Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 60

Thread: Please check my computer for sny possible further infection

  1. #11
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    Quote Originally Posted by Juliet View Post
    I think we're doing pretty good here, how's the computer now?
    It's fine thanks. ☺ Though still would like to know what those four threats ESET found on the C drive........

    Quote Originally Posted by Juliet View Post
    For the icons
    Yeah after I shutdown the lappy down for the day and booted it up the next morning, the icons returned so I guess it was a one off thing...weird.... So I suppose I don't need to do all this....
    Last edited by tashi; 2016-08-09 at 16:51. Reason: Removed full quotes,saves bandwidth.

  2. #12
    Member
    Join Date
    Jan 2016
    Posts
    65

    Default

    Oh yeah forgot to add this, did you want me to quarantine or delete the "SecHijack (A)" that was found after EMSISOFT finished the scan....? Um, I guess I'll just quarantine it for now.

  3. #13
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Quote Originally Posted by Nnewb View Post
    Oh yeah forgot to add this, did you want me to quarantine or delete the "SecHijack (A)" that was found after EMSISOFT finished the scan....? Um, I guess I'll just quarantine it for now.
    Probably not necessary.

    the IFEO key is used to force a program to run under a debugger regardless of how it is launched. Security scanners cannot distinguish between "good" and "malicious" use of powerful programs such as GMP, therefore they may alert you or even automatically remove them. That does not mean it's malware.
    because some infections use that to prevent you from running certain programs (such as anti-virus software)

    Looks like we can remove tools and quarantine folders now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Member
    Join Date
    Jan 2016
    Posts
    65

    Default

    Quote Originally Posted by Juliet View Post
    Probably not necessary.

    the IFEO key is used to force a program to run under a debugger regardless of how it is launched. Security scanners cannot distinguish between "good" and "malicious" use of powerful programs such as GMP, therefore they may alert you or even automatically remove them. That does not mean it's malware.
    because some infections use that to prevent you from running certain programs (such as anti-virus software)
    Oh well I noticed when I did that, Process Explorer no longer shows when I open Task Manager, but the default windows one. Well I fixed that by making Process Explorer the default Task Manager again. ☺

    Quote Originally Posted by Juliet View Post
    Looks like we can remove tools and quarantine folders now?
    Yep, tell me which to remove an which to quarantine.

  5. #15
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ************************************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



    Want to help others? Join the ClassRoom and learn how.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Member
    Join Date
    Jan 2016
    Posts
    65

    Default

    Quote Originally Posted by Juliet View Post
    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).
    Virustotal says it found a trojan? I'm guessing these are false positives? Well I've let those three companies know and hopefully add it to their whitelist if they deem it trojan free.

    I can't just uninstall the programs myself without using DelFix? I do have Revo Uninstaller Pro which is a much respected complete uninstaller for anything that's installed....
    Quote Originally Posted by Juliet View Post
    ************************************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



    Want to help others? Join the ClassRoom and learn how.
    I thought the programs I already have can protect against ransomeware...? So apparently I need CryptoPrevent for the ransomeware part because none of the security software I have installed can detect and delete these kinds of malware? I once had KIS 2016 detect a Crypto infection whilst none of the other programs(Malwarebytes, SUPERAntiSpyware and Spybot) could detect and remove.

    I used to have Anti-Exploit running, but gave up on that idea because I didn't want to bloat my system with unnecessary security programs....

    Already got Malwarebytes, NoScript, Sandboxie, Spywareblaster and WOT. Unchecky sounds like an unecessary program to have, so does adblock because Noscript pretty much does that too and more.... As for Secunia PSI, KIS 2016 has a vulnerability scan integrated with its security suite, so yeah...

    As for the rest of the links, hmmm interesting reads.....

  7. #17
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Virustotal says it found a trojan? I'm guessing these are false positives? Well I've let those three companies know and hopefully add it to their whitelist if they deem it trojan free.

    I can't just uninstall the programs myself without using DelFix? I do have Revo Uninstaller Pro which is a much respected complete uninstaller for anything that's installed....
    Found a trojan where?

    You can uninstall the programs yourself without using DelFix.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Member
    Join Date
    Jan 2016
    Posts
    65

    Default

    http://users.telenet.be/bluepatchy/m...ine%20Scanners

    ^ Needs to be updated, ESET isn't on there as an online scanner Or maybe it doesn't do full system scans and is just a quickie?

    Online Armor is no longer viable because Tall Emu got bought out and then Emisoft or whoever it is(Emsisoft that's the one, I just googled Online Armor), took over and then dumped it altogether. Shame really, I liked the HIPS feature of it; at the time of it's life, I was about to grab a lifetime license for it, but forgot about it and then later find that it got bought out and then eventually dumped altogether)

    Yeah no there's lots of stuff to update that page on whoever owns the page because it's outdated.... Also some of the links you provided linked me to other page(s) which links to other info which are no either dead or nonexistent, which is shame because I was gonna follow up on some of those stuff....

    Quote Originally Posted by Juliet View Post
    Found a trojan where?

    You can uninstall the programs yourself without using DelFix.
    Here: https://www.virustotal.com/en/file/8...is/1470900766/ I hyperlinked it with the word virustotal, I guess you must have overlooked it. Here's a screenshot of it:
    Capture.PNG

    Also you never told me why I can't(or shouldn't according to the quote) run said programs in the downloads folder or the temp folder.....is it because it's easier to keep track? If not please explain, because usually I just put them in an empty folder which in my eyes is easier to keep track....and my downloads folder is usually empty.......

    And the other one about the All Users check here(which doesn't exist):where's all users.png which needs to be fixed up because it's still there....I'm guessing it used to be there from previous versions of the program?

  9. #19
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Quote Originally Posted by Nnewb View Post
    http://users.telenet.be/bluepatchy/m...ine%20Scanners

    ^ Needs to be updated, ESET isn't on there as an online scanner Or maybe it doesn't do full system scans and is just a quickie?
    Online Armor is no longer viable because Tall Emu got bought out and then Emisoft or whoever it is(Emsisoft that's the one, I just googled Online Armor), took over and then dumped it altogether. Shame really, I liked the HIPS feature of it; at the time of it's life, I was about to grab a lifetime license for it, but forgot about it and then later find that it got bought out and then eventually dumped altogether)
    Yeah no there's lots of stuff to update that page on whoever owns the page because it's outdated.... Also some of the links you provided linked me to other page(s) which links to other info which are no either dead or nonexistent, which is shame because I was gonna follow up on some of those stuff....
    Here: https://www.virustotal.com/en/file/8...is/1470900766/ I hyperlinked it with the word virustotal, I guess you must have overlooked it. Here's a screenshot of it:
    Capture.PNG
    Also you never told me why I can't(or shouldn't according to the quote) run said programs in the downloads folder or the temp folder.....is it because it's easier to keep track? If not please explain, because usually I just put them in an empty folder which in my eyes is easier to keep track....and my downloads folder is usually empty.......
    And the other one about the All Users check here(which doesn't exist):where's all users.png which needs to be fixed up because it's still there....I'm guessing it used to be there from previous versions of the program?
    I'll try to get in contact with the web owner to update that page.

    ~~
    Virus total has done this to the tool before and I can assure you it's a false positive.
    I've run it on my own machine and I can confirm this.

    ~~~~
    Running tools from a temp folder can run into trouble, we most often direct the tool(s) through specialized scripts to empty temp folders thus anything needed for backup or some other function would be lost.
    Now, running from a specialized folder can be used but, in most users they don't always know how or understand to do this or would be lost trying to run or locate FRST to that designated folder.
    ~~~
    All Users check did at one time have a button on the innerface of the tool but since has been updated with the most current version.
    There are those who downloaded and used FRST in the past that still have the tool on their computers and would see this. But, not recommended to not uninstall/delete the tool when cleaned.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #20
    Member
    Join Date
    Jan 2016
    Posts
    65

    Default

    Quote Originally Posted by Juliet View Post
    I'll try to get in contact with the web owner to update that page.

    ~~
    Virus total has done this to the tool before and I can assure you it's a false positive.
    I've run it on my own machine and I can confirm this.

    ~~~~
    Running tools from a temp folder can run into trouble, we most often direct the tool(s) through specialized scripts to empty temp folders thus anything needed for backup or some other function would be lost.
    Now, running from a specialized folder can be used but, in most users they don't always know how or understand to do this or would be lost trying to run or locate FRST to that designated folder.
    ~~~
    Ah ok.
    Quote Originally Posted by Juliet View Post
    All Users check did at one time have a button on the innerface of the tool but since has been updated with the most current version.
    There are those who downloaded and used FRST in the past that still have the tool on their computers and would see this. But, not recommended to not uninstall/delete the tool when cleaned.
    Well perhaps make a note on it stating on later release, you may not see the All Users checkbox, in which case you can ignore it...?

    So I've been following along and reading these various articles you've linked me to. One of which was (when I eventually got) was speeding up Firefox, it says to look for this entry: browser.tabs.showSingleWindowModePrefs but such entry doesn't exist or no longer exist, so how does one follow this guide if it doesn't exist? The other two entries: network.http.pipelining and network.http.pipelining.maxrequests exist so I am able to change those values.

    Ok, so I've started to make use of group policy settings(from reading the linked articles of course), how does this look? Check the attachment for the screenshot.Attachment 12635 Anything needs to change or add to it so I am more proactively protected from virus and malware? I notice VSSAdmin.exe is optional which doesn't really do much if you're not making use of system restore or any of that kind of stuff, like me as it's completely disabled to save space as I'm only on a 128GB SSD. All virus and malware can do to it is make it remove all restoration points, but since I don't have any and it's disabled, it's effectively mute....hahahaha

    I do make use of 'principle of least privilege'(unfortunately this doesn't really work well with windows XP as some legitimate programs/games throw a fit if you're not an admin so I guess I'll stay as admin but at least enforce the same group policy settings I have for my lappy?) so I only get access to stuff I usually want to access and no more so if a virus/malware does somehow get a hold of my account, I'm only on a limited account so all it can do is what all I can do, unless I accidentally give it admin privileges from a legitimate looking executable file....such as said game trainer......I'm still a bit confused as it shouldn't really need admin access to alter a game's memory.....speaking of which, hows the analyses going? Or are you guys completely different to the person on the other end of detections @ spybot.info that I submitted the zipped file to?

    So in on of the posts, it says: Attachment 12636 I have Auslogics Boostspeed(and AVG PC Tuneup 2012 another program I've used in the past), and this program falls under that right, since it apparently also has a memory manager/optimizer/registry cleaner of sorts with it? So they are just a gimmick then? So I shouldn't really bother with these stuff and just be fine with only Ccleaner and a program to defrag HDDs and that's it for any cleaning and optimization? I remember reading something that it says it will just push those programs from memory into pagefile system, but if you don't have that(mine's disabled)....where does the memory allocation go to?

    The other tools from Boostspeeds are convenient at times, such as Disk Defrag, Startup Manager, Tweak Manager, Locked Files Manager, Uninstall Manager(used to use this but Revo replaces this as it's superior), and Internet Optimizer. So what about registry defrag, is that another unneeded optimization?

    I would have thought an optimization program like BoostSpeed is just a more comprehensive version of Ccleaner takes off where Ccleaner leaves as it would appear that BoostSpeeds picks up some more stuff that Ccleaner is wasn't able to pick up.

    My usual routine I used to follow but don't anymore or not as much now (coz I'm lazy! :P) was this:

    >Scan computer for virus/malware
    >Clean with Ccleaner
    >Further clean and optimize with BoostSpeed/PC TuneUp (which ever is installed)
    > Backup/move files/folders now that you they are virus/malware free
    >Profit

    Hm, I have a question about using online scanners like that ESET one you wanted me to do; some people have suggested it's best ot be 100% offline and *then* scan for possible viruses and malware. So by having your computer connected and letting the online scanner do it's job, wouldn't any virus/malware that are active could very well have started to do some damage or phone home and then do some damage in some way whilst you're scanning? Is that a risk that the user has to take...? For example, say I get infected with Cryptolocker or something of this caliber, and I am still connected so ESET can do it's scan, so CryptoLocker goes around, encrypting all my files and then gets to the scanner and screws it up somehow, by forcing it to crash or just fail and then afterwards, it finishes off the computers whilst I am being confused as to what has happened, besides knowing ESET online scanner failed to scan the entire computer.

    Another question, should I use MVPS' HOSTS file or just keep using my own? Do take note that Spyware Blaster, Spybot Search and Destory and possibly other programs I have and myself included may have added additional entries to my own HOSTS file.

    And lastly but not lease: Is my computer now confirmed to be virus/malware free?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •