Possible infection with Vawtrak/Pony trojan.

[banshee]

Eset is still scanning. I keep checking task manager for the not responding message, and it's still going. Gonna let it run till morning and see what happens.

Thanks for the help so far Juliet.

[Juliet]

Thanks for the help so far Juliet

Your welcome

Depending on how full your computer is, it can take quite a while but it is a very thorough and dependable scanner.

[Juliet]

still need help?

[banshee]

Juliet, not sure what I should do. I cannot get the progress box to come to the front so I can see the activity so I can't tell if it's done. I let it run the whole weekend so it's been 4 days since it started. Task manager still shows the process as running and I see the cpu% vary 1-2% so I think it's still running. My primary drive has 125GB of data, my 1st internal has 121GB and my 2nd has 40GB of data. Does eset scan all drives? Maybe that's the reason it's taking so long?

Thanks.

[Juliet]

Thats a crazy amount of time for the scanner to run. Yes, it does scan all drives but if something else is running in the background it could cause it to go much slower but, if that was the case the opening task manager would show high CPU usage.

Can you see the inner face of Eset to see if it says find infections?

[banshee]

No.

The cpu is a 4 core with HT and eset usually sits at 12-13% which is 1 cpu pegged.

When I click on the taskbar to bring it up all I get is the outline of the progress box. I do know that after about 15 min from when I 1st started the scan on the 7th it said there 7 or so infections but the scanner was still running so I let it be. Should I end the process and restart the scan then stop it after it finds a few infections?

Thanks.

[Juliet]

at that time it saying it had found infections doesn't bother me, files already deleted should be in quarantine folders.

I think we're going to stop this scanner, right after it started something interfered with it.

Right click on the exe in task manager, select end task.

Go to add/remove programs list and see if Eset is found there and if it is remove it.(May not be but we're going to check)
I want you to reboot your machine to clear this out.

We'll try a different approach.


Emsisoft Emergency Kit (Portable)

• Please download Emsisoft Emergency Kit and save the file to a your Desktop.
• Double-click EmsisoftEmergencyKit.exe.
• Click Extract.
• Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
• Click Yes to update the programme definitions.
• Click Yes to detect Potentially Unwanted Programs (PUP's).
• Click Scan now.
• Select Full Scan and click Scan.
• Close any High Risk notification screen that may appear.
• When the scan is finished click Quarantine selected objects if malicious objects were found.
• Click View Report, and open the most recent log.
• Copy the contents of the log and paste in your next reply.

[banshee]

It didn't show in list.

Downloading Emsisoft right now and will run it when done.

Thanks.

[banshee]

I didn't do a custom scan just a Malware scan so it didn't scan my internal drives. I selected quarantine, but it wouldn't allow me to with the last entry and it said all entries are no risk.

Emsisoft Emergency Kit - Version 11.0
Last update: 7/11/2016 8:39:57 AM
User account: PROGRAMMING\Antec-179

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 7/11/2016 8:40:32 AM
Key: HKEY_USERS\S-1-5-21-3303728595-2053281234-2614305378-1000\SOFTWARE\INTELORE\EXCEL PASSWORD RECOVERY detected: Application.Win32.PassRecover (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} detected: Application.AdReg (A)
C:\Users\Antec-179\Desktop\Personal\cbsidlm-cbsi188-Gears_Simulator-SEO-75739203.exe detected: Application.Win32.AppInstall (A)

Scanned 80278
Found 4

Scan end: 7/11/2016 8:42:51 AM
Scan time: 0:02:19

[Juliet]

EXCEL PASSWORD RECOVERY
This is something you downloaded either to get a password or a cracked copy....can't tell.
If it's a cracked copy I have to tell you it should be uninstalled, leave that up to you since it is against forum policy to have illegal programs on your computer.

Is AdwCleaner still on desktop?
If it is, open the tool and look for the Uninstall button.
Let it uninstall then we'll download a fresh updated version.

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
• Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
• Click Clean.
• Follow the prompts and allow your computer to reboot.
• After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.