[drlnb]

Render,

 

The PC seems to be runnning fine.  I still see requests for ipconfig and arp in Security Agent.  Are these nomal?  I don't remember seeing them before.

 

I can't run sfc /scannow on this PC as I do not have admin priviledges... is there a work around?

 

Thanks once again for your help!

Edited by drlnb, 29 May 2014 - 09:18 AM.

[Advertisements]

Hi,

Please make a screenshot of Security Agent and post it here.

 

I can't run sfc /scannow on this PC as I do not have admin priviledges... is there a work around?

 

 

That's strange as if you are logged in as wjabs you should have administrators rights. Please try to open Command Prompt by just double-click on it and than run sfc /scannow command.

[Render]

Hi,

Please make a screenshot of Security Agent and post it here.

 

I can't run sfc /scannow on this PC as I do not have admin priviledges... is there a work around?

 

 

That's strange as if you are logged in as wjabs you should have administrators rights. Please try to open Command Prompt by just double-click on it and than run sfc /scannow command.

[drlnb]

Hi,

 

For some reason or other I cannot post a screen shot?    This is the message I get "You are not allowed to use that image extension on this community."

 

Thanks

[Render]

With jpg or png image extension you should be fine and should be less than 2MB in size. Try to save your screen-shot image in jpg or png format and not in bmp.

[drlnb]

Render,

 

Attached are the two sceen shots you requested.  I hope these are OK.

 

Thanks

Attached Thumbnails

• 
• 

[Render]

Hi,

 

Is this your computer or it is corporate computer?

[drlnb]

This is mine.

 

Thanks

[Render]

Please proceed with this scan:

 

Please disable your AntiVirus before doing these steps!

• If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
• This will only work for Internet Explorer or FireFox
• Please download ESET Online Scanner from here
• You will see a screen like this:
  
• Click Run ESET Online Scanner
  
• A Window will open (see above) - please click on the link
• A window will pop up - please download the file to your Desktop
• When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)
  
• Tick the box next to YES, I accept the Terms of Use then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  •     Scan for potentially unsafe applications
  •     Enable Anti-Stealth Technology
• Then click on Start
• virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• After the scan is finished please click on Finish
• Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.

 

[drlnb]

Render,

 

Thanks, I'll run this tonight!

[drlnb]

Hi,

 

This window popped up.  How should I respond?

 

Please note that I disabled the security agent and Macafee

 

Edited by drlnb, 04 June 2014 - 07:55 AM.

[Render]

First, please disable your anti-virus program. Then check Enable detection of potentially unwanted applications and click on Start button. Scan will take a couple of hours so I recommend you to this before you go to sleep and leave it over night.

[drlnb]

Render,

 

I tried running Eset.  The application ran but never saw the scrrens that you posted here?  After the downoad I saw the esetsmartinstaller.exe and ran it as you instructed.  The next window popped up for me to accept terms of use... which I did, but I never saw the window to select compute scan setting???  The application launched.  It ran for 2 hours, here is a screen shot of what I saw:

 

 

Attached Thumbnails

• 

[Render]

It's OK. On completion of scan please let me know the results.

[drlnb]

Render,

 

The PC seems to be running fine.  The only thing is that I'm still seeing are the arp and ipconfig requests.  Which I never saw until the PC was infected.

 

NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\ipconfig.exe'. The operation was denied. [2564]

6/5/2014 11:07:32 AM: The current application 'C:\WINDOWS\system32\cmd.exe' (as user NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\arp.exe'. The operation was denied. [2564]

Thanks
 

p.s There was no log created after eset ran.

Edited by drlnb, 05 June 2014 - 09:17 AM.

[Render]

From provided logs I can't say that your computer is or was infected.

 

5/27/2014 3:28:10 PM: The current application 'C:\WINDOWS\system32\cmd.exe' (as user NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\ipconfig.exe'. The operation was denied. [2564]

5/27/2014 3:28:10 PM: The current application 'C:\WINDOWS\system32\cmd.exe' (as user NT AUTHORITY\SYSTEM) attempted to execute the new application 'C:\WINDOWS\system32\arp.exe'. The operation was denied. [2564]

 

These events above are Cisco related things. I don't know why they there and if they are malware related. Main problem here is that your system is configured for corporate use and as such you don't have all administrative rights. That's why our tools can't run properly as they need administrative rights.

 

Log report of ESET scan results should be located here: C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt Please take look one more time and if it's there post it here.