Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Odd behavior/Virus??

12 Nov 2009   #1

Win 7 Ultimate x64
 
 
Odd behavior/Virus??

Recently, I have gone into my den to wakeup my computer only to find it already on. Vipre antivirus had one or two messages saying certain trojans were blocked.

Also, my clock/date/time were screwed up and set to 2016 (I saw this happen last week and wasn't sure what had caused it)

In my system startup via msconfig I found the following unrecognized entry and unchecked it:

lsdegrag-----unknown-------c:\users\chris\appdata\roaming\callapps.exe

I ran a full deep scan with Vipre only to find the trojan messages were still occurring so I elected to boot into safe mode and scan again. So far I'm not sure If I am still infected.

Some of the other symptoms were that both windows and Vipre could not update (error messages) and I was getting (and still am) the following odd screen:



Below is a summary from Vipre:



At times Vipre was telling me it was blocking a.exe then b.exe then c.exe and so on and so forth.

Anybody seen this before or have any advice? I've never really been infected before as I am a situationally aware computer user and have always kept my security up to par.


My System SpecsSystem Spec
.

12 Nov 2009   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.41 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec
12 Nov 2009   #3

Win 7 Ultimate x64
 
 

Doing this now, I'll have it up asap. Thanks
My System SpecsSystem Spec
.


12 Nov 2009   #4

Win 7 Ultimate x64
 
 

Ok, here's the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3153
Windows 6.1.7600

12/11/2009 7:56:54 AM
mbam-log-2009-11-12 (07-56-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 460220
Time elapsed: 1 hour(s), 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM2521E6\deplovx[1].txt (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\a.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\b.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\Software\Camtasia Studio v6 0 3 Incl Keymaker HAPPY BIRTHDAY ZWT\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
E:\Software\Change TCP limit for XP to increase DWNLOADS set to 50 then cancel warning that appears afterwards\EvID4226Patch223d-en\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
E:\Software\Massive Collection of VST & VSTi + DX plug-ins -\Albino3DemoInstaller302.exe (Adware.EShoper) -> Quarantined and deleted successfully.
E:\Software\Massive Collection of VST & VSTi + DX plug-ins -\AlphaDemoInstaller.exe (Adware.EShoper) -> Quarantined and deleted successfully.
E:\Software\Massive Collection of VST & VSTi + DX plug-ins -\daOrganDemoInstaller.exe (Adware.EShoper) -> Quarantined and deleted successfully.
E:\Software\Microsoft_Windows_XP Key Gen\Windows.XP.Keygenerator.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\hi.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
12 Nov 2009   #5

64-bit Windows 8.1 Pro
 
 

Interesting files in your deleted list...
My System SpecsSystem Spec
12 Nov 2009   #6

Win 7 Ultimate x64
 
 

ya I know looks bad, but as a newly founded hobby and student of mild programming, I don't do that $hit anymore considering I now know what it takes to develop software. Bad thing is I NEVER delete anything so everything acquired over the past few years I have kept which apparently includes some malicious or infected software. I don't know where the xpkeygen came from though as I have always purchased windows. To me it's like using a hacked antivirus program?!?! How can you run an important component to your computer like that and trust it if it's been messed with itself?!
My System SpecsSystem Spec
12 Nov 2009   #7

Win 7 Ultimate x64
 
 

since the odd behavior, I ran 2 deep scans with Vipre (normal and safe mode) and the above results with Malware bytes came AFTER these 2 scans so I am starting to agree with your latter point and am thinking of purchasing ESET's NOD32. Prior to the Vipre trial I was trialing ESET and was gonna make a purchase decision between the two. I was rooting for Vipre but I think It's gonna be ESET.
My System SpecsSystem Spec
12 Nov 2009   #8

WIndows 7 RC1 (32bit)
 
 

Another set of tools you can use are the free AV boot CDs from the different AV vendors. Each has it's own strengths and weaknesses. I suggest running them while hardwired to your router, as wireless support is less than spectacular.

FREE Bootable AntiVirus Rescue CDs Download List

You can find CD ISOs from Kaspersky, FSecure, Avast, Avira, BitDefender, Panda, and others.
My System SpecsSystem Spec
12 Nov 2009   #9

 

What a humungous nerd star, loading pirated programs, which you certainly haven't paid for, then using trojanised Keygens to authenticate them - and you wonder why you have infections? Then asking on a public forum! Are you for real? Sheesh...........
My System SpecsSystem Spec
12 Nov 2009   #10

Win 7 Ultimate x64
 
 

Yes I am. I didn't hide the fact and I think I explained myself clearly. The recent problems I am having have nothing to do with that keygen. It wasn't run and it has merely be sitting on my HD for some time. So you are patronizing me (and assuming) by indicating how unintelligent I am that I would actually have ran keygens and wondered why I am having problems. I have been running a squeaky clean computer for years.

But I am glad to know that you are a better person than me because yes I have scammed software in the past. As I stated I don't do that $hit anymore. If you want to contribute to the thread then pony up, otherwise please spare me on how pure your soul is and that you are great humanitarian. I don't feel that I need to prove that to you.
My System SpecsSystem Spec
Reply

 Odd behavior/Virus??




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:00 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33