May have a virus -- how to transfer

[CarvedDuck]

Hi All,

My laptop has been acting weird and is frequently accessing the Internet when I launch programs. These are programs I have written and compiled myself and they have no functions or needs to access the Internet.

The firewall has asked permission to access the Internet and I have blocked them.

I am thinking of going to a full factory restore and then transfer over the source code and recompile. But, my concern is that I may be transferring the virus/Trojan etc over during the copy-process.

I am thinking of using an older laptop booted with a Linux-live CD and then transfer the stuff across so hopfully the problem stuff will not get copied across.

Any thoughts, suggestions or ideas?

Thanks

 

[Jacee]

What makes you think you have a virus/Trojan? Have you run your Anti-virus program?

 

[ThrashZone]

Hi Jacee,
Can you give any insight on this report from Adwcleaner ?

# AdwCleaner v3.008 - Report created 18/10/2013 at 22:09:56
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : <deleted by IWP>
# Running from : E:\Apps\Tools\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Found C:\ProgramData\apn
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720

*************************
AdwCleaner[R0].txt - [857 octets] - [18/10/2013 22:09:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########

A new question was asked here Jacee,
http://www.sevenforums.com/browsers-mail/308748-ie10-open-new-tab-gives-blank-page.html

 

[ICIT2LOL]

and even the TDSS from this listing Free Malware Removal Tools

they don't take long and as I said eliminates some possible problems.

 

[Jacee]

Hi Jacee,
Can you give any insight on this report from Adwcleaner ?

# AdwCleaner v3.008 - Report created 18/10/2013 at 22:09:56
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : <deleted by IWP>
# Running from : E:\Apps\Tools\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Found C:\ProgramData\apn
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720

*************************
AdwCleaner[R0].txt - [857 octets] - [18/10/2013 22:09:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########

Whose computer is that .txt report from? Did I miss a post/topic somewhere along the line? If so, please give me a link

 

[CarvedDuck]

What makes you think you have a virus/Trojan? Have you run your Anti-virus program?

Did you not read all of my post?

1: Programs I have designed, developed, written, compiled and run. I know every byte within them.
2: None of them have anything to do with or need the Internet.
3: When they are run - sometimes - they request Firewall (Comodo) access to the Internet.
...: "LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
...: The example .exe name is fake as is the IP address and Port. OK?

I use Security Essentials and it never complains. A scan with MBAM shows nothing.

So, tell me, does that or does that not look like a Virus or Trojan behavior.

 

[ThrashZone]

Hi All,

The firewall has asked permission to access the Internet and I have blocked them.

I'm not sure I understand this statement ?
Could you expand please,
Cheers.

 

[Jacee]

The IP 123.123.123.123 address is 123.123.123.123 IP Address WHOIS | DomainTools.com

"LeftLeg.exe" sounds like 'LOP' ...

Download DDS from one of these links:
DDS.com
DDS.pif

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

 

[andrew129260]

"LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
...: The example .exe name is fake as is the IP address and Port. OK?

Jacee, he states that was an example.

@CarvedDuck Please tell us or show a screenshot of the firewall prompting you.
To answer your question, yes you use a Linux CD and copy the files over and have way less risk of transferring the virus (malware), unless the file itself is infected. Keep in mind though that while in the Linux environment it could not activate. It could though activate when copied back to a clean system. You could try doing a boot scan with avast! antivirus and using malwarebytes as found in my signature to do a full scan. These are free programs. You could also try using eset online to scan your pc. If all of these come up clean, its likely you are fine and more likely the firewall falsely claiming your programs are connecting to the internet.

Hi All,

The firewall has asked permission to access the Internet and I have blocked them.

I'm not sure I understand this statement ?
Could you expand please,
Cheers.

Not sure why your confused, his programs that he created are trying to access the internet, which his comodo is warning him about. He is concerned that he might have a threat as he created these programs himself and is wondering about a threat on his system ether overtaking his programs or pretending to be those processes.
The programs he created he knows every line of code, and they should not connect to the internet. So he is wondering why this is happening.


It might be comodo falsely reporting they are. Comodo is known to be aggressive.

 

[Jacee]

"LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
...: The example .exe name is fake as is the IP address and Port. OK?

Jacee, he states that was an example.

Please tell us or show a screenshot of the firewall prompting you

Duh on me!