Page 3 of 6 FirstFirst 123456 LastLast
Results 21 to 30 of 60

Thread: Please check my computer for sny possible further infection

  1. #21
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by Nnewb View Post
    Ah ok.


    Well perhaps make a note on it stating on later release, you may not see the All Users checkbox, in which case you can ignore it...?

    So I've been following along and reading these various articles you've linked me to. One of which was (when I eventually got) was speeding up Firefox, it says to look for this entry: browser.tabs.showSingleWindowModePrefs but such entry doesn't exist or no longer exist, so how does one follow this guide if it doesn't exist? The other two entries: network.http.pipelining and network.http.pipelining.maxrequests exist so I am able to change those values.
    My guess is that it is related to an older version of Firefox. If something should be working and it's not related to Firefox would have to go to the Firefox forums to ask those questions
    https://support.mozilla.org/en-US/kb...munity-support

    Ok, so I've started to make use of group policy settings(from reading the linked articles of course), how does this look? Check the attachment for the screenshot.Attachment 12635 Anything needs to change or add to it so I am more proactively protected from virus and malware? I notice VSSAdmin.exe is optional which doesn't really do much if you're not making use of system restore or any of that kind of stuff, like me as it's completely disabled to save space as I'm only on a 128GB SSD. All virus and malware can do to it is make it remove all restoration points, but since I don't have any and it's disabled, it's effectively mute....hahahaha
    screen shots didn't work. I would keep system restore enabled in case an event happened and you needed to restore to an earlier date. I know that after a while the older ones will be deleted allowing newer ones to be created.
    I leave group policies where they are, can be difficult to change later. At least your educating yourself on the inner workings of an operating system.

    I do make use of 'principle of least privilege'(unfortunately this doesn't really work well with windows XP as some legitimate programs/games throw a fit if you're not an admin so I guess I'll stay as admin but at least enforce the same group policy settings I have for my lappy?) so I only get access to stuff I usually want to access and no more so if a virus/malware does somehow get a hold of my account, I'm only on a limited account so all it can do is what all I can do, unless I accidentally give it admin privileges from a legitimate looking executable file....such as said game trainer......I'm still a bit confused as it shouldn't really need admin access to alter a game's memory.....speaking of which, hows the analyses going? Or are you guys completely different to the person on the other end of detections @ spybot.info that I submitted the zipped file to?
    I'm on the end of malware removal, I do know there are many people sending in samples daily so it might take a while to see and analyze files submitted and added to definitions.

    So in on of the posts, it says: Attachment 12636 I have Auslogics Boostspeed(and AVG PC Tuneup 2012 another program I've used in the past), and this program falls under that right, since it apparently also has a memory manager/optimizer/registry cleaner of sorts with it? So they are just a gimmick then? So I shouldn't really bother with these stuff and just be fine with only Ccleaner and a program to defrag HDDs and that's it for any cleaning and optimization? I remember reading something that it says it will just push those programs from memory into pagefile system, but if you don't have that(mine's disabled)....where does the memory allocation go to?

    The other tools from Boostspeeds are convenient at times, such as Disk Defrag, Startup Manager, Tweak Manager, Locked Files Manager, Uninstall Manager(used to use this but Revo replaces this as it's superior), and Internet Optimizer. So what about registry defrag, is that another unneeded optimization?

    I would have thought an optimization program like BoostSpeed is just a more comprehensive version of Ccleaner takes off where Ccleaner leaves as it would appear that BoostSpeeds picks up some more stuff that Ccleaner is wasn't able to pick up.

    My usual routine I used to follow but don't anymore or not as much now (coz I'm lazy! :P) was this:

    >Scan computer for virus/malware
    >Clean with Ccleaner
    >Further clean and optimize with BoostSpeed/PC TuneUp (which ever is installed)
    > Backup/move files/folders now that you they are virus/malware free
    >Profit
    Tools that go after cleaning the registry should actually be left alone. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
    If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you. Ones that take care of more simpler jobs are acceptable, defrag or boost speed by disabling startups can be used so that later you can change these items if needed.

    Hm, I have a question about using online scanners like that ESET one you wanted me to do; some people have suggested it's best ot be 100% offline and *then* scan for possible viruses and malware. So by having your computer connected and letting the online scanner do it's job, wouldn't any virus/malware that are active could very well have started to do some damage or phone home and then do some damage in some way whilst you're scanning? Is that a risk that the user has to take...? For example, say I get infected with Cryptolocker or something of this caliber, and I am still connected so ESET can do it's scan, so CryptoLocker goes around, encrypting all my files and then gets to the scanner and screws it up somehow, by forcing it to crash or just fail and then afterwards, it finishes off the computers whilst I am being confused as to what has happened, besides knowing ESET online scanner failed to scan the entire computer.

