Do I have the w32 Blaster?

Page 31 of 53 FirstFirst ... 21293031323341 ... LastLast

  1. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #301

    lol
      My Computer
    Quote Quote

  3. Doug Herbst
    Posts : 1
    Windows 7 Home Premium 32bit
       New #302

    Don't know if this will help or if your problem is worse, but I had this same problem over the weekend and wasn't able to shake it off until I rebooted in safe mode and deleted the app. McAfee full scan did not detect it. But I found the sucker in my Users/user/AppData/Roaming folder (your path may be different due if you log on with a different name). It was an app with the name "amsecure" and a green shield logo. I deleted it early Sunday morning, rebooted, and it hasn't returned since. But I never clicked the box to purchase the product so I don't know if that caused additional complications for you. BTW when I hovered over it it showed the File Description was ALPass and the company was ESTsoft Corp. That may be a bogus company.
      My Computer
    Quote Quote

  4. Prescottbob
    Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       New #303

    Doug, thanks for the interest. I'll let cottonball digest that.

    cottonball, jacee's scan just completed ( 6 hrs ). I've got evening appointments that can't be forestalled.

    Will be back tomorrow.
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #304

    This may be of some relevance ...
    MpSvc.dll can be infected by virus Backdoor:PHP/C99shell.J which spreads through social network Flickr to download and install malware Movavi Screen Capture Personal on the affected machines.

    Once infected, the file path of MpSvc.dll will be re-set as:
    C:\WINDOWS\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\
    Your FSS Log shows:
    Farbar Service Scanner Version: 14-04-2013
    Ran by Binnie (administrator) on 11-05-2013 at 15:25:02
    Windows 7 Home Premium Service Pack 1 (X64)
    ************************************************
    ======== Search: "MpSvc.dll" =========
    C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
    [2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
    C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
    [2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
    C:\Program Files\Windows Defender\MpSvc.dll
    [2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
    ====== End Of Search ======
      My Computer
    Quote Quote

  7. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #305

    Yep, read the same stuff...

    That is why Prescottbob is getting a new MpSvc.dll, and with CF and an FCopy:: all three of those will get a new life:

    C:\MpSvc.dll | C:\Program Files\Windows Defender\MpSvc.dll

    C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll

    C:\MpSvc.dll | C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll


    Just need to confirm that the C:\MpSvc.dll is in the right place...
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #306

    This is what this Trojan Backdoor:PHP/C99shell.J does to an infected computer .. Encyclopedia entry: Backdoor:PHP/C99shell.J - Learn more about malware - Microsoft Malware Protection Center

    These are the most dangerous, and most widespread, type of Trojan.
    Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

    If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
    You should consider them to be compromised.

    They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
    Banking and credit card institutions should be notified of the possible security breech.
      My Computer
    Quote Quote

  10. Prescottbob
    Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       New #307

    SystemLook.txt
      My Computer
    Quote Quote

  11. Prescottbob
    Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       New #308

    trash Post #307 I didn't do something right!
      My Computer
    Quote Quote

  12. Prescottbob
    Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       New #309

    SystemLook.txt

    This should be the right one!
      My Computer
    Quote Quote

  13. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #310

    After this computer is clean. This might be asking to much but if someone could post what infections were found and where in the system.

    What programs or methods removed the problems.

    My thoughts are this nasty Backdoor Trojan planted itself in Windows Defender and kept turning Windows Defender on so the torjan could do it nasty things. What a great way to hide a infection; inside a security program.
      My Computer
    Quote Quote

 
Page 31 of 53 FirstFirst ... 21293031323341 ... LastLast

  Related Discussions
W32 Blaster Worm
in System Security

Hello, My computer has caught this worm and is driving me crazy, it starts with the spyware protection software which tells me I have many viruses. Im aware its a scam but i cant seem to resolve the problem in safe mode using spybot & uniblue registry cleaner. Please could someone help me,...
blaster.worm help
in System Security

my laptop wont do anything. I keep getting a message saying blocked by w32/blaster.worm. Can you please pretty please help me
worm blaster
in System Security

my husbands computer got the worm blaster. the computer was working fine in the am.and i had only searched walmart .com. at noon when he turned it on it said it was infected and wouldnt let us go to anything. i am running avg(updated) and mcfee on it. now all of his desktop icons are gone and i...
Sound Blaster
in Sound & Audio

My sound chip on my motherboard seem to have gone kaput, got a Creative Sound Blaster Audigy SE. Apparently it don't work with Win7, yet its all right on my Vista partition. Trying to find a driver that will make it compatible with 7. Anyone had that problem.
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:06.
Find Us