Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT


07 Aug 2013   #1

Win 8.1 Pro
 
 
IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT

Hi all.
I searched through the forum & didn't find any reports like this. A client's employee needed my help remotely via Teamviewer the last 24 hours. Old, old, old Pentium 4 PC running Win 7 32-bit; 512MB RAM (wth?)

The system is old, and was running even slower than it usually does (confirmed).
I cleaned out the PC:
  • Malwarebytes found 20 infections -- clean it out.
  • Used CCleaner even though hard drive space is not an issue.
  • Ran AdwCleaner (will attach the logs when I regain access to the PC)
  • Ran a full scan with Trend Micro Housecall -- no infections.
  • Installed Windows Security Essentials - quick scan > no infections

The system is now running fast for a machine that old. Two persistent yet related problems, though ...
  1. When I try to download a safe file (CCleaner via filehippo, as a test), I get a false report that the file contains "a virus and was deleted."
  2. In Chrome, I cannot install any extensions (tried Adblock Plus) -- the download is blocked due to another false virus report.

If anyone has seen this before & can recommend a fix, I'd appreciate the input. It is unusual behavior -- don't know if it's an unreported virus or something else, though.

Thank you!




Attached Thumbnails
IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT-ie-false-virus-report-screenshot.png  
My System SpecsSystem Spec
.

07 Aug 2013   #2

Win 8.1 Pro
 
 

I just found this in the related threads section. Will try tips in the thread when I get access to the PC.

"This file contained a virus and was deleted."

Love this & the eight forums! Thanks.
My System SpecsSystem Spec
07 Aug 2013   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This is a sign of "Zero Access" ... a Rootkit.

Using a known "clean" computer:

STEP 1: Download and create a bootable Kaspersky Rescue Disk CD
1.You can download Kaspersky Rescue Disk utility from link below:
KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will automatically download Kaspersky Rescue Disk (kav_rescue_10.iso) on your computer.)
2.To create the bootable rescue disk, we will need to use the ImgBurn program. You can download ImgBurn from the below link, then install this program.
IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download the ImgBurn program)
3.Insert your blank DVD or CD in your burner, then start ImgBurn and click on the Write image file to disc button.
4.Under Source click on the Browse for file button, then navigate to the location where you previously saved the Kaspersky Rescue Disk utility (kav_rescue_10.iso), then click on the Write button.
ImgBurn will now begin writing your bootable Kaspersky Rescue Disk.

STEP 2: Start your computer using the Kaspersky Rescue Disk
1.Once you’ve got the Kasperky Rescue Disk in hand, insert it into the infected computer, and turn off and then turn it on again.
2.As soon as you power it on, you will see a screen that tells you to press any key to enter the menu, so please tap any key to boot your machine from the Kaspersky Rescue Disk
3.In the next screen, you will need to chose a language, then you click on Kaspersky Rescue Disk. Graphic Mode and press ENTER, to start the Kaspersky Rescue Disk.

STEP 3: Scan your system with Kaspersky Rescue Disk
1.Within a few short seconds you should see the full working environment, with the Kaspersky Rescue Disk screen front and center.
2.Switch tabs over to the My Update Center, and then click the Start update button to load the latest anti-virus definitions. Please be patience while this process its completed.
3.Switch back over to the Objects Scan tab, select the drives you want to scan, and then click the Start Objects Scan button.
4.When Kaspersky Antivirus will detect the “file contained a virus and was deleted” virus, you’ll be prompted to select an action. When this happens, please select Quarantine or Delete to remove this infection from your computer.
5.When the antivirus scan has completed, you can restart back into Windows regular mode, by clicking on the Kaspersky Start button (lower left corner), and selecting Restart.
Once your computer will start in Windows regular more, download Malwarebytes Anti-Malware and HitmanPro (select the 'trial' version), and scan your computer for any left over infections.


Please post all .txt logs
My System SpecsSystem Spec
.


07 Aug 2013   #4

Win 8.1 Pro
 
 

Thank you, Jacee. I'm making arrangements to get my hands on the PC next week.

Maybe it'll be easier to wipe the drive & re-install Windows. hehe.

I'll post logs if I go that route.
My System SpecsSystem Spec
07 Aug 2013   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Since I don't advocate trying to clean up a Rootkit, simply because you can never be sure the computer will ever be stable again; I would advise you to do a wipe and clean re-install.
My System SpecsSystem Spec
07 Aug 2013   #6

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

TBolt

I'd disagree on the wipe . Leave wiping the PC for the last resort .
My System SpecsSystem Spec
07 Aug 2013   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I don't and you cannot guarantee that this person's computer will ever be stable!

Look at the odds ... it's extremly old and possibly won't be able to handle all apps that we throw at it to try to 'fix' it.
My System SpecsSystem Spec
07 Aug 2013   #8

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Its worth a try . Fixing and reinstalling windows and the apps will take about the same time on a laptop with 512MB
My System SpecsSystem Spec
07 Aug 2013   #9

Windows 7 Home Premium
 
 

TBolt,

As Jacee mentioned, the issue is a sign of a ZeroAccess variant.

The easiest route for this is to run the following diagnostic and removal tool:

Download the Farbar Recovery Scan Tool
Select the version that applies to your system.


Save to the Desktop.
  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • FRST makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.



Next, download Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.

Thanks!
My System SpecsSystem Spec
12 Aug 2013   #10

Win 8.1 Pro
 
 

I really appreciate your opinions & advice, guys.

I got my hands on the PC today ... he has so little data & very few programs installed. It just made more sense to me to wipe, reload the OS & re-install. Much faster, & it's a guaranteed solution. Besides, if it were my PC that was infected like this, I would have wiped everything, too.

Most of all, I'm beefing up his protection & teaching how to stay out of trouble in the future. hehe.
My System SpecsSystem Spec
Reply

 IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:43 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33