Odd behavior/Virus??

Page 1 of 3 123 LastLast

  1. A320
    Posts : 353
    Win 7 Ultimate x64
       New #1

    Odd behavior/Virus??


    Recently, I have gone into my den to wakeup my computer only to find it already on. Vipre antivirus had one or two messages saying certain trojans were blocked.

    Also, my clock/date/time were screwed up and set to 2016 (I saw this happen last week and wasn't sure what had caused it)

    In my system startup via msconfig I found the following unrecognized entry and unchecked it:

    lsdegrag-----unknown-------c:\users\chris\appdata\roaming\callapps.exe

    I ran a full deep scan with Vipre only to find the trojan messages were still occurring so I elected to boot into safe mode and scan again. So far I'm not sure If I am still infected.

    Some of the other symptoms were that both windows and Vipre could not update (error messages) and I was getting (and still am) the following odd screen:



    Below is a summary from Vipre:



    At times Vipre was telling me it was blocking a.exe then b.exe then c.exe and so on and so forth.

    Anybody seen this before or have any advice? I've never really been infected before as I am a situationally aware computer user and have always kept my security up to par.
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    Please download Malwarebytes' Anti-Malware to your desktop
    |MG| Malwarebytes Anti-Malware 1.41 Download
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
      My Computer
    Quote Quote

  4. A320
    Posts : 353
    Win 7 Ultimate x64
    Thread Starter
       New #3

    Doing this now, I'll have it up asap. Thanks
      My Computer
    Quote Quote

  6. A320
    Posts : 353
    Win 7 Ultimate x64
    Thread Starter
       New #4

    Ok, here's the log:

    Malwarebytes' Anti-Malware 1.41
    Database version: 3153
    Windows 6.1.7600

    12/11/2009 7:56:54 AM
    mbam-log-2009-11-12 (07-56-54).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|)
    Objects scanned: 460220
    Time elapsed: 1 hour(s), 7 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 12

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM2521E6\deplovx[1].txt (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\a.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\b.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    E:\Software\Camtasia Studio v6 0 3 Incl Keymaker HAPPY BIRTHDAY ZWT\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
    E:\Software\Change TCP limit for XP to increase DWNLOADS set to 50 then cancel warning that appears afterwards\EvID4226Patch223d-en\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
    E:\Software\Massive Collection of VST & VSTi + DX plug-ins -\Albino3DemoInstaller302.exe (Adware.EShoper) -> Quarantined and deleted successfully.
    E:\Software\Massive Collection of VST & VSTi + DX plug-ins -\AlphaDemoInstaller.exe (Adware.EShoper) -> Quarantined and deleted successfully.
    E:\Software\Massive Collection of VST & VSTi + DX plug-ins -\daOrganDemoInstaller.exe (Adware.EShoper) -> Quarantined and deleted successfully.
    E:\Software\Microsoