Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outlook and Firefox Internet Access Blocked; IE9 is Ok


  • Please log in to reply

#16
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
I did a scan with the free version of Norman Malware cleaner and it found 7 infections. However, it could only clean 6 of them. The Norman log is too large to send as an attachment and/or copy and paste. So here is the last part of the log:




Number of files found: 150070
Number of archives unpacked: 6170
Number of objects found: 590607
Number of objects scanned: 590529
Number of objects not scanned: 78
Number of malicious objects found: 5
Number of malicious objects cleaned: 4
Number of malicious files found: 5
Number of malicious files cleaned: 4
Scanning time: 47m 33s

Running post-scan cleanup routine...
Potentially unwanted registry key: 'HKCR\.exe --> shell'
Remove registry key: HKCR\.exe (--> shell)
Cleaning successful
Potentially unwanted registry key: 'HKCR --> secfile'
Remove registry key: HKCR (--> secfile)
Cleaning successful

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 150685
Total number of archives unpacked: 6170
Total number of objects found: 593611
Total number of objects scanned: 593533
Total number of objects not scanned: 78
Total number of malicious objects found: 7
Total number of malicious objects cleaned: 6
Total number of malicious files found: 5
Total number of malicious files cleaned: 4
Total number of objects quarantined: 7
Total scanning time: 47m 53s







  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Don't think I've ever used Norman before.

Can't tell much from that. Would be more interested in knowing what files it found that were malicious and which one it couldn't remove.
  • 0

#18
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
Is there some way I could send you the log as an attachment (I have the attachment)? I tried using this system, but I received an error message that the attachment is too big to download.

Edited by Braind, 26 October 2013 - 08:32 PM.

  • 0

#19
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
It says the 6 cleaned items were infected with:
doslegacy/Redir.AG

The 7th that could not be cleaned has a potential unwanted file: (winpe/InstalleRex.H)

It was found in file: C:\Users\Brain\Appdata\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\fpa_uh.cab/FPAInstaller.exe


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I think Norman may be worrying too much:

https://www.virustot...fa9f2/analysis/

It's probably considered adware but not really evil.

Do you have file names for the others?

Going off-island today so replies will be late.
  • 0

#21
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
That information is in the Norman log...somewhere! Is there a way to send an attachment that is too large for the geekstogo.com system?
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
www.dropbox.com
  • 0

#23
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
Okay, I think this will give you the Norman log: https://www.dropbox....24_18-49-00.log
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Can't tell from the log what it found but you still have the stuff that AdwCleaner removed so it may be picking up on that. Delete the contents and subfolders of this folder: C:\AdwCleaner\Quarantine\
  • 0

#25
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
Norman Malware Cleaner only shows the one infection, C:\Users\Brain\Appdata\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\fpa_uh.cab/FPAInstaller.exe, when I run a scan now. Is there a way for me to get rid of it? I rather do overkill and be safe than sorry, if possible.
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
It came with Real Player so you could just uninstall it. Not sure how essential it is to Real Player so if you want to keep Real Player then try deleting the file fpa_uh.cab (this is like a zipped file - FPAInstaller.exe is just one of the files in it). It's a system hidden file so you need to be able to see them first:


Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

Or we could just use a Command Window:

Copy the next 2 lines:

Attrib -r -h -s C:\Users\Brain\Appdata\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\fpa_uh.cab
del C:\Users\Brain\Appdata\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\fpa_uh.cab

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter.


When you installed Real Player did it offer you some other software? That's probably what this is.
  • 0

#27
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
I used the command prompt method and ran a new Norman Malware Cleaner scan. It came back clean for everything! Thanks again for your help. I tried to uncheck all the extra stuff Real Player wants to install, but I must have missed something.

Edited by Braind, 30 October 2013 - 07:36 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP