Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malware Infection? Weird Behaviour+Weird AV Results

  • Please log in to reply
3 replies to this topic

#1 scut1


  • Members
  • 12 posts
  • Local time:07:52 PM

Posted 17 December 2017 - 09:15 AM

I am running a PC with Win XP SP3 (32Bit) with Avast Free 17.8 as primary real-time AV, complemented by MB Anti Exploit Beta and MBAM free 3.3.1 as an on-demand malware scanner. I am using Slimjet as my primary browser, Windscribe as VPN, Windows Firewall and Secunia PSI 3.0 as software updater. All data are backed up on Zoolz and Google Drive.


Since yesterday this system has started behaving weirdly.


It started when Secunia PSI asked to check my internet connection, was not able to connect to the update server and was unable to scan files. After a couple of reboots, it came online again and now it's working fine.

Thinking it was an issue linked to the firewall permission, I tried to open the internet option tab in control panel and - here is the problem. Internet Options would not open, not even using the inetcpl.cpl command. A quick browse pointed to a malware infection.


I ran MBAM which found hijack.host, which I quarantined. A second scan with the rootkit option showed zero infections. I also ran Avast which found Rogue.Win32fakeAV(A), that I also quarantined. A second scan showed no issues. Reading through various forums, both detections may be false positives.


Other Malware scanners (Emsisoft EK, FRST, Rogue Killer, Junkware Removal Tool) showed only PUPs, PUMs.


Interestingly enough, I was unable to run MS Malicious Software Removal Tool and AdwCleaner. In both case, when trying to launch the programs I get the message that the "..........exe file is not a valid Win32 application". Some forums point this behaviour towards a malware.


I also tried a system restore, but after a first restore to 2 days ago (successful, but did not solve the issue), I did not manage to do other restores ("restore incomplete"). Systems restore also shows that this morning my PC installed Windows XP wdf01009. A search on this showed that it's something done by Avast, so it should not be an issue..


Apart from the snags mentioned above (Internet Options not working, a couple of AV not starting and System Restore not restoring properly), the system does not seem to be slower than usual or using more resources than usual.


Any idea and recommendations how to move forward?



BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,501 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:52 PM

Posted 17 December 2017 - 10:04 AM

Welcome to BC....


AdwCleaner is not compatible with Windows XP3.


Using System Restore likely restored those PUPs and PUMs you mentioned. Suggest you rerun whatever program(s) found and

removed those.


The programs you have used to find and remove malware are the ones most commonly used in this forum and two that are not allowed

in this forum. Suggest you start a new topic in the malware removal forum by following directions below.


Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


DO NOT bump your new topic. Wait for a response from one of the Team Members.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 scut1

  • Topic Starter

  • Members
  • 12 posts
  • Local time:07:52 PM

Posted 17 December 2017 - 10:37 AM

ok - will do.


#4 scut1

  • Topic Starter

  • Members
  • 12 posts
  • Local time:07:52 PM

Posted 17 December 2017 - 11:16 AM

Here is the link to the new topic.

Thx for your help, buddy215.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users