Page 4 of 6 FirstFirst 123456 LastLast
Results 31 to 40 of 54

Thread: Instashare has got me!

  1. #31
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
    Ran by Jonesboy at 2014-09-18 11:30:52 Run:2
    Running from C:\Users\Jonesboy\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
    Task: {2E2818CD-D83C-47C2-BEFE-6DBFACC268ED} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
    Task: {81754E45-FFF8-4866-9A32-B2FDA551E27D} - System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
    Task: {F89B0AAF-30A9-477D-AE3A-E08EAA057CED} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
    Task: C:\windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
    Task: C:\windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
    Hosts:
    EmptyTemp:
    End
    *****************

    [6108] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe => Process closed successfully.
    HKU\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Windows\CurrentVersion\Run\\FileHippo.com => value deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
    "HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
    FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2818CD-D83C-47C2-BEFE-6DBFACC268ED}" => Key not found.
    C:\Windows\System32\Tasks\SpeedUpMyPC not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81754E45-FFF8-4866-9A32-B2FDA551E27D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81754E45-FFF8-4866-9A32-B2FDA551E27D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E90617FB-07C0-4AB6-9D0E-10E6146971EE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F89B0AAF-30A9-477D-AE3A-E08EAA057CED}" => Key not found.
    C:\Windows\System32\Tasks\spmonitor not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\spmonitor" => Key not found.
    C:\windows\Tasks\SpeedUpMyPC.job not found.
    C:\windows\Tasks\spmonitor.job not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 401.4 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

  2. #32
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You need to enable windows to show all files and folders, instructions Here

    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

    C:\ProgramData\myXaturuft\ZGtfxyv.exe <-- This file

    If the site is busy you can try this one
    http://virusscan.jotti.org/en
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #33
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default Not sure this is what you were after

    SHA256: 52c534b3b004149880f7927bf33676abad55eaed64ed5d54494925b3fc543ab2
    File name: ZGtfxyv.exe
    Detection ratio: 3 / 55
    Analysis date: 2014-09-18 02:00:50 UTC ( 0 minutes ago )
    0 0
    Analysis
    File detail
    Additional information
    Comments
    Votes
    Behavioural information
    Antivirus Result Update
    Baidu-International Adware.MSIL.PullUpdate.bE 20140917
    Comodo ApplicUnwnt 20140917
    ESET-NOD32 a variant of MSIL/Adware.PullUpdate.E 20140918
    AVG 20140917
    AVware 20140918
    Ad-Aware 20140918
    AegisLab 20140918
    Agnitum 20140917
    AhnLab-V3 20140917
    Antiy-AVL 20140918
    Avast 20140918
    Avira 20140918
    BitDefender 20140918
    Bkav 20140916
    ByteHero 20140918
    CAT-QuickHeal 20140917
    CMC 20140917
    ClamAV 20140917
    Cyren 20140918
    DrWeb 20140918
    Emsisoft 20140918
    F-Prot 20140918
    F-Secure 20140918
    Fortinet 20140918
    GData 20140918
    Ikarus 20140918
    Jiangmin 20140917
    K7AntiVirus 20140917
    K7GW 20140917
    Kaspersky 20140918
    Kingsoft 20140918
    Malwarebytes 20140918
    McAfee 20140918
    McAfee-GW-Edition 20140917
    MicroWorld-eScan 20140918
    Microsoft 20140917
    NANO-Antivirus 20140918
    Norman 20140917
    Panda 20140917
    Qihoo-360 20140918
    Rising 20140917
    SUPERAntiSpyware 20140918
    Sophos 20140918
    Symantec 20140918
    Tencent 20140918
    TheHacker 20140917
    TotalDefense 20140917
    TrendMicro 20140918
    TrendMicro-HouseCall 20140918
    VBA32 20140917
    VIPRE 20140918
    ViRobot 20140918
    Zillya 20140917
    Zoner 20140916
    nProtect 20140917

  4. #34
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default

    File already analysed
    This file was last analysed by VirusTotal on 2014-09-18 02:00:50 UTC, it was first analysed by VirusTotal on 2014-09-10 15:01:26 UTC.

    Detection ratio: 3/55

    You can take a look at the last analysis or analyse it again now.

  5. #35
    Member
    Join Date
    Sep 2014
    Posts
    31

    Default Jotti

    Filename: ZGtfxyv.exe
    Status:
    Scan finished. 1 out of 22 scanners reported malware.
    Scan taken on: Thu 18 Sep 2014 04:17:23 (CET) Permalink

  6. #36

  7. #37

  8. #38
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets try one more file scanner to be sure

    http://virusscan.jotti.org/en

    C:\ProgramData\myXaturuft\ZGtfxyv.exe
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #39

  10. #40
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not convinced that is ok, whenever I google a file and it gets no hits its mostly bad

    You need to run the 64bit version
    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64 Bit Version

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      Xaturuft
      :file
      ZGtfxyv.exe
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •