Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer behaving strangely


  • This topic is locked This topic is locked
11 replies to this topic

#1 meic1024

meic1024

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 18 June 2018 - 06:12 PM

Hi

    I'm new and thanks in advance

    My computer was acting strangely a few months ago - ? permissions, defender not updating - can anyone see anything odd in the FSRT log.

                                               Meic

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:54 PM

Posted 19 June 2018 - 01:36 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post or attach the FRST.txt log for my review.

#3 meic1024

meic1024
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 19 June 2018 - 02:06 PM

Hi Nasdaq and thanks

     I thought the file called Addition.txt that I enclosed was the FRST log - if it's not I'll have to familiarise myself with farbar first.

                                                                              Meic



#4 meic1024

meic1024
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 19 June 2018 - 03:19 PM

Hi Nasdaq

          I attached a file yesterday ok but there is no 'attach' icon in the reply dialogue box that I can see. Sorry but how do I upload the file in the forum. I can do this... :hysterical:

                                      Meic



#5 meic1024

meic1024
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 19 June 2018 - 06:40 PM

Hi Nasdaq

     Got the FRST log now

                       thanks

                         Meic


sorry

   here

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:54 PM

Posted 20 June 2018 - 07:42 AM


Hi,

No malware was found in your logs.
The computer is clean.

This error is reported a few times in your Addition.txt log.

Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.920.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.


Try the suggested fix on this page.
https://www.repairwin.com/windows-update-8024402c-error-solved/

Let me know if the problem is solved.

p.s.
This error is also seen when the Windows Updates are not being installed.
Check if you have all the latest updates.

#7 meic1024

meic1024
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 20 June 2018 - 02:42 PM

Hi Nasdaq

     This morning windows defender reported 2 trojans on my system (i'm still looking for the log to find out their names) - it has never done this before and I have to say the timing is spooky (I never open attachments unless I know the sender etc) - my machine always 'says' its up to date but it is really fishy. I'll have a look at the fix and see. I'm no expert but my instinct tells me that when I want to do something positive to help myself it's as if I'm not allowed - I can't really explain it but , eg, sometimes system restore is inexplicably turned off and at key moments i.e 2 minutes ago when I was typing this the screen went black (its never done that before) - I'm not even sure if the AV is updating properly and on demand scans are suspiciously short. Thanks for your help Nasdaq. I will look at the fix and see what happens. I hate to use the word paranoid cos I couldn't give a toss really but I suppose I do object to unwanted outside interference with my laptop. Thanks

                                                           Meic



#8 meic1024

meic1024
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 20 June 2018 - 02:51 PM

Hi Nasdaq -

I found the log - the trojan was called JS/phish which was discovered on 20/6/2018 and another one called HTML/phish (which was 'discovered' on 27/5/2018 but reported this morning?) - it just doesn't make sense to me.

                                                                          cheers  Meic



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:54 PM

Posted 21 June 2018 - 07:09 AM

Hi,



I found the log - the trojan was called JS/phish


Can you attache the log if still available.

#10 meic1024

meic1024
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 21 June 2018 - 10:07 AM

Hi Nasdaq

           Where are the logs located? - the trojans are in quarantine - just to let you know I did all the fixes on that link you sent me (probably overkill but no harm done - I hope) - I've typed out the details verbatim in a word doc.

                                                                                    cheers

                                                                                     mike

 

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:54 PM

Posted 21 June 2018 - 12:39 PM

Hi,

Inetcache is a default system folder. It is normally not visible, unless revealed the system folders in folder view.

It stores addresses of sites, as you visit them, so that, second time around, they open faster.


How and when these were added and later detected by Windows Defender is a mystery.

You did well.

#12 meic1024

meic1024
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 21 June 2018 - 02:36 PM

Thanks for all your help Nasdaq - as I said I followed your advice too - I'l just keep an eye and if I get any more strange occurences, I'll get back in touch with the forum.

                                          cheers

                                            Meic






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users