Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: jpg files changed on the same date and reported as unknown ADS

  1. #1
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default jpg files changed on the same date and reported as unknown ADS

    Hi All
    Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014. Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.
    Thanks for any help you can give.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Hello spypcsense,

    Quote Originally Posted by spypcsense View Post
    Hi All
    Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014.
    This information alone does not raise a flag, changes may reflect when the user accessed their files.


    Quote Originally Posted by spypcsense View Post
    Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.
    Please list:
    Version of Spybot: http://www.safer-networking.org/shop/
    The operating system
    Other security programs installed
    Any issues with the computer's performance, please be specific.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default requested info

    Thanks for the reply Tashi.

    Version of Spybot: 2.0.12.0
    Rootkit scanner 2.0.12.116
    The operating system: Windows 7 professional 32 bit
    Other security programs installed: AVG Cloudcare, Malwarebytes
    Issues with the computer's performance: Windows is not Genuine (4 year old Lenovo laptop and this just popped up), can't troubleshoot (gets error), some updates are blocked, sometimes gets very sloooowww. I pulled the drive and deep scanned it again from this machine with similar results to the original scan.

    Thanks again

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Hello spypcsense,

    It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default help on next step

    I would think that these steps are best accomplished with the drive back in its home computer unless you think it is better to leave it attached to this machine. Agree?


    Quote Originally Posted by tashi View Post
    Hello spypcsense,

    It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

    Best regards.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Quote Originally Posted by spypcsense View Post
    I would think that these steps are best accomplished with the drive back in its home computer
    Yes.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default

    Quote Originally Posted by tashi View Post
    Yes.
    Ran the scans and started a new thread in Malware Removal. Posted the logs and linked to this post but nothing happens when I submit. This is the URL it goes to: http://forums.spybot.info/newthread....ostthread&f=22. If I look at My Profile it just shows this thread. Any thoughts as to what I might be doing wrong?
    Thanks

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Quote Originally Posted by spypcsense View Post
    Ran the scans and started a new thread in Malware Removal. Posted the logs and linked to this post but nothing happens when I submit. This is the URL it goes to: http://forums.spybot.info/newthread....ostthread&f=22. If I look at My Profile it just shows this thread. Any thoughts as to what I might be doing wrong?
    Thanks
    That's strange, if you open this link you should be able to post: http://forums.spybot.info/newthread....newthread&f=22

    Were you logged in?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default

    Copied files to another computer and attached them instead of pasting in the post. Got error message that addition.txt was too big so split it. Now everything is up. Don't know if it was being blocked by the problem computer or it was the amount of data. Anyhow now it's happy -
    Thanks for the links.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Hi spypcsense,

    I closed your second topic in the malware forum so helpers aren't confused.
    http://forums.spybot.info/showthread...l=1#post460985

    When someone responds to the original topic you can then add the logs they request.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •