IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT

Page 1 of 2 12 LastLast

  1. TBolt
    Posts : 40
    Win 8.1 Pro
       New #1

    IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT


    Hi all.
    I searched through the forum & didn't find any reports like this. A client's employee needed my help remotely via Teamviewer the last 24 hours. Old, old, old Pentium 4 PC running Win 7 32-bit; 512MB RAM (wth?)

    The system is old, and was running even slower than it usually does (confirmed).
    I cleaned out the PC:
    • Malwarebytes found 20 infections -- clean it out.
    • Used CCleaner even though hard drive space is not an issue.
    • Ran AdwCleaner (will attach the logs when I regain access to the PC)
    • Ran a full scan with Trend Micro Housecall -- no infections.
    • Installed Windows Security Essentials - quick scan > no infections


    The system is now running fast for a machine that old. Two persistent yet related problems, though ...
    1. When I try to download a safe file (CCleaner via filehippo, as a test), I get a false report that the file contains "a virus and was deleted."
    2. In Chrome, I cannot install any extensions (tried Adblock Plus) -- the download is blocked due to another false virus report.


    If anyone has seen this before & can recommend a fix, I'd appreciate the input. It is unusual behavior -- don't know if it's an unreported virus or something else, though.

    Thank you!
    Attached Thumbnails Attached Thumbnails IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT-ie-false-virus-report-screenshot.png  
      My Computer
    Quote Quote

  3. TBolt
    Posts : 40
    Win 8.1 Pro
    Thread Starter
       New #2

    I just found this in the related threads section. Will try tips in the thread when I get access to the PC.

    "This file contained a virus and was deleted."

    Love this & the eight forums! Thanks.
      My Computer
    Quote Quote

  4. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #3

    This is a sign of "Zero Access" ... a Rootkit.

    Using a known "clean" computer:

    STEP 1: Download and create a bootable Kaspersky Rescue Disk CD
    1.You can download Kaspersky Rescue Disk utility from link below:
    KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will automatically download Kaspersky Rescue Disk (kav_rescue_10.iso) on your computer.)
    2.To create the bootable rescue disk, we will need to use the ImgBurn program. You can download ImgBurn from the below link, then install this program.
    IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download the ImgBurn program)
    3.Insert your blank DVD or CD in your burner, then start ImgBurn and click on the Write image file to disc button.
    4.Under Source click on the Browse for file button, then navigate to the location where you previously saved the Kaspersky Rescue Disk utility (kav_rescue_10.iso), then click on the Write button.
    ImgBurn will now begin writing your bootable Kaspersky Rescue Disk.

    STEP 2: Start your computer using the Kaspersky Rescue Disk
    1.Once you’ve got the Kasperky Rescue Disk in hand, insert it into the infected computer, and turn off and then turn it on again.
    2.As soon as you power it on, you will see a screen that tells you to press any key to enter the menu, so please tap any key to boot your machine from the Kaspersky Rescue Disk
    3.In the next screen, you will need to chose a language, then you click on Kaspersky Rescue Disk. Graphic Mode and press ENTER, to start the Kaspersky Rescue Disk.

    STEP 3: Scan your system with Kaspersky Rescue Disk
    1.Within a few short seconds you should see the full working environment, with the Kaspersky Rescue Disk screen front and center.
    2.Switch tabs over to the My Update Center, and then click the Start update button to load the latest anti-virus definitions. Please be patience while this process its completed.
    3.Switch back over to the Objects Scan tab, select the drives you want to scan, and then click the Start Objects Scan button.
    4.When Kaspersky Antivirus will detect the “file contained a virus and was deleted” virus, you’ll be prompted to select an action. When this happens, please select Quarantine or Delete to remove this infection from your computer.
    5.When the antivirus scan has completed, you can restart back into Windows regular mode, by clicking on the Kaspersky Start button (lower left corner), and selecting Restart.
    Once your computer will start in Windows regular more, download Malwarebytes Anti-Malware and HitmanPro (select the 'trial' version), and scan your computer for any left over infections.


    Please post all .txt logs :)
      My Computer
    Quote Quote

  6. TBolt
    Posts : 40
    Win 8.1 Pro
    Thread Starter
       New #4

    Thank you, Jacee. I'm making arrangements to get my hands on the PC next week.

    Maybe it'll be easier to wipe the drive & re-install Windows. hehe.

    I'll post logs if I go that route.
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    Since I don't advocate trying to clean up a Rootkit, simply because you can never be sure the computer will ever be stable again; I would advise you to do a wipe and clean re-install.
      My Computer
    Quote Quote

  8. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #6

    TBolt

    I'd disagree on the wipe . Leave wiping the PC for the last resort .
      My Computer
    Quote Quote

  10. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #7

    I don't and you cannot guarantee that this person's computer will ever be stable!

    Look at the odds ... it's extremly old and possibly won't be able to handle all apps that we throw at it to try to 'fix' it.
      My Computer
    Quote Quote

  11. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #8

    Its worth a try . Fixing and reinstalling windows and the apps will take about the same time on a laptop with 512MB
      My Computer
    Quote Quote

  12. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #9

    TBolt,

    As Jacee mentioned, the issue is a sign of a ZeroAccess variant.

    The easiest route for this is to run the following diagnostic and removal tool:

    Download the Farbar Recovery Scan Tool
    Select the version that applies to your system.


    Save to the Desktop.
    • Double-click the downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • FRST makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply.


    The first time the tool is run, it also makes another log: Addition.txt
    Also post the Addition.txt in your reply.



    Next, download Farbar Service Scanner

    Save to the Desktop
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press: Scan
    • FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply.

    Thanks!
      My Computer
    Quote Quote

  13. TBolt
    Posts : 40
    Win 8.1 Pro
    Thread Starter
       New #10

    I really appreciate your opinions & advice, guys.

    I got my hands on the PC today ... he has so little data & very few programs installed. It just made more sense to me to wipe, reload the OS & re-install. Much faster, & it's a guaranteed solution. Besides, if it were my PC that was infected like this, I would have wiped everything, too.

    Most of all, I'm beefing up his protection & teaching how to stay out of trouble in the future. hehe.
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Are bad sectors always irreversible hardware problems? How do programs test for bad sectors, and could it be possible for soft data errors to come up as damaged blocks even if they are physically just fine? I recently had a drive come into my possession that had completely failed within the...
I have actually been getting this error for the past month, at least since March 29th. I've made several attempts to work around it but to no avail. It appears that there is an error with the other browsers as well. I have searched for solutions for this for several weeks, none of which fit my...
This is with Win 7 Pro 64 Both Firefox and IE9 are giving me this issue when I try to download a file. The file downloads all the way and then just gets eradicated. Not in the recycle bin, not in the virus vault. Chrome does not have this problem, downloads are saving normally. "This file...
Hi I'm getting an error message everytime I start my game, although there is nothing wrong!! I just close the message and play my game. Is there a way to get rid of this nuisance?
Hello there, I'm trying to download some OS photo software onto my machine (Rawtherapee), and on completion it is deleted and I'm told the file has a virus. I don't believe this is true because everything I've tried to download recently has told me it has a virus and is deleted. I think...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 00:24.
Find Us