jpg files changed on the same date and reported as unknown ADS

S

spypcsense

New member
Hi All
Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014. Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.
Thanks for any help you can give.
 
Hello spypcsense, :welcome:

spypcsense said:
Hi All
Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014.
Click to expand...

This information alone does not raise a flag, changes may reflect when the user accessed their files. :)


spypcsense said:
Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.
Click to expand...

Please list:
Version of Spybot: http://www.safer-networking.org/shop/
The operating system
Other security programs installed
Any issues with the computer's performance, please be specific.

Best regards.
 
requested info

Thanks for the reply Tashi.

Version of Spybot: 2.0.12.0
Rootkit scanner 2.0.12.116
The operating system: Windows 7 professional 32 bit
Other security programs installed: AVG Cloudcare, Malwarebytes
Issues with the computer's performance: Windows is not Genuine (4 year old Lenovo laptop and this just popped up), can't troubleshoot (gets error), some updates are blocked, sometimes gets very sloooowww. I pulled the drive and deep scanned it again from this machine with similar results to the original scan.

Thanks again
 
Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please. :)

Best regards.
 
help on next step

I would think that these steps are best accomplished with the drive back in its home computer unless you think it is better to leave it attached to this machine. Agree?


tashi said:
Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please. :)

Best regards.
Click to expand...
 
spypcsense said:
Ran the scans and started a new thread in Malware Removal. Posted the logs and linked to this post but nothing happens when I submit. This is the URL it goes to: http://forums.spybot.info/newthread.php?do=postthread&f=22. If I look at My Profile it just shows this thread. Any thoughts as to what I might be doing wrong?
Thanks
Click to expand...

That's strange, :confused: if you open this link you should be able to post: http://forums.spybot.info/newthread.php?do=newthread&f=22

Were you logged in?
 
Copied files to another computer and attached them instead of pasting in the post. Got error message that addition.txt was too big so split it. Now everything is up. Don't know if it was being blocked by the problem computer or it was the amount of data. Anyhow now it's happy -:)
Thanks for the links.
 
Confused

Hello Tashi - maybe I misunderstood or I'm not reading this correctly. You said to go to the Malware Removal forum, start a new thread, post the logs and link back to the original thread in the rootkit forum. I thought that is what I did so I'm not sure where I went wrong. Need some enlightenment. Which topic is open - the first one or this one and which one should I be using. Don't want to upset the apple cart but I am confused.
Thanks for your help.
Regards:confused:
 
Last edited by a moderator:
OK so the one you told me to open is closed and this one is open without logs. Can I close this one and then open a new one in Malware Removal?
Just to refresh your memory this is the message you sent me:

Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

Best regards.

Regards
 
OK - now I understand. The first one is the post that gave an error message about the file exceeding the 48+ mb maximum size. I thought the whole post was rejected so the second one was a repeat of the first one with the file separated into two files.
Thanks for clarifying and getting a newbie straightened out.
Will wait for helper advice.
Regards
 
You must log in or register to reply here.
Back
Top