    Another question, should I use MVPS' HOSTS file or just keep using my own? Do take note that Spyware Blaster, Spybot Search and Destory and possibly other programs I have and myself included may have added additional entries to my own HOSTS file.

    And lastly but not lease: Is my computer now confirmed to be virus/malware free?
    I would keep the host files setup from SpyBot since it's updated more frequently.

    If malware is running, or calling home, it does it with all tools running to catch the malicious files to be cleaned. Sometimes by going into safemode a virus isn't working because of how few windows files run at that time and is a good time to try and run removal tools to take advantage of this.
    By the time we ask for an online scan, it's our hope we're going after remnants. Being connected to the internet makes no difference unless it was malware designed to make connections impossible.

    The design of the Crypto (variants) run regardless connected to the internet or not, even run hidden for a very short time by design then deletes it's own executable file. What it does behind the scenes isn't caught till the damage done.

    I think your computer is clean and your good to go.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #22
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    Quote Originally Posted by Juliet View Post
    My guess is that it is related to an older version of Firefox. If something should be working and it's not related to Firefox would have to go to the Firefox forums to ask those questions
    https://support.mozilla.org/en-US/kb...munity-support
    Oh alright, I'll go chase after them then.


    Quote Originally Posted by Juliet View Post
    screen shots didn't work. I would keep system restore enabled in case an event happened and you needed to restore to an earlier date. I know that after a while the older ones will be deleted allowing newer ones to be created.
    I leave group policies where they are, can be difficult to change later. At least your educating yourself on the inner workings of an operating system.
    Yes, they didn't work for me as well, said it was an invalid attachment, I'll upload it again here: My Group Policy settings.png Oh hang I see what's going on, I had this reply window open for so long, because I was reading the other articles so I could make one big post rather than post this and then later post again with more bits and pieces. It said I was logged out but I Control + C it before just in case. So I clicked the back button and then clicked reply to thread and then pasted the text and then clicked submit. The attachments must have deleted itself since it wasn't used within an hour.

    I've noticed that this also disables cmd(apparently command prompt is executed from the %appdata% directory? Since because when I allow it through there, it opens no problem, but when I disallow it , it says it's blocked, however it's executing the cmd.exe from the system32 directory?) the so I can't pull that up for testing things(for example, with this: http://www.howtogeek.com/howto/28609...dows/)....even adding C:\Windows\system32\cmd.exe and have it unrestricted still gives me an error saying it's disabled by group policy. Process Explorer no longer works either, says the 64-bit can't be executed. I've moved the folder from the desktop to C:\Program Files (x86)\ProcessExplorer\ and even added a line to it for unrestricted access and still gives me the same error(the folder only contains the 32-bit version, but upon executing the 32-bit one, the 64-bit file appears....). I've also notice even the default Windows Task Manager no longer opens unless I change the security level for %userprofile% from Disallowed to Unrestricted. I've tested it with it on and added the line: C:\Windows\system32\taskmgr.exe but still doesn't open.... What am I doing wrong? hahaha Here's what it currently looks like: Untitled.png The files in the Downloads folder of the profile executes fine so I must have got that rule correct, but what about these??


    Quote Originally Posted by Juliet View Post
    I'm on the end of malware removal, I do know there are many people sending in samples daily so it might take a while to see and analyze files submitted and added to definitions.
    Would I get a reply email back or I don't get anything back at all and I have to keep prodding them until I get some updates of the analyses? Hahaha


    Quote Originally Posted by Juliet View Post
    Tools that go after cleaning the registry should actually be left alone. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
    If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you. Ones that take care of more simpler jobs are acceptable, defrag or boost speed by disabling startups can be used so that later you can change these items if needed.
    Actually, Auslogics BoostSpeed's Registry Cleaner does have a backup option as you can see here in this screenshot: backup boostspeed registry cleaner.png So what about Registry Defrag, is that a good idea or not a good idea for this program to do it for me? I've done since I've known about, which was a few years ago and nothing bad has happened yet from placing my faith in BoostSpeeds' and PC Tune Up's Registry cleaners and defragers....maybe I got lucky or they are doing a decent job of it and you're just being cynical....?


    Quote Originally Posted by Juliet View Post
    I would keep the host files setup from SpyBot since it's updated more frequently.
    Ah ok, will do.

    Quote Originally Posted by Juliet View Post
    If malware is running, or calling home, it does it with all tools running to catch the malicious files to be cleaned. Sometimes by going into safemode a virus isn't working because of how few windows files run at that time and is a good time to try and run removal tools to take advantage of this.
    By the time we ask for an online scan, it's our hope we're going after remnants. Being connected to the internet makes no difference unless it was malware designed to make connections impossible.
    ...so I should try the ESET online scanner again but in Safe Mode with networking(so I can get internet because this is an online scanner unless this scanner can be ran offline?)...? It did find 4 items before it crashed/froze, which I'm now curious about.....hahahaha

    Quote Originally Posted by Juliet View Post

    The design of the Crypto (variants) run regardless connected to the internet or not, even run hidden for a very short time by design then deletes it's own executable file. What it does behind the scenes isn't caught till the damage done.
    Mmmmm.....but wouldn't it need to phone home to get some more instructions or possibly grab the payload?

    Are Crypto variants the only ones that deletes it's own infected file or can other malware/virus types have the ability to delete itself? Do majority of virus/malware delete themselves or do they leave the original infected file as is on the victim's computer? I would guess so, because they wouldn't be that dumb as to leave the original source of infection available in view.....with that said, that game trainer I downloaded, deleting itself at random, whenever I'm not watching......could it be infected but none of the scanners I or you use picked it up? Or could it possibly be an outside interference, maybe I got RAT'd(If I got the abbreviation right) and someone has complete control over my computer now but does so very discretely so I do not know and has deleted the trainer file whilst I'm not looking....?

    I don't know...I'm starting to not like this file....randomly and mysteriously deleting itself, I think I won't add this to my backup drive(in case it does something to that in which all my backups are screwed! hahaha), despite every scanner I've used, including virustotal.com comes clean..... XP

    Well I suppose if a crypto was running on a really ancient computer(such as a P4 or P3, or even P2 for that matter, computer), it could be caught as you would know that the computer is running slower than usual.......

    Quote Originally Posted by Juliet View Post
    I think your computer is clean and your good to go.
    Cool

  3. #23
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I'm going to try and answers these questions one by one with the information I have.

    My Group Policy settings ==> I think, these policies have been set in place by your computers Kaspersky Internet Security software

    I think it's focus is to stop an .exe from running in APP data folder due to techniques used by malware.

    ~~~
    I'm on the end of malware removal, I do know there are many people sending in samples daily so it might take a while to see and analyze files submitted and added to definitions.
    Would I get a reply email back or I don't get anything back at all and I have to keep prodding them until I get some updates of the analyses? Hahaha
    They do not answer back.

    Actually, Auslogics BoostSpeed's Registry Cleaner does have a backup option as you can see here in this screenshot: backup boostspeed registry cleaner.png So what about Registry Defrag, is that a good idea or not a good idea for this program to do it for me? I've done since I've known about, which was a few years ago and nothing bad has happened yet from placing my faith in BoostSpeeds' and PC Tune Up's Registry cleaners and defragers....maybe I got lucky or they are doing a decent job of it and you're just being cynical.
    I am being informative. If your being lucky then good but many haven't. Maybe their tools are becoming better at what they proclaim to do, but one little mistake can cause one little catastrophe. I really can't give information on registry cleaners or defraggers other then what I have previously posted since I don't use them....you want to continue doing so, your option.

    so I should try the ESET online scanner again but in Safe Mode with networking(so I can get internet because this is an online scanner unless this scanner can be ran offline?)...? It did find 4 items before it crashed/froze, which I'm now curious about
    certainly

    The design of the Crypto (variants) run regardless connected to the internet or not, even run hidden for a very short time by design then deletes it's own executable file. What it does behind the scenes isn't caught till the damage done.
    Mmmmm.....but wouldn't it need to phone home to get some more instructions or possibly grab the payload?
    No.

    Are Crypto variants the only ones that deletes it's own infected file or can other malware/virus types have the ability to delete itself? Do majority of virus/malware delete themselves or do they leave the original infected file as is on the victim's computer? I would guess so, because they wouldn't be that dumb as to leave the original source of infection available in view.....with that said, that game trainer I downloaded, deleting itself at random, whenever I'm not watching......could it be infected but none of the scanners I or you use picked it up? Or could it possibly be an outside interference, maybe I got RAT'd(If I got the abbreviation right) and someone has complete control over my computer now but does so very discretely so I do not know and has deleted the trainer file whilst I'm not looking....?
    As to how many or confined to a specific infection on deleting itself, will have to remain unanswered, no idea if that info is available.
    We do find malicious running .exe's, .sys's and .dll's that can be considered left behind and depending who/what created it originally would I think depends on their level of knowledge.

    I have no idea about the game trainer why it deletes itself. Does that game have a forum for help topics?
    Locate the .exe and run it through Virus total.....
    IF, someone had control over your computer other then yourself, you'd know it.


    One last thing we can try is run a tool to check for errors that might point to items not working as they should

    This repair may take some hours !!!

    Tweaking.com - Windows Repair All-In-One (Portable)

    - Download Windows Repair All-In-One (Portable Version) from here.

    - Extract tweaking.com_windows_repair_aio.zip to your Desktop.

    - Disable all your antivirus and antimalware software - see how to do that here.
    - Right click on and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
    (Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

    - A window will appear. Click Step 2.


    - Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

    - Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

    - Go to Step 3, then click Check in the See If Check Disk Is Needed.

    - If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.


    - Go to Step 4, then click Do It.


    - Go to Step 5. Under System Restore click Create.


    - Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.


    - By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop.

    Try the above and check for improvements.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #24
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    Sorry, I've been busy and haven't gotten around to do this yet, well I have now.

    Quote Originally Posted by Juliet View Post
    I'm going to try and answers these questions one by one with the information I have.

    My Group Policy settings ==> I think, these policies have been set in place by your computers Kaspersky Internet Security software

    I think it's focus is to stop an .exe from running in APP data folder due to techniques used by malware.
    No no, Kaspersky didnt make this, I did, before this - Group Policy wasn't even enabled. Just wanted to see what you think about it is all and to get task manager and cmd working for whilst having all that locked down. ☺

    Quote Originally Posted by Juliet View Post
    ~~~

    They do not answer back.
    Then how do I know it's done, besides waiting for god knows how long until it I re-scan it and it either picks up or doesn't which then further makes me wonder if they even analyzed it at all or not....

    Quote Originally Posted by Juliet View Post
    certainly
    Yep I'll give this a run after I post this message.

    Quote Originally Posted by Juliet View Post
    I have no idea about the game trainer why it deletes itself. Does that game have a forum for help topics?
    Locate the .exe and run it through Virus total.....
    There is no forum topic about it, it's just hosted on some download page, here's some more info:
    MD5: 0bd2a9acf46e2a17976d43f55d6f9506
    SHA256: e7568c8406fc965ff30834e56dac95bf41eebcbe627afd60f8c8559389d312bd
    http://www.gamepatchplanet.com/game/...RlNDFjMTkzIjt9
    password: gamepatchplanet

    http://www.gamepatchplanet.com/game/oil_rush
    Oil Rush v1.0 & v1.01 +2 Trainer
    | File Size: 403 KB | File Format: .rar | Language Version: n/a | Author: Burmass | Download

    Info
    Trainer options:
    - Infinite Oil
    - Infinite Skill Points
    Virustotal scan(I've re-scanned today): https://www.virustotal.com/en/file/e...is/1471411160/ and https://www.virustotal.com/en/file/e...is/1471411208/ and the actual exe file: https://www.virustotal.com/en/file/f...is/1471411257/

    The website I got it from, if you follow the gamepatchplanent.com link and it's one of those quoted descriptons if you scroll down far enough, and then once you go download it, they claim their uploads are virus/malware free, or else they wouldn't upload it.


    Quote Originally Posted by Juliet View Post
    IF, someone had control over your computer other then yourself, you'd know it.
    Well they could you know just be watching and doing nothing at all....they can just watch what I'm doing on screen, can't they?


    Quote Originally Posted by Juliet View Post
    One last thing we can try is run a tool to check for errors that might point to items not working as they should

    This repair may take some hours !!!
    Ok so I did all that. Screenie for step 2: Scan complete no errors found.png

    @ Step 3, it said it found some errors, but I was away when they did the scan during the reboot, [strike]do you know where they keep their chkdsk log?[/strike]

    @ Step 4 It found some corrupt files and had to repair those.

    In the end, [strike]I never got a log file.....you said I would get one on the desktop, I don't see any...[/strike] Nevermind, I'm an idiot, you said logs folder within its folder, not flat out on the desktop. hahaha well here are those logs if you wanna read: chkdsk_log.txtchkdsk_full_log.txt And of course your upload fails to upload this zipped folder....And I'll paste the rest here because either file size limit or and too lazy to upload files one by one because you don't have a multi-loader thing:

    _Windows_Repair_Log.txt
    Code:
    Tweaking.com - Windows Repair v3.9.9
    --------------------------------------------------------------------------------
    
    System Variables
    --------------------------------------------------------------------------------
    OS: Windows 7 Professional
    OS Architecture: 64-bit
    OS Version: 6.1.7601
    OS Service Pack: Service Pack 1
    Computer Name: RAIKOU
    Windows Drive: C:\
    Windows Path: C:\Windows
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\Manectric
    Current Profile SID: S-1-5-21-2798084944-1211984927-2140173799-1000
    Current Profile Classes: S-1-5-21-2798084944-1211984927-2140173799-1000_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\Windows\ServiceProfiles
    Local Settings AppData: C:\Users\Manectric\AppData\Local
    --------------------------------------------------------------------------------
    
    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:09:45
    
    Process Count: 84
    Commit Total: 3.71 GB
    Commit Limit: 15.92 GB
    Commit Peak: 3.72 GB
    Handle Count: 26180
    Kernel Total: 658.23 MB
    Kernel Paged: 432.42 MB
    Kernel Non Paged: 225.82 MB
    System Cache: 6.07 GB
    Thread Count: 1201
    --------------------------------------------------------------------------------
    
    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 15.92 GB
    Memory Used: 3.69 GB(23.1847%)
    Memory Avail.: 12.23 GB
    --------------------------------------------------------------------------------
    
    Cleaning Memory Before Starting Repairs...
    
    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 15.92 GB
    Memory Used: 3.31 GB(20.8039%)
    Memory Avail.: 12.61 GB
    --------------------------------------------------------------------------------
    
    Starting Repairs...
       Started at (17/08/2016 12:52:26 PM)
    
    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 162
     
    01 - Reset Registry Permissions
       Restore Windows 7/8/10 Default Registry Permissions
       Start (17/08/2016 12:52:27 PM)
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
    Done,  0.14 seconds.
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
    Done,  0.16 seconds.
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\hklm.7z
    Done,  1.36 seconds.
    
       Running Repair Under System Account
       Done (17/08/2016 12:55:18 PM)
    
    Reset File Permissions: C:
       C: & Sub Folders
       Start (17/08/2016 12:55:18 PM)
    
       Running Repair Under Current User Account
       Done (17/08/2016 12:57:17 PM)
    
    Reset File Permissions
       Restore Windows 7/8/10 Default File Permissions
       Start (17/08/2016 12:57:17 PM)
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\default.7z
    Done,  0.13 seconds.
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\profile.7z
    Done,  0.13 seconds.
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\program_files.7z
    Done,  0.16 seconds.
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\program_files_x86.7z
    Done,  0.13 seconds.
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\programdata.7z
    Done,  0.13 seconds.
    
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\windows.7z
    Done,  1.14 seconds.
    
       Running Repair Under Current User Account
       Done (17/08/2016 12:58:06 PM)
    
    Reset File Permissions: Cleanup
       Repairing Restricted Folders Permissions To Avoid Infinite Loops
       Start (17/08/2016 12:58:06 PM)
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 12:58:09 PM)
    
    03 - Reset Service Permissions
       Start (17/08/2016 12:58:09 PM)
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 12:58:21 PM)
    
    04 - Register System Files
       Start (17/08/2016 12:58:21 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 12:59:28 PM)
    
    05 - Repair WMI
       Start (17/08/2016 12:59:28 PM)
    
       Starting Security Center So We Can Export The Security Info.
    
       Exporting Antivirus Info...
       Kaspersky Internet Security Exported.
    
       Exporting AntiSpyware Info...
       Kaspersky Internet Security Exported.
       Windows Defender Exported.
    
       Exporting 3rd Party Firewall Info...
       Kaspersky Internet Security Exported.
    
       Running Repair Under Current User Account
       Done (17/08/2016 1:00:37 PM)
    
    06 - Repair Windows Firewall
       Start (17/08/2016 1:00:38 PM)
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
    Done,  0.14 seconds.
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:01:15 PM)
    
    07 - Repair Internet Explorer
       Start (17/08/2016 1:01:15 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:01:45 PM)
    
    08 - Repair MDAC/MS Jet
       Start (17/08/2016 1:01:45 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:01:59 PM)
    
    09 - Repair Hosts File
       Start (17/08/2016 1:02:00 PM)
       Running Repair Under System Account
       Done (17/08/2016 1:02:01 PM)
    
    10 - Remove Policies Set By Infections
       Start (17/08/2016 1:02:01 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:02:05 PM)
    
    11 - Repair Start Menu Icons Removed By Infections
       Start (17/08/2016 1:02:05 PM)
       Running Repair Under System Account
       Done (17/08/2016 1:02:06 PM)
    
    12 - Repair Icons
       Start (17/08/2016 1:02:06 PM)
       Running Repair Under Current User Account
       Done (17/08/2016 1:02:07 PM)
    
    13 - Repair Network
       Start (17/08/2016 1:02:07 PM)
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
    Done,  0.14 seconds.
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:02:27 PM)
    
    14 - Remove Temp Files
       Start (17/08/2016 1:02:27 PM)
       Running Repair Under System Account
       Done (17/08/2016 1:02:28 PM)
    
    15 - Repair Proxy Settings
       Start (17/08/2016 1:02:28 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:02:30 PM)
    
    17 - Repair Windows Updates
       Start (17/08/2016 1:02:30 PM)
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
    Done,  0.14 seconds.
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
       Done (17/08/2016 1:03:14 PM)
    
    18 - Repair CD/DVD Missing/Not Working
       Start (17/08/2016 1:03:14 PM)
       iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
       Done (17/08/2016 1:03:14 PM)
    
    19 - Repair Volume Shadow Copy Service
       Start (17/08/2016 1:03:14 PM)
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
    Done,  0.14 seconds.
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:03:34 PM)
    
    20 - Repair Windows Sidebar/Gadgets
       Start (17/08/2016 1:03:34 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:03:37 PM)
    
    21 - Repair MSI (Windows Installer)
       Start (17/08/2016 1:03:38 PM)
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
    Done,  0.13 seconds.
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:03:48 PM)
    
    22 - Repair Windows Snipping Tool
       Start (17/08/2016 1:03:48 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:03:50 PM)
    
    23.01 - Repair bat Association
       Start (17/08/2016 1:03:50 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:03:52 PM)
    
    23.02 - Repair cmd Association
       Start (17/08/2016 1:03:52 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:03:56 PM)
    
    23.03 - Repair com Association
       Start (17/08/2016 1:03:56 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:03:58 PM)
    
    23.04 - Repair Directory Association
       Start (17/08/2016 1:03:58 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:00 PM)
    
    23.05 - Repair Drive Association
       Start (17/08/2016 1:04:00 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:02 PM)
    
    23.06 - Repair exe Association
       Start (17/08/2016 1:04:02 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:04 PM)
    
    23.07 - Repair Folder Association
       Start (17/08/2016 1:04:04 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:06 PM)
    
    23.08 - Repair inf Association
       Start (17/08/2016 1:04:06 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:09 PM)
    
    23.09 - Repair lnk (Shortcuts) Association
       Start (17/08/2016 1:04:09 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:11 PM)
    
    23.10 - Repair msc Association
       Start (17/08/2016 1:04:11 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:13 PM)
    
    23.11 - Repair reg Association
       Start (17/08/2016 1:04:13 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:15 PM)
    
    23.12 - Repair scr Association
       Start (17/08/2016 1:04:15 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:17 PM)
    
    24 - Repair Windows Safe Mode
       Start (17/08/2016 1:04:17 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:19 PM)
    
    25 - Repair Print Spooler
       Start (17/08/2016 1:04:19 PM)
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
    Done,  0.14 seconds.
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:35 PM)
    
    26 - Restore Important Windows Services
       Start (17/08/2016 1:04:35 PM)
    
    Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
    Done,  0.13 seconds.
    
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:04:52 PM)
    
    27 - Set Windows Services To Default Startup
       Start (17/08/2016 1:04:52 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:05:00 PM)
    
       Skipping Repair.
       Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
       Current version: 6.1.7601
    
       Skipping Repair.
       Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
       Current version: 6.1.7601
    
       Skipping Repair.
       Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
       Current version: 6.1.7601
    
    31 - Repair Windows 'New' Submenu
       Start (17/08/2016 1:05:00 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:05:02 PM)
    
    32 - Restore UAC (User Account Control) Settings
       Start (17/08/2016 1:05:02 PM)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (17/08/2016 1:05:04 PM)
    
    33 - Repair Performance Counters
       Start (17/08/2016 1:05:04 PM)
       Running Repair Under Current User Account
       Done (17/08/2016 1:05:13 PM)
    
    Cleaning up empty logs...
    
    All Selected Repairs Done.
       Done at (17/08/2016 1:05:13 PM)
       Total Repair Time: 00:12:49
    
    
    ...YOU MUST RESTART YOUR SYSTEM...
    What does this mean?413 Request Entity Too Large.png Too much input? lol your forum server overloaded! hahaha Alright, I post the rest in the following post.....
    Attached Files Attached Files
    Last edited by tashi; 2016-08-17 at 20:54. Reason: removed tutorial quotes, not necessary and takes up bandwidth.

  5. #25
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    Alright, screw it, error 413 again, I'll just zip up the remaining txt files for you so you can go download them all in one go to read, here's the link: http://s000.tinyupload.com/index.php...04109878645943 and here's the delete link once you're done with it: http://s000.tinyupload.com/index.php...60597924923548

    Thanks.

    Time to scan the lappy with ESET Online scanner in Safe mode with networking.

  6. #26
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    OK, some of this I can help with and some I can't.

    Then how do I know it's done, besides waiting for god knows how long until it I re-scan it and it either picks up or doesn't which then further makes me wonder if they even analyzed it at all or not....
    Since I do not work with SpyBot in such a way, I will have to refer you to a sub forum so you can ask that question
    https://forums.spybot.info/forumdisplay.php?4-Spybot


    ~~~~
    Virustotal scan(I've re-scanned today): https://www.virustotal.com/en/file/e...is/1471411160/ and https://www.virustotal.com/en/file/e...is/1471411208/ and the actual exe file: https://www.virustotal.com/en/file/f...is/1471411257/

    The website I got it from, if you follow the gamepatchplanent.com link and it's one of those quoted descriptons if you scroll down far enough, and then once you go download it, they claim their uploads are virus/malware free, or else they wouldn't upload it.
    File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass.rar <--did not show signs of infection.
    File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass(Extracted).rar <-- did
    File name: Oil Rush V1.0_1.01 2 Trn_2.exe <-- did

    You may want to remove those.

    IF, someone had control over your computer other then yourself, you'd know it.
    Well they could you know just be watching and doing nothing at all....they can just watch what I'm doing on screen, can't they?
    yes, they could just sit and watch but no idea why someone would want to do that since it would be a huge waste of time on their side.
    Jealous girlfriend/boyfriend who are spying for information to see who contacts who and whats being said....different scopes could be used with different scenarios. But with all you know I think you'd indentify something quickly on your machine that wasn't supposed to be there.
    My opinion, someone hacks into your computer it's usually for one purpose, collect data for profit.
    If your machine is not used for any type of banking or use of PayPal, game results that add to money points or profits, they'd move on.

    The ChkDsk issues,
    It might be a false positive. Read this
    http://www.tweaking.com/forums/index...ic,2546.0.html


    try performing Last Known Good Configuration?
    https://support.microsoft.com/en-us/...s?os=windows-7

    ~~~~
    For cmd and task manager problems I'll have to refer you to a different help forum since these items are out of my realm of help
    Microsoft Windows™
    https://forums.whatthetech.com/index.php?showforum=119
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #27
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    Quote Originally Posted by Juliet View Post
    OK, some of this I can help with and some I can't.


    Since I do not work with SpyBot in such a way, I will have to refer you to a sub forum so you can ask that question
    https://forums.spybot.info/forumdisplay.php?4-Spybot
    Oh ok, I can just add a reply to my original thread in question over there asking what the progress is so I don't have to start another thread.


    Quote Originally Posted by Juliet View Post
    ~~~~


    File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass.rar <--did not show signs of infection.
    File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass(Extracted).rar <-- did
    File name: Oil Rush V1.0_1.01 2 Trn_2.exe <-- did

    You may want to remove those.
    The first one didn't come with any sign of infections is because it's password protected and as far as a I know, no anti-virus/malware scanners are able to circum/transcend that(without knowing the password if it has the capability of scanning password protected files - but I don't know any programs that either brute force their way to scan a password protected achive/file for any infections or allow you to input the password before scanning any password protected archives/files) and thus cannot actually scan the real contents of the file....

    The second rar file is the file that got extracted from the password protected rar achive that gamepatchplanet made and this file is not password protected.....

    And the third file, which the game trainer that I wanted, is not password protected either. Now the download claims there are no viruses/malware in their files and believes any that is picked up are to be false positive, do you not think that could be why the many flags? Huh, I just extracted that file not a some hrs ago(to re-scan for virustotal.com and I never deleted it too) and now it's disappeared on me again! How suspicious.....maybe those flags aren't false positives....but I will find that out when I get them all to analyse the file and report back to me on what exactly it does.....

    Yes, I will delete those two offending files for now......

    Quote Originally Posted by Juliet View Post
    yes, they could just sit and watch but no idea why someone would want to do that since it would be a huge waste of time on their side.
    Jealous girlfriend/boyfriend who are spying for information to see who contacts who and whats being said....different scopes could be used with different scenarios. But with all you know I think you'd indentify something quickly on your machine that wasn't supposed to be there.
    My opinion, someone hacks into your computer it's usually for one purpose, collect data for profit.
    If your machine is not used for any type of banking or use of PayPal, game results that add to money points or profits, they'd move on.
    Hmmm, yes probably right, perhaps I'm just being paranoid now....I do make use of paypal and banking on this machine, but I don't play in tournaments so I have no game results...should I change password or you think I am safe that there's no keylogger installed? :P

    Quote Originally Posted by Juliet View Post
    The ChkDsk issues,
    It might be a false positive. Read this
    http://www.tweaking.com/forums/index...ic,2546.0.html
    Ah I see.


    Quote Originally Posted by Juliet View Post
    try performing Last Known Good Configuration?
    https://support.microsoft.com/en-us/...s?os=windows-7
    What would this fix for me? Would this undo the changes Tweak program did to my machine?
    Quote Originally Posted by Juliet View Post
    ~~~~
    For cmd and task manager problems I'll have to refer you to a different help forum since these items are out of my realm of help
    Microsoft Windows™
    https://forums.whatthetech.com/index.php?showforum=119
    Alright, guess I'll make an account on there and post a question about my group policy settings....

    Ok, I have left the machine on for overnight scanning with ESET Online scanner, after I saw it white screened whilst scanning drive E - perhaps it is still scanning but not reporting back the status via its own UI for some reason; or perhaps it has stoppe scanning and wants me to pick an option, but I can't because the interface is invisible(though you can clearly see on the taskbar)!). The same result happened: The GUI becomes invisible or is easily overwritten from programs that come on top(after getting to drive E: and scanning some of my games), however checking task manager, it appears to be running and not "Not responding" status......here, a screenshot: running.png I am not sure what is happening, is it still scanning or has the scanner locked up but program reports still running in task manager? Has this sort of thing ever happened before?

  8. #28
    Member
    Join Date
    Jan 2016
    Posts
    65

    Question

    Just used Currports to check what possible hidden processes that might be running and connected to the net: currports.pngcurrports1.png

    So if there were to be any remote connections, whether hidden or not, it would show up here? Do you see anything suspicious? I don't see anything suspicious with my amateur virus/malware knowledge.....hahahaa

  9. #29
    Member
    Join Date
    Jan 2016
    Posts
    65

    Question

    Here you go, another angle at why is the ESET Online scanner UI invisible?!?!?Untitled.png

  10. #30
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Oh ok, I can just add a reply to my original thread in question over there asking what the progress is so I don't have to start another thread.
    I know you'll have to create a new topic in that forum or they wont know your asking a question.
    If you want to add the link to this one I'm sure it would be OK ...

    Hmmm, yes probably right, perhaps I'm just being paranoid now....I do make use of paypal and banking on this machine, but I don't play in tournaments so I have no game results...should I change password or you think I am safe that there's no keylogger installed? :P
    Any time you suspect something suspicious you should consider changing passwords. I know people that change passwords every couple of weeks as a security standard.

    try performing Last Known Good Configuration?
    https://support.microsoft.com/en-us/...s?os=windows-7
    What would this fix for me? Would this undo the changes Tweak program did to my machine?
    If something on the machine isn't working correctly it's possible, sometimes, to use Last Known Good Configuration and correct the situation.
    It's not a cure all but just a suggestion.

    Just used Currports to check what possible hidden processes that might be running and connected to the net: currports.pngcurrports1.png
    So if there were to be any remote connections, whether hidden or not, it would show up here? Do you see anything suspicious?
    I would think it would.

    why is the ESET Online scanner UI invisible?
    Got me. No idea why.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •