Hi All
Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014. Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.
Thanks for any help you can give.

Hello spypcsense, :welcome:


Hi All
Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014.

This information alone does not raise a flag, changes may reflect when the user accessed their files. :)



Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.


Please list:
Version of Spybot: http://www.safer-networking.org/shop/
The operating system
Other security programs installed
Any issues with the computer's performance, please be specific.

Best regards.

Thanks for the reply Tashi.

Version of Spybot: 2.0.12.0
Rootkit scanner 2.0.12.116
The operating system: Windows 7 professional 32 bit
Other security programs installed: AVG Cloudcare, Malwarebytes
Issues with the computer's performance: Windows is not Genuine (4 year old Lenovo laptop and this just popped up), can't troubleshoot (gets error), some updates are blocked, sometimes gets very sloooowww. I pulled the drive and deep scanned it again from this machine with similar results to the original scan.

Thanks again

Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please. :)

Best regards.

I would think that these steps are best accomplished with the drive back in its home computer unless you think it is better to leave it attached to this machine. Agree?



Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please. :)

Best regards.

I would think that these steps are best accomplished with the drive back in its home computer

Yes. :)

Yes. :)

Ran the scans and started a new thread in Malware Removal. Posted the logs and linked to this post but nothing happens when I submit. This is the URL it goes to: http://forums.spybot.info/newthread.php?do=postthread&f=22. If I look at My Profile it just shows this thread. Any thoughts as to what I might be doing wrong?
Thanks

Ran the scans and started a new thread in Malware Removal. Posted the logs and linked to this post but nothing happens when I submit. This is the URL it goes to: http://forums.spybot.info/newthread.php?do=postthread&f=22. If I look at My Profile it just shows this thread. Any thoughts as to what I might be doing wrong?
Thanks

That's strange, :confused: if you open this link you should be able to post: http://forums.spybot.info/newthread.php?do=newthread&f=22

Were you logged in?

Copied files to another computer and attached them instead of pasting in the post. Got error message that addition.txt was too big so split it. Now everything is up. Don't know if it was being blocked by the problem computer or it was the amount of data. Anyhow now it's happy -:)
Thanks for the links.

Hi spypcsense,

I closed your second topic in the malware forum so helpers aren't confused.
http://forums.spybot.info/showthread.php?71875-Slow-computer-error-messages&p=460985&viewfull=1#post460985

When someone responds to the original topic you can then add the logs they request. :)

Hello Tashi - maybe I misunderstood or I'm not reading this correctly. You said to go to the Malware Removal forum, start a new thread, post the logs and link back to the original thread in the rootkit forum. I thought that is what I did so I'm not sure where I went wrong. Need some enlightenment. Which topic is open - the first one or this one and which one should I be using. Don't want to upset the apple cart but I am confused.
Thanks for your help.
Regards:confused:

OK so the one you told me to open is closed and this one is open without logs. Can I close this one and then open a new one in Malware Removal?
Just to refresh your memory this is the message you sent me:

Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

Best regards.

Regards

Hello spypcsense,

Your first topic in the malware forum is open, it contains a log:
http://forums.spybot.info/showthread.php?71874-1%29-Slow-computer-error-messages#post460970

Your second topic in the malware forum posted approximately 30 minutes later was closed:
http://forums.spybot.info/showthread.php?71875-Slow-computer-error-messages&p=460985&viewfull=1#post460985

If you'd like to start again please start a new topic in the malware forum and do not add any posts to that topic until a helper responds. :)

OK - now I understand. The first one is the post that gave an error message about the file exceeding the 48+ mb maximum size. I thought the whole post was rejected so the second one was a repeat of the first one with the file separated into two files.
Thanks for clarifying and getting a newbie straightened out.
Will wait for helper advice.
Regards