...ESET warning is still there
Antivirus Keeps Reporting an Infection but Can't Delete It! [S
#16
Posted 11 October 2015 - 10:37 PM
#17
Posted 12 October 2015 - 07:45 AM
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
http://img.photobuck...claimer_ENG.png
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
- Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#18
Posted 12 October 2015 - 05:32 PM
I just ran Combofix. Here is the log:
#19
Posted 12 October 2015 - 05:39 PM
I am not sure if that ESET warning will come up again. I hope not. One error message with Combofix, though. What is "curl: <52 Empty reply from server Could Not Find C:\Combofix\nvidia.zip? But then it asks to click yes to agree in the End User License Agreement. So I was still able to run the program.
You think running Combofix only will fix the problem. It didn't seem to fix ESET warning the first time :/
EDIT: Today I just went on EBay but then a Virus Warning Website came up (freeresolve.com). It's fake, I assume but how did it pop-up if I didn't go to any unsafe sites? I forced-closed it but after a few second I got a blue error screen and my computer restated. Some message from microsoft that my comuter recovered from serious error came up. This is the error info:
Did my computer go completely kaputt now? Please advise what do I do.
Thank you
Edited by 4leafclover, 12 October 2015 - 08:01 PM.
#20
Posted 13 October 2015 - 08:01 AM
EDIT: Today I just went on EBay but then a Virus Warning Website came up (freeresolve.com). It's fake, I assume but how did it pop-up if I didn't go to any unsafe sites? I forced-closed it but after a few second I got a blue error screen and my computer restated. Some message from microsoft that my comuter recovered from serious error came up. This is the error info:
That comes under the heading of malvertising .. An explanation here https://blog.avast.c...ate/#more-37481 or https://zeltser.com/...s-ad-campaigns/
The infection is within your system restore so we need to turn that off .. Reboot and then turn it back on
Steps to turn off System Restore
1.Click Start, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the System Restore tab.
3.Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4.Click OK.
5.When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.
Reboot the computer
Steps to turn on System Restore
1.Click Start, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the System Restore tab.
3.Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4.Click OK.
After a few moments, the System Properties dialog box closes.
#21
Posted 13 October 2015 - 11:57 AM
Thank you for your response. I turned of System Restore as you advised but after I restarted the computer, ESET blocked some Trojan. The message disappeared quickly and I wasn't able to read it promptly or take a screen-shot. ESET also has a new warning message now:
Edited by 4leafclover, 13 October 2015 - 12:06 PM.
#22
Posted 13 October 2015 - 12:09 PM
#23
Posted 13 October 2015 - 09:25 PM
I don't need to click fix after I run FRST, do I? I tried running ESET again today and left it on while I was in school. It was running for 8 hours and it got stuck at 39%. It found 40 infiltrations but i couldn't remove them since I had to stop scanning. This is FRST scan:
Edited by 4leafclover, 13 October 2015 - 09:30 PM.
#24
Posted 14 October 2015 - 07:40 AM
You do not appear to be running the FRST fix that I am providing hence nothing is being removed
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-11 12:04 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
#25
Posted 14 October 2015 - 07:16 PM
Sorry but I'm new at this and I thought to run a program means just running it so you can see the log file and figure out what's going on with my computer. That's why I asked if I need to click on FIX. What's more confusing is that the program generates a .txt file right after the scanning and I thought I need to post that file. Sorry, again.
Edited by 4leafclover, 14 October 2015 - 07:19 PM.
#26
Posted 15 October 2015 - 07:24 AM
Is ESET behaving itself now or is it still warning
#27
Posted 15 October 2015 - 04:02 PM
Hi
ESET didn't give me anymore warnings but I am trying to run a scan and it's been running since 8:19 and shows two infiltrations so far but it still seems to be frozen or just very, very slow. Is that not normal?
EDIT: I saw a movement in the ESET scan so it seems to be running but really slow. Scan progress is at 32%
Edited by 4leafclover, 15 October 2015 - 04:05 PM.
#28
Posted 16 October 2015 - 05:26 AM
Never used ESET before so I am not sure how fast it is ... Does it appear slower than normal ?
#29
Posted 16 October 2015 - 04:31 PM
Much slower then before. It never took 9 hours to complete the scan. This is a log file created after the scan completition, I don't know if its of any use:
Scan Log
Version of virus signature database: 12412 (20151015)
Date: 10/15/2015 Time: 7:27:11 AM
Scanned disks, folders and files: C:\Boot sector;C:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache\baseimagefam8 » ZIP » lib/rt.pack » PACK200 - archive damaged
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\XP POWER\NTUSER.DAT - error opening [4]
C:\Documents and Settings\XP POWER\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\DataRv\offline-storage-ecs.data - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\DataRv\offline-storage.data - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\bistats.lock - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\eascache.lock - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\keyval.lock - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\main.lock - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\msn.lock - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\statistics.lock - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\shared_dynco\dc.lock - error opening [4]
C:\Documents and Settings\XP POWER\Application Data\Skype\shared_httpfe\queue.lock - error opening [4]
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session - error opening [4]
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs - error opening [4]
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000320 » GZIP » f_000320 - unpack error
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000344 » GZIP » f_000344 - unpack error
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000462 » GZIP » f_000462 - unpack error
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000832 » GZIP » f_000832 - unpack error
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\XP POWER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\XP POWER\Local Settings\Temporary Internet Files\Content.Word\~WRS{492F1DAF-4876-4B60-8F78-92D582D5C6FA}.tmp - error opening [4]
C:\Documents and Settings\XP POWER\My Documents\Downloads\ChromeSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Documents and Settings\XP POWER\My Documents\Downloads\GoogleEarthSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2008-06-09 153814\Backup files 16.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _2226726CE5BD4D54835C634BF1E8712A - archive damaged - the file could not be extracted.
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2008-06-09 153814\Backup files 16.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _E7904ED111C0400BBF4527ED11A25B87 - error reading archive
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2008-06-09 153814\Backup files 4.zip » ZIP » C\hp\bin\Python\Lib\test\testtar.tar » TAR » - archive damaged
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-03-07 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\Local\Mozilla\Firefox\Profiles\t0z99n4j.default\Cache\ABEAB094d01 » CWS » file.swf - unpack error
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-05-16 190002\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7cdbdc4d-4d40b4ae » ZIP » GoogleCodeSearch.class - Java/Exploit.Agent.NAA trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-06-06 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7cdbdc4d-4d40b4ae » ZIP » GoogleCodeSearch.class - Java/Exploit.Agent.NAA trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\20d825dc-445a23ad » ZIP » vload.class - a variant of Java/Agent.AF trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-3078e2c2 » ZIP » vload.class - a variant of Java/Agent.AF trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\42f2dad8-746c3035 » ZIP » vmain.class - Java/Exploit.CVE-2009-3867.AL trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\64414e83-79dac52c » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5fc5a262-108450b9 » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ffc5a4-72705888 » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-29f04fe5 » ZIP » vmain.class - Java/Exploit.CVE-2009-3867.AL trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\665ffb1-36b0b52a » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-09-12 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\Local\Mozilla\Firefox\Profiles\t0z99n4j.default\Cache\7B890459d01 » CWS » file.swf - unpack error
C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-09-12 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\Local\Mozilla\Firefox\Profiles\t0z99n4j.default\Cache\B0DC4508d01 » CWS » file.swf - unpack error
C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-02-26 062541\Backup files 2.zip » ZIP » C\hp\bin\Python\Lib\test\testtar.tar » TAR » - archive damaged
C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-04-02 144536\Backup files 46.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _2226726CE5BD4D54835C634BF1E8712A - archive damaged - the file could not be extracted.
C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-04-02 144536\Backup files 46.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _E7904ED111C0400BBF4527ED11A25B87 - error reading archive
C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-07-03 125741\Backup files 2.zip » ZIP » C\Users\Matt\Downloads\~$croeconomics_Essay_Test_Bank.zip » ZIP » - archive damaged
C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-07-03 125741\Backup files 5.zip » ZIP » D\hp\apps\APP30934\src\Data1 (2).cab » CAB » _2226726CE5BD4D54835C634BF1E8712A - archive damaged - the file could not be extracted.
C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-07-03 125741\Backup files 5.zip » ZIP » D\hp\apps\APP30934\src\Data1 (2).cab » CAB » _E7904ED111C0400BBF4527ED11A25B87 - error reading archive
C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\Google\Update\Install\{04B621F7-6D5D-4D66-A30D-F63BAD597D32}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\Google\Update\Install\{3DC7F6B0-656E-4969-A3FF-74A36793F3ED}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\Google\Update\Install\{55661FEC-33A2-4B7D-A2E9-9E205494867C}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\Google\Update\Install\{7DA6346E-3EDD-4E3B-9D60-DDEC672F5959}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\Microsoft Picture It! PhotoPub\PIP\PIP2001\8T.its » CHM » ::DataSpace/Storage/MSCompressed/Content - error reading archive
C:\Program Files\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\WINDOWS\system32\CatRoot2\edb.log - error opening [4]
C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening [4]
C:\WINDOWS\system32\config\default - error opening [4]
C:\WINDOWS\system32\config\default.LOG - error opening [4]
C:\WINDOWS\system32\config\SAM - error opening [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening [4]
C:\WINDOWS\system32\config\SECURITY - error opening [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]
C:\WINDOWS\system32\config\software - error opening [4]
C:\WINDOWS\system32\config\software.LOG - error opening [4]
C:\WINDOWS\system32\config\system - error opening [4]
C:\WINDOWS\system32\config\system.LOG - error opening [4]
Number of scanned objects: 1231929
Number of threats found: 10
Number of cleaned objects: 0
Time of completion: 4:58:13 PM Total scanning time: 34262 sec (09:31:02)
#30
Posted 16 October 2015 - 04:36 PM
Oh, wow. Now I see it says 0 threats found and 0 cleaned BUT during the scan it showed 2 infiltration(in red) at first, I checked back a while later and it said 4 infiltrations. I had to leave the housef. After I came back the scan was finished but now I see the report doesn't make sense :/
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users