Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NT AUTHORITY\SYSTEM attempted to execute the new application


  • Please log in to reply

#16
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Render,

 

The PC seems to be runnning fine.  I still see requests for ipconfig and arp in Security Agent.  Are these nomal?  I don't remember seeing them before.

 

I can't run sfc /scannow on this PC as I do not have admin priviledges... is there a work around?

 

Thanks once again for your help!


Edited by drlnb, 29 May 2014 - 09:18 AM.

  • 0

Advertisements


#17
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Hi,

Please make a screenshot of Security Agent and post it here.

 

I can't run sfc /scannow on this PC as I do not have admin priviledges... is there a work around?

 

 

That's strange as if you are logged in as wjabs you should have administrators rights. Please try to open Command Prompt by just double-click on it and than run sfc /scannow command.


  • 0

#18
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi,

 

For some reason or other I cannot post a screen shot?    This is the message I get "You are not allowed to use that image extension on this community."

 

Thanks


  • 0

#19
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

With jpg or png image extension you should be fine and should be less than 2MB in size. Try to save your screen-shot image in jpg or png format and not in bmp.


  • 0

#20
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Render,

 

Attached are the two sceen shots you requested.  I hope these are OK.

 

Thanks

Attached Thumbnails

  • Image1.jpg
  • Image2.jpg

  • 0

#21
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Hi,

 

Is this your computer or it is corporate computer?


  • 0

#22
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

This is mine.

 

Thanks


  • 0

#23
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Please proceed with this scan:

 

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • You will see a screen like this:
    e922iil8.png
  • Click Run ESET Online Scanner
    4e3svhbd.png
  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)
    p35jbmyy.png
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    p3b9meru.png
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
       
    • Scan for potentially unwanted applications
    •     Scan for potentially unsafe applications
    •     Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

 


  • 0

#24
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Render,

 

Thanks, I'll run this tonight!


  • 0

#25
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi,

 

This window popped up.  How should I respond?

 

Please note that I disabled the security agent and Macafee

 

Image1.jpg


Edited by drlnb, 04 June 2014 - 07:55 AM.

  • 0

Advertisements


#26
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

First, please disable your anti-virus program. Then check Enable detection of potentially unwanted applications and click on Start button. Scan will take a couple of hours so I recommend you to this before you go to sleep and leave it over night.


  • 0

#27
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Render,

 

I tried running Eset.  The application ran but never saw the scrrens that you posted here?  After the downoad I saw the esetsmartinstaller.exe and ran it as you instructed.  The next window popped up for me to accept terms of use... which I did, but I never saw the window to select compute scan setting???  The application launched.  It ran for 2 hours, here is a screen shot of what I saw:

 

 

Attached Thumbnails

  • Image2.jpg

  • 0

#28
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

It's OK. On completion of scan please let me know the results.


  • 0

#29
drlnb

drlnb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Render,

 

The PC seems to be running fine.  The only thing is that I'm still seeing are the arp and ipconfig requests.  Which I never saw until the PC was infected.

 

NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\ipconfig.exe'. The operation was denied. [2564]

6/5/2014 11:07:32 AM: The current application 'C:\WINDOWS\system32\cmd.exe' (as user NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\arp.exe'. The operation was denied. [2564]

Thanks
 

p.s There was no log created after eset ran.


Edited by drlnb, 05 June 2014 - 09:17 AM.

  • 0

#30
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

From provided logs I can't say that your computer is or was infected.

 

5/27/2014 3:28:10 PM: The current application 'C:\WINDOWS\system32\cmd.exe' (as user NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\ipconfig.exe'. The operation was denied. [2564]

5/27/2014 3:28:10 PM: The current application 'C:\WINDOWS\system32\cmd.exe' (as user NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\arp.exe'. The operation was denied. [2564]

 

These events above are Cisco related things. I don't know why they there and if they are malware related. Main problem here is that your system is configured for corporate use and as such you don't have all administrative rights. That's why our tools can't run properly as they need administrative rights.

 

Log report of ESET scan results should be located here: C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt Please take look one more time and if it's there post it here.

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP