Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 Laptop sluggish, trouble updating spyware [Solved]

Started by blues71 , Jul 11 2017 03:03 PM

  • This topic is locked This topic is locked

#16
blues71
Posted 21 July 2017 - 04:35 PM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

My computer seems to be running more smoothly, although I've been careful not to use it too much this week, and especially not to access any password-protected websites. I haven't been using the more resource-intensive programs, either, like OpenOffice. Did we find what exactly was going on?

 

I'm pasting the remaining logs below.

 

Thanks!

 

 

# AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 21 21:46:15 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: Update service


***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Auslogics
Deleted: C:\Users\Smash\AppData\Roaming\Auslogics


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{40217CB8-4463-4030-B324-AC6A8075FEC8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2135 B] - [2017/7/21 16:4:1]
C:/AdwCleaner/AdwCleaner[S1].txt - [2201 B] - [2017/7/21 21:45:48]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/21/17
Scan Time: 3:52 PM
Log File: mb_log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2412
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sidekick\Smash

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 569789
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 38 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


  • 0

Advertisements

#17
Jr0x
Posted 21 July 2017 - 10:23 PM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi,
 
Make sure to remove both instances of the bestbuy pc app. You can start back Revo uninstaller, and see if it still finds any bestbuy pc app instance.
 
Glad to hear that your machine is better. We did managed to get some baddies out of the way, and we'll finish it with one last scan.


Scan with ESET Online Scanner

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click Scan Now.

  • Download esetonlinescanner_enu.exe that you'll be given link to.
  • Double click esetonlinescanner_enu.exe.
  • Accept the Terms of Use

To perform the scan:

  • Make sure that Enable detection of potentially unwanted applications is selected.
  • In the Advanced Settings dropdown menu:
    • Enable detection of potentially unsafe applications are checked.
    • Enable detection of suspicious applications are checked.
    • Enable Anti-Stealth technology are checked.
    • Scan archives is checked.
    • Make sure that Clean threats automatically is unchecked.
    • Use custom proxy settings is unchecked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done results will be displayed. Click the Copy to clipboard.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


  • 0

#18
blues71
Posted 22 July 2017 - 02:35 PM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello,

 

Looks like we've got a few more baddies. I ran Revo Uninstaller again, but it did not identify any instances of Best buy pc app. But ESET found 7 threats. I'm pasting the log below.

 

The newvigil170615.tar.gz file is a backup of my wordpress site, which was recently hacked. I can delete that one easily enough.

 

I'll keep checking this, if you have time to respond today.

 

Thanks

 

--------------------------------

 

C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
C:\Program Files (x86)\NCH Software\Doxillion\uninst.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    
C:\Program Files (x86)\NCH Software\Scribe\scribe.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    
C:\Program Files (x86)\NCH Software\Scribe\uninst.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    
C:\Users\Smash\Downloads\ccsetup531.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Smash\Downloads\newvigil170615.tar.gz    PHP/Agent.GC trojan    
Autostart locations    a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    
 


  • 0

#19
blues71
Posted 22 July 2017 - 02:40 PM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

One more question--at what point can I resume using my computer normally? I've been avoiding any password-protected websites or any other sensitive activities.


  • 0

#20
Jr0x
Posted 23 July 2017 - 12:38 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
All looks great to me, you can manually delete way the following two files.
 
C:\Users\Smash\Downloads\ccsetup531.exe  
C:\Users\Smash\Downloads\newvigil170615.tar.gz
Other than that, I don't see much of a issue on your machine unless you still have complains of any that you are facing at the moment.
You can continue with your activities as per usual.



OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

Uninstallation

You can uninstall Revo Uninstaller as installed previously if you like.

Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.
  • Right click the 34079650-4cb0ca87s.jpg and click Run as Administrator.
  • Ensure ALL boxes are checked.
  • Click the Run button.
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Delete the following Files and Folders (If Present):

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates
  • Please go to Start Menu -> Control Panel
  • Under View by: select Large Icons, then tap or click Windows Update.
  • Click on Change Settings

    CheckForUpdates.JPG[/b]
  • Select "Install updates automatically (recommended)" from the Important updates drop-down.

    WUChangeSettings.JPG
  • Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
  • Ensure that all of the other check boxes are checked.
  • Click OK.
Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

eF6qWPr.jpg

Then click Finish

1YmbKwi.jpg

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:
  • Click CryptoPrevent
  • Under the Free Edition column, click on Download button to request for a download link and download to your Desktop
  • Extract the content of the zip file to your Desktop and right-click and select Run as Administrator
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me.
  • 0

#21
blues71
Posted 23 July 2017 - 11:59 AM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello,

 

I followed your instructions and I'm pasting the DELFIX log below.

 

I uninstalled both 32- and 64-bit JAVA from my system. I'm keeping Revo and Malwarebytes. Also installed Unchecky and the new version of CryptoPrevent. I enabled automatic updates in Windows Update.

 

I have two more issues:

 

1- I'd like to address this line from the ESET log: Autostart locations    a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application. I removed the Avira SystemSpeedUp shortcut from programs\startup, and checked the startup list in MSCONFIG, but I'm not sure which sofftware this refers to.

 

2- My bank requires that I use the Trusteer Rapport plugin for online banking. It is supposed to ensure secure connections and to protect any sensitive cookies from the bank website. When I accessed the Chrome plugins page, this plugin was deactivated. I tried to reactivate it and got this message: "This message may have been corrupted." Does this require any additional attention? It would be easy enough to uninstall then reinstall Rapport, but I need to make sure nobody is gaining access to my bank accounts.

 

Thanks again for all your help. It has made a big difference!


  • 0

#22
blues71
Posted 23 July 2017 - 12:01 PM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

# DelFix v1.013 - Logfile created 23/07/2017 at 11:21:54
# Updated 17/04/2016 by Xplode
# Username : Smash - SIDEKICK
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Smash\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.1.0.15_20.07.2017_10.58.00_log.txt
Deleted : C:\TDSSKiller.3.1.0.15_20.07.2017_11.02.18_log.txt
Deleted : C:\Users\Smash\Desktop\Addition.txt
Deleted : C:\Users\Smash\Desktop\AdwCleaner.exe
Deleted : C:\Users\Smash\Desktop\Fixlog.txt
Deleted : C:\Users\Smash\Desktop\FRST.txt
Deleted : C:\Users\Smash\Desktop\FRST64.exe
Deleted : C:\Users\Smash\Desktop\JRT.exe
Deleted : C:\Users\Smash\Desktop\JRT.txt
Deleted : C:\Users\Smash\Desktop\rkill.com
Deleted : C:\Users\Smash\Desktop\rkill.scr
Deleted : C:\Users\Smash\Desktop\Rkill.txt
Deleted : C:\Users\Smash\Desktop\tdsskiller.exe
Deleted : C:\Users\Smash\Downloads\FRST64.exe
Deleted : C:\Users\Smash\Downloads\rkill.com

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #696 [Windows Update | 07/18/2017 23:05:43]
Deleted : RP #698 [Restore Point Created by FRST | 07/21/2017 15:41:27]
Deleted : RP #699 [JRT Pre-Junkware Removal | 07/21/2017 15:51:17]
Deleted : RP #701 [Revo Uninstaller's restore point - Best Buy pc app | 07/21/2017 19:29:39]
Deleted : RP #702 [Removed Best Buy pc app | 07/21/2017 19:29:55]
Deleted : RP #704 [Revo Uninstaller's restore point - Best Buy pc app | 07/21/2017 19:30:52]
Deleted : RP #706 [Revo Uninstaller's restore point - Best Buy pc app | 07/21/2017 19:31:07]
Deleted : RP #707 [Removed Best Buy pc app | 07/21/2017 19:31:18]
Deleted : RP #709 [Revo Uninstaller's restore point - Best Buy pc app | 07/21/2017 19:40:30]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#23
blues71
Posted 23 July 2017 - 12:21 PM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

One more. After I allowed CryptoPrevent to restart the system, Avira alerted that I could not access the HOSTS file. I updated the Avira database and it came back successful but the logs seem concerning--including a number of components that did not install and checksums that do not match. I'm pasting the log here.

 

Is it safe to simply uninstall then reinstall Avira?

 

Thanks

 

--------------------------------------

 

Avira Free Antivirus Updater
Complete product update

Creation time: Sunday, July 23, 2017 12:15:39 PM

Operating system:
Windows 7 Home Premium (Service Pack 1)  [6.1.7601] 64 bit

Product information:
Product version: 15.0.28.28
Updater: C:\Program Files (x86)\Avira\Antivirus\update.exe 15.0.28.27
Update resource: C:\Program Files (x86)\Avira\Antivirus\updaterc.dll 15.0.28.14
Library: C:\Program Files (x86)\Avira\Antivirus\update.dll 15.0.28.16
GUI: C:\Program Files (x86)\Avira\Antivirus\updgui.dll 15.0.28.21

Temp Directory: C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\
Backup folder: C:\ProgramData\Avira\Antivirus\BACKUP\
Installation Directory: C:\Program Files (x86)\Avira\Antivirus\
Updater folder: C:\Program Files (x86)\Avira\Antivirus\
AppData folder: C:\ProgramData\Avira\Antivirus\

Connection settings:
- Connection type:    Web server
- Transfer type:    Existing connection
- Proxy settings:    No proxy

12:15:39 [UPD] [INFO]       Get product file
12:15:39 [UPD] [INFO]       Update server: 'http://personal.avir...ate.com/update'
12:15:39 [UPD] [INFO]       Update File: '/idx/antivirus-15.0.28.28-win-en-us.info.lz'
12:15:39 [UPD] [INFO]       Update File: '/idx/xvdf_sigver-7.14.18.108_8.14.18.108.info.lz'
12:15:39 [UPD] [INFO]       Update File: '/idx/ave2_sigver-win32-int-8.3.44.104.info.lz'
12:15:39 [UPD] [INFO]       Update File: '/idx/repair_sigver-win32-int-1.0.29.24.info.lz'
12:15:39 [UPD] [INFO]       Update File: '/idx/webcat_sigver-common-int-2017_9.0.723.1900.info.lz'
12:15:39 [UPD] [INFO]       Update File: '/idx/localdecider_sigver-win32-int-13.0.1.48.info.lz'
12:15:39 [UPD] [INFO]       Update File: '/idx/weblocaldecider_sigver-win32-int-15.0.15.28.info.lz'
12:15:39 [UPD] [INFO]       Update File: '/idx/scanner13_sigver-win32-int-13.0.0.38.info.lz'
12:15:40 [UPD] [INFO]       Download control files (attempt 1 of 3)
12:15:40 [UPD] [INFO]       Checking whether newer files are available.
12:15:40 [UPD] [INFO]       Select update server 'http://personal.avir...te.com/update'.
12:15:40 [UPD] [INFO]       Downloading of 'http://personal.avir...idx/master.idx'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\master.idx'.
12:15:40 [UPD] [INFO]       Downloading of 'http://personal.avir...-en-us.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\antivirus-15.0.28.28-win-en-us.info.lz'.
12:15:41 [UPD] [INFO]       Downloading of 'http://personal.avir...18.108.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\xvdf_sigver-7.14.18.108_8.14.18.108.info.lz'.
12:15:41 [UPD] [INFO]       Downloading of 'http://personal.avir...44.104.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\ave2_sigver-win32-int-8.3.44.104.info.lz'.
12:15:41 [UPD] [INFO]       Downloading of 'http://personal.avir....29.24.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\repair_sigver-win32-int-1.0.29.24.info.lz'.
12:15:41 [UPD] [INFO]       Downloading of 'http://personal.avir...3.1900.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\webcat_sigver-common-int-2017_9.0.723.1900.info.lz'.
12:15:41 [UPD] [INFO]       Downloading of 'http://personal.avir...0.1.48.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\localdecider_sigver-win32-int-13.0.1.48.info.lz'.
12:15:41 [UPD] [INFO]       Downloading of 'http://personal.avir....15.28.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\weblocaldecider_sigver-win32-int-15.0.15.28.info.lz'.
12:15:41 [UPD] [INFO]       Downloading of 'http://personal.avir...0.0.38.info.lz'to 'C:\ProgramData\Avira\Antivirus\TEMP\UPDATE\6d800673.upd\idx\scanner13_sigver-win32-int-13.0.0.38.info.lz'.
12:15:42 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avshadow.exe's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/shlext.dll's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/toastNotifier.exe's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avgntflt.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avgntflt.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avgntflt.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avgntflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avgntflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avgntflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avgntflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avgntflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avgntflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avipbb.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avipbb.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avipbb.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avipbb.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avipbb.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avipbb.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avipbb.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avipbb.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avipbb.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avkmgr.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avkmgr.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avkmgr.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avkmgr.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avkmgr.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avkmgr.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avkmgr.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avkmgr.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avkmgr.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avnetflt.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avnetflt.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avnetflt.cat's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avnetflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avnetflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avnetflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avnetflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avnetflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avnetflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/WdfCoInstaller01011.dll's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/drvinstall32.exe's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avusbflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avusbflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avusbflt.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avusbflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avusbflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avusbflt.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avdevprot.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avdevprot.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avdevprot.inf's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avdevprot.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avdevprot.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avdevprot.sys's operating system doesn't match the current one. File ignored.
12:15:44 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avgntflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avgntflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avgntflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avipbb.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avipbb.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avipbb.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avkmgr.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avkmgr.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avkmgr.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avnetflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avnetflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avnetflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avusbflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avusbflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avusbflt.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x64/avdevprot.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/win7x86/avdevprot.sys's operating system doesn't match the current one. File ignored.
12:15:45 [UPDLIB] [INFO]    File antivirus/15.0.28.28/win/en-us/x86/avdevprot.sys's operating system doesn't match the current one. File ignored.
12:15:50 [UPDLIB] [INFO]    Checksum mismatch for C:\Program Files (x86)\Avira\Antivirus\webcat0.dat. The checksum of the currently installed file is 343cfc25dc665109a621b1715853b04fff6f7e336ec9014a85615af42a9a0380. The checksum of the available file is fa69705c16a94b132c7749d7a01e44b1d6d176e8d2260efc231c532fe25226cd.
12:15:50 [UPDLIB] [INFO]    Checksum mismatch for C:\Program Files (x86)\Avira\Antivirus\webcat1.dat. The checksum of the currently installed file is f7fc7437ca2d5a345baa2a0b48b36ee59469723a30b36d5ecbb5332db00ce801. The checksum of the available file is edbf8e2b8a9cac1a0f77b6ac2df4e1ad82f3625677043e5503dc7b1792278ef4.
12:15:50 [UPDLIB] [INFO]    Checksum mismatch for C:\Program Files (x86)\Avira\Antivirus\webcat2.dat. The checksum of the currently installed file is 947e66b760adbac1c738bbb380218dbe3e3f3037fa49aa3b07e334ddb7649803. The checksum of the available file is 075682cc6a03f6d646f645e874e39b383310965cec273328f6dc67a8a744d9f3.
12:15:50 [UPDLIB] [INFO]    Checksum mismatch for C:\Program Files (x86)\Avira\Antivirus\webcat3.dat. The checksum of the currently installed file is 2fd67caf6eab105bd6271723546d57e762048829a3b3300b9ee9ba702466825d. The checksum of the available file is c43700e29d5dacfe8d01b46ce838b06daf63b9b3b09361b403b1ee26f63bd23e.
12:15:50 [UPDLIB] [INFO]    Checksum mismatch for C:\Program Files (x86)\Avira\Antivirus\webcat4.dat. The checksum of the currently installed file is d9e6a8fa139a9a06e41c4eab5c5be81b9e93b63cc698d27fd0ec90d51ef39f96. The checksum of the available file is 6c5a8ae728bf51866b446cf01738c640194795d46bab694b4b19019052500fa9.
12:15:50 [UPD] [INFO]       Compare local files with status of update server.
12:15:50 [UPD] [INFO]       Product-info file: Executing mandatory product update initiated by Avira.
12:15:50 [UPD] [INFO]       Checking module SELFUPDATE:
12:15:50 [UPD] [INFO]       Checking module MAIN:
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/addr_file.html' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           The IGNORE flag is set for the file 'antivirus/15.0.28.28/win/en-us/en-us/eula.txt'. The file will therefore not be taken into account.
12:15:50 [UPD] [INFO]           The IGNORE flag is set for the file 'antivirus/15.0.28.28/win/en-us/filelist.ini'. The file will therefore not be taken into account.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/folder.avp' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/produpd.avj' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/quicksysscan.avp' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/scanjob.avj' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           The IGNORE flag is set for the file 'antivirus/15.0.28.28/win/en-us/en-us/setup.inf'. The file will therefore not be taken into account.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/startupd.avj' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/57/updjob.avj' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/150/updjob.avj' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/210/updjob.avj' is already installed and is not being updated.
12:15:50 [UPD] [INFO]           File'antivirus/15.0.28.28/win/en-us/en-us/208/updjob.avj' is already installed and is not being updated.
12:15:50 [UPD] [INFO]       Checking module DRV:
12:15:50 [UPD] [INFO]       Checking module UI:
12:15:50 [UPD] [INFO]       Checking module VDF:
12:15:50 [UPD] [INFO]       Checking module AVE2:
12:15:50 [UPD] [INFO]       Checking module REPAIR:
12:15:50 [UPD] [INFO]       Checking module WEBCAT:
12:15:50 [UPD] [INFO]       Checking module LOCALDECIDER:
12:15:50 [UPD] [INFO]       Checking module WEBLOCALDECIDER:
12:15:50 [UPD] [INFO]       Checking module SCANNER:
12:15:50 [UPD] [INFO]       File webcat_sigver/2017_9.0.723.1900/common/int/webcat0.dat does not match Avira Free Antivirus. File was ignored.
12:15:50 [UPD] [INFO]       File webcat_sigver/2017_9.0.723.1900/common/int/webcat1.dat does not match Avira Free Antivirus. File was ignored.
12:15:50 [UPD] [INFO]       File webcat_sigver/2017_9.0.723.1900/common/int/webcat2.dat does not match Avira Free Antivirus. File was ignored.
12:15:50 [UPD] [INFO]       File webcat_sigver/2017_9.0.723.1900/common/int/webcat3.dat does not match Avira Free Antivirus. File was ignored.
12:15:50 [UPD] [INFO]       File webcat_sigver/2017_9.0.723.1900/common/int/webcat4.dat does not match Avira Free Antivirus. File was ignored.
12:15:50 [UPD] [INFO]       The installation is up to date. An update of the program files, the engine or the virus definitions is therefore unnecessary.


Summary:
********
    0 Files downloaded
    0 Files installed

    Sunday, July 23, 2017 12:15:50 PM

The update was carried out successfully!
 


  • 0

#24
Jr0x
Posted 24 July 2017 - 09:01 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi blues71,
 
1. You can ignore the "Autostart locations", I don't see any malicious items in there.
2. I'm not familiar with your bank, nor with the plugin. I can suggest you to remove, and re-install the plugin. Alternatively, you may want to check with your bank on it.
3. Can you try to open Notepad and run as Administrator. Once open, click File > Open > Navigate to C:\Windows\System32\drivers\etc and choose "All Files" and open hosts

Add a # on any empty line and try to save it, and see if you have any issue with it.

4. I don't think there is any issue with the update. Seem alright to me. However, if you are worried, you can reinstall Avira.


  • 0

#25
blues71
Posted 24 July 2017 - 10:38 AM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Great! I was able to open the Hosts file. Several lines had been added by Unchecky. Avira blocked me when I tried to save my edit, but I was able to find the settings in Avira to deactivate this protection, and it worked. I reactivated the protection, just in case. It appears to be a normal function of Avira. 

 

Separately, Malwarebytes blocked an exploit when I double-clicked on a .mov file to open Windows Media Player. I'm pasting the log below.

 

Thanks again for your patience and all your help.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/24/17
Protection Event Time: 10:15 AM
Log File: MWB log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2422
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Windows Media Player (wmplayer)
Protection Layer: Malicious Memory Protection
Protection Technique: Exploit code executing from Heap memory blocked
File Name:
URL:



(end)


  • 0

Advertisements

#26
Jr0x
Posted 24 July 2017 - 11:44 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

It might be a false positive. If the file is small (< 128MB), then you can upload the file to https://www.virustotal.com/ for analysis.


  • 0

#27
blues71
Posted 24 July 2017 - 01:04 PM

blues71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

I couldn't see a file associated with that alert. I won't worry about it unless it comes up again.


  • 0

#28
Jr0x
Posted 25 July 2017 - 06:45 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Any other issue you are facing now? If not, I will close this thread, or I can leave it on for a couple of days then close it.


  • 0

#29
Jr0x
Posted 27 July 2017 - 10:43 PM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP