May have a virus -- how to transfer


  1. CarvedDuck
    Posts : 93
    Win7 Starter
       New #1

    May have a virus -- how to transfer


    Hi All,

    My laptop has been acting weird and is frequently accessing the Internet when I launch programs. These are programs I have written and compiled myself and they have no functions or needs to access the Internet.

    The firewall has asked permission to access the Internet and I have blocked them.

    I am thinking of going to a full factory restore and then transfer over the source code and recompile. But, my concern is that I may be transferring the virus/Trojan etc over during the copy-process.

    I am thinking of using an older laptop booted with a Linux-live CD and then transfer the stuff across so hopfully the problem stuff will not get copied across.

    Any thoughts, suggestions or ideas?

    Thanks
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    What makes you think you have a virus/Trojan? Have you run your Anti-virus program?
      My Computer
    Quote Quote

  4. ThrashZone
    Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       New #3

    Hi Jacee,
    Can you give any insight on this report from Adwcleaner ?

    # AdwCleaner v3.008 - Report created 18/10/2013 at 22:09:56
    # Updated 17/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : <deleted by IWP>
    # Running from : E:\Apps\Tools\AdwCleaner.exe
    # Option : Scan
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Found C:\ProgramData\apn
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16720

    *************************
    AdwCleaner[R0].txt - [857 octets] - [18/10/2013 22:09:56]
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########

    A new question was asked here Jacee,
    IE10 "Open in new tab" gives blank page
    Last edited by ThrashZone; 19 Oct 2013 at 16:27. Reason: link
      My Computer
    Quote Quote

  6. ICIT2LOL
    Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       New #4

    and even the TDSS from this listing Free Malware Removal Tools

    they don't take long and as I said eliminates some possible problems.
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    ThrashZone said:
    Hi Jacee,
    Can you give any insight on this report from Adwcleaner ?

    # AdwCleaner v3.008 - Report created 18/10/2013 at 22:09:56
    # Updated 17/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : <deleted by IWP>
    # Running from : E:\Apps\Tools\AdwCleaner.exe
    # Option : Scan
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Found C:\ProgramData\apn
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16720

    *************************
    AdwCleaner[R0].txt - [857 octets] - [18/10/2013 22:09:56]
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########
    Whose computer is that .txt report from? Did I miss a post/topic somewhere along the line? If so, please give me a link
      My Computer
    Quote Quote

  8. CarvedDuck
    Posts : 93
    Win7 Starter
    Thread Starter
       New #6

    Jacee said:
    What makes you think you have a virus/Trojan? Have you run your Anti-virus program?
    Did you not read all of my post?

    1: Programs I have designed, developed, written, compiled and run. I know every byte within them.
    2: None of them have anything to do with or need the Internet.
    3: When they are run - sometimes - they request Firewall (Comodo) access to the Internet.
    ...: "LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
    ...: The example .exe name is fake as is the IP address and Port. OK?

    I use Security Essentials and it never complains. A scan with MBAM shows nothing.

    So, tell me, does that or does that not look like a Virus or Trojan behavior.
      My Computer
    Quote Quote

  10. ThrashZone
    Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       New #7

    CarvedDuck said:
    Hi All,

    The firewall has asked permission to access the Internet and I have blocked them.
    I'm not sure I understand this statement ?
    Could you expand please,
    Cheers.
      My Computer
    Quote Quote

  11. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #8

    The IP 123.123.123.123 address is 123.123.123.123 IP Address WHOIS | DomainTools.com

    "LeftLeg.exe" sounds like 'LOP' ...

    Download DDS from one of these links:
    DDS.com
    DDS.pif
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.

    Include the contents of both logs in your next post.
    The scan will instruct you to post Attach.txt as an attachment.
      My Computer
    Quote Quote

  12. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #9

    CarvedDuck said:
    "LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
    ...: The example .exe name is fake as is the IP address and Port. OK?
    Jacee, he states that was an example.

    @CarvedDuck Please tell us or show a screenshot of the firewall prompting you.
    To answer your question, yes you use a Linux CD and copy the files over and have way less risk of transferring the virus (malware), unless the file itself is infected. Keep in mind though that while in the Linux environment it could not activate. It could though activate when copied back to a clean system. You could try doing a boot scan with avast! antivirus and using malwarebytes as found in my signature to do a full scan. These are free programs. You could also try using eset online to scan your pc. If all of these come up clean, its likely you are fine and more likely the firewall falsely claiming your programs are connecting to the internet.


    ThrashZone said:
    CarvedDuck said:
    Hi All,

    The firewall has asked permission to access the Internet and I have blocked them.
    I'm not sure I understand this statement ?
    Could you expand please,
    Cheers.
    Not sure why your confused, his programs that he created are trying to access the internet, which his comodo is warning him about. He is concerned that he might have a threat as he created these programs himself and is wondering about a threat on his system ether overtaking his programs or pretending to be those processes.
    The programs he created he knows every line of code, and they should not connect to the internet. So he is wondering why this is happening.


    It might be comodo falsely reporting they are. Comodo is known to be aggressive.
    Last edited by andrew129260; 24 Oct 2013 at 03:22.
      My Computer
    Quote Quote

  13. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #10

    andrew129260 said:
    CarvedDuck said:
    "LeftLeg.exe is trying to access the Internet at 123.123.123.123:47"
    ...: The example .exe name is fake as is the IP address and Port. OK?
    Jacee, he states that was an example.

    Please tell us or show a screenshot of the firewall prompting you
    Duh on me!
      My Computer
    Quote Quote

 

  Related Discussions
How to Transfer Files from One Computer to Another Computer with Windows Easy Transfer This tutorial will show you how to transfer your user files and settings from one computer to another using the Windows Easy Transfer tool.This feature is available in Vista and Windows 7. It can also be used...
I recently purchased a WD Passport external Harddrive, and have attempted to use it with transferring files from a laptop running Windows 7 32-bit to a desktop running Windows 7 64-bit. Windows Easy Transfer won't allow me to do this, giving me the error msg: "Windows Easy transfer can't transfer...
http://i.imgur.com/8bE5b4I.jpg What steps should I take ? How do I resolve this issue
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
I migrated to a new machine using easy transfer. I copied my files (user and data) to a hard drive that I installed in my new machine. I copied everything back and it all worked fine. Over time (the last year) I have altered my config and even wiped the OS and did a clean install. My problem...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:52.
Find Us