Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: May have a virus -- how to transfer

18 Oct 2013   #1

Win7 Starter
 
 
May have a virus -- how to transfer

Hi All,

My laptop has been acting weird and is frequently accessing the Internet when I launch programs. These are programs I have written and compiled myself and they have no functions or needs to access the Internet.

The firewall has asked permission to access the Internet and I have blocked them.

I am thinking of going to a full factory restore and then transfer over the source code and recompile. But, my concern is that I may be transferring the virus/Trojan etc over during the copy-process.

I am thinking of using an older laptop booted with a Linux-live CD and then transfer the stuff across so hopfully the problem stuff will not get copied across.

Any thoughts, suggestions or ideas?

Thanks

My System SpecsSystem Spec
.

18 Oct 2013   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

What makes you think you have a virus/Trojan? Have you run your Anti-virus program?
My System SpecsSystem Spec
18 Oct 2013   #3

Win-7 Home Prem 64-bit 7601 Free SP1
 
 

Hi Jacee,
Can you give any insight on this report from Adwcleaner ?

# AdwCleaner v3.008 - Report created 18/10/2013 at 22:09:56
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : <deleted by IWP>
# Running from : E:\Apps\Tools\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Found C:\ProgramData\apn
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720

*************************
AdwCleaner[R0].txt - [857 octets] - [18/10/2013 22:09:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########

A new question was asked here Jacee,
IE10 "Open in new tab" gives blank page
My System SpecsSystem Spec
.


18 Oct 2013   #4

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 

and even the TDSS from this listing Free Malware Removal Tools

they don't take long and as I said eliminates some possible problems.
My System SpecsSystem Spec
18 Oct 2013   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by ThrashZone View Post
Hi Jacee,
Can you give any insight on this report from Adwcleaner ?

# AdwCleaner v3.008 - Report created 18/10/2013 at 22:09:56
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : <deleted by IWP>
# Running from : E:\Apps\Tools\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Found C:\ProgramData\apn
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720

*************************
AdwCleaner[R0].txt - [857 octets] - [18/10/2013 22:09:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########
Whose computer is that .txt report from? Did I miss a post/topic somewhere along the line? If so, please give me a link
My System SpecsSystem Spec
19 Oct 2013   #6

Win7 Starter
 
 

Quote   Quote: Originally Posted by Jacee View Post
What makes you think you have a virus/Trojan? Have you run your Anti-virus program?
Did you not read all of my post?

1: Programs I have designed, developed, written, compiled and run. I know every byte within them.
2: None of them have anything to do with or need the Internet.
3: When they are run - sometimes - they request Firewall (Comodo) access to the Internet.
...: "LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
...: The example .exe name is fake as is the IP address and Port. OK?

I use Security Essentials and it never complains. A scan with MBAM shows nothing.

So, tell me, does that or does that not look like a Virus or Trojan behavior.
My System SpecsSystem Spec
19 Oct 2013   #7

Win-7 Home Prem 64-bit 7601 Free SP1
 
 

Quote   Quote: Originally Posted by CarvedDuck View Post
Hi All,

The firewall has asked permission to access the Internet and I have blocked them.
I'm not sure I understand this statement ?
Could you expand please,
Cheers.
My System SpecsSystem Spec
20 Oct 2013   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

The IP 123.123.123.123 address is 123.123.123.123 IP Address WHOIS | DomainTools.com

"LeftLeg.exe" sounds like 'LOP' ...

Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
23 Oct 2013   #9

Windows 7 Professional x64 Sp1
 
 

Quote   Quote: Originally Posted by CarvedDuck View Post
"LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
...: The example .exe name is fake as is the IP address and Port. OK?
Jacee, he states that was an example.

@CarvedDuck Please tell us or show a screenshot of the firewall prompting you.
To answer your question, yes you use a Linux CD and copy the files over and have way less risk of transferring the virus (malware), unless the file itself is infected. Keep in mind though that while in the Linux environment it could not activate. It could though activate when copied back to a clean system. You could try doing a boot scan with avast! antivirus and using malwarebytes as found in my signature to do a full scan. These are free programs. You could also try using eset online to scan your pc. If all of these come up clean, its likely you are fine and more likely the firewall falsely claiming your programs are connecting to the internet.


Quote   Quote: Originally Posted by ThrashZone View Post
Quote   Quote: Originally Posted by CarvedDuck View Post
Hi All,

The firewall has asked permission to access the Internet and I have blocked them.
I'm not sure I understand this statement ?
Could you expand please,
Cheers.
Not sure why your confused, his programs that he created are trying to access the internet, which his comodo is warning him about. He is concerned that he might have a threat as he created these programs himself and is wondering about a threat on his system ether overtaking his programs or pretending to be those processes.
The programs he created he knows every line of code, and they should not connect to the internet. So he is wondering why this is happening.


It might be comodo falsely reporting they are. Comodo is known to be aggressive.
My System SpecsSystem Spec
23 Oct 2013   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by andrew129260 View Post
Quote   Quote: Originally Posted by CarvedDuck View Post
"LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
...: The example .exe name is fake as is the IP address and Port. OK?
Jacee, he states that was an example.

Please tell us or show a screenshot of the firewall prompting you
Duh on me!
My System SpecsSystem Spec
Reply

 May have a virus -- how to transfer




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:49 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33