Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Microsoft Word/general behaviour threat


  • Please log in to reply

#1
Sparklestar

Sparklestar

    New Member

  • Member
  • Pip
  • 5 posts

Hello, I hope posted this in the right forum. :) I have a Windows Vista PC. A couple of months ago I started receiving mesages from my anti-virus (AVG) saying that there was a threat detected. The message was "general behavior threat detected". The first time it happened I had been on several sites at the time so I wasn't sure which one had caused it. The second time I'd dowloaded a document from a website into Microsoft and it said Microsoft had crashed and I got the same message. I emailed the woman who runs the site and she ran a virus check on it and didn't find anything.

 

This kept happening and then the computer kept crashing and eventually wouldn't start at all. I took it to my local computer shop and they said the memory was really low and were surprised it was running before. But they sold it to me with that amount of memory on in the first place. They increased the memory and it seemed to be working fine but in the past week or so the same thing has been happening (the general behaviour threat message). It seems to be connected to Microsoft Word. If I write something in Word and then close it, it sometimes says "Microsoft Word has stopped working, finding a solution to the problem" and then it brings up a new document. (But it hasn't stopped working, I just closed it). I close the new document and shortly after the behaviour threat message comes up. Also one time an AVG page came up saying something about a generic virus. AVG scans never find anything. The past couple of times I clicked on the AVG prompt to allow it to remove the threat. I did  that just now and automatically restarted the computer but now Word won't load at all.

 

 

I wondered if it could be some kind of virus that is sucking the memory? The computer shop said they can run a remote scan and I'm going to have that done as soon as I can afford it but wanted to get some advice in the meantime. Does anyone know what it might be? The version of Word I'm using is Microsoft Word Starter 2010.

 

Thank you. :)

 

P.S. Also I've had some internet connection issues but I don't think that's connected because it was something to do with the modem. Thought I'd mention it just in case though! Internet is working fine again at the moment.


Edited by Sparklestar, 07 August 2016 - 08:08 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    •  
     
  • Get FRST from
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
    In addition to the above, do a search for all files with name: normal.dot or normal.dotm
     
    They are usually located in C:\Users\[username]\AppData\Roaming\Microsoft\Templates
    but this is a hiddne location so you have to tell windows to let you see them.
     
    Rename any you find to anormal.dot or .dotm
     
    Word should create a new default template when it starts up again.

    • 0

    #3
    Sparklestar

    Sparklestar

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    Thank you for your reply. So you think it's a virus in Microsoft word?

     

    I'll try what you suggest.


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    That's what it sounds like to me.  Word used to be very prone to Macro Viruses that would infect the normal.dot template until MS turned off macros by default.  It's still possible to turn them back on and I expect that is what happened to you.  After you rename the normal.dot and normal.dotm templates, see if you can start Word by using its entry in All Programs.  If it starts, make sure you have it  set to Disable Macros with Notification  See http://www.worldstar...s-in-word-2010/which is actually showing you how to enable macros but it gets you to the right place.  Then if you open a doc and it has a macro you will get a warning.  

    The other thing that word is sensitive to is your printer.  It needs a printer  assigned so that it knows what you finished doc will look like.


    • 0

    #5
    Sparklestar

    Sparklestar

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    Ok, thank you for explaning. I read some things about Macro Viruses but I don't know much about it at all. My printer isn't connected to the computer, I got this computer a few months ago and hadn't loaded it because I wasn't using it. I just checked in the Printers and Faxes section and it says there's a Microsoft XPS Writer listed there but that's not my actual printer, it's Hewlett Packard.

     

    I'll try what you suggested and get back to you. :)


    • 0

    #6
    Sparklestar

    Sparklestar

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    I ran a malware scan yesterday. I wasn't sure about using ADWCleaner because I'd heard that some people had problems with it, so in the end I used Malwatrebytes. It didn't actually find any malware but found some potentially unwanted programs. It said "Non-Malware detected". Here are the scan results:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 08/08/2016
    Scan Time: 23:06
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.08.08.11
    Rootkit Database: v2016.05.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Admin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 300398
    Time Elapsed: 13 min, 6 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-2894822192-3706410239-3577497919-1000\SOFTWARE\AskPartnerNetwork, , [a308a6a2f2a803330d7dcf0add2547b9],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.Ilivid, C:\Users\Admin\Documents\Downloads\iLividSetup.exe, , [5f4c77d1dcbee155a52929b1f40c629e],
    PUP.Optional.ASK.Gen, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\650sxlpa.default\searchplugins\askcom.xml, , [f9b24602f4a6ca6c92ad0d8e020227d9],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

     

     

    I also ran a Windows Malicious Software Removal scan but that didn't find anything.


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    That's all adware.  Hopefully you told MBAM to remove it.

     

    AdwCleaner has two mode.  The SCAN and the CLEAR.  The SCAN doesn't do anything but look.  Since you are afraid of it, just do the SCAN and get the log.


    • 0

    #8
    Sparklestar

    Sparklestar

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    Yes, I did get it to remove it.

     

    I see. Well, I've been told that it can open your computer up to more viruses in some cases. I'm just wary of downloading extra stuff, so I like to check first. But if the Scan just looks then it should be alright.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP