted in your topic.  You need to do this, telling me what was or wasn't found doesn't show the whole picture.  Please do what has been requested.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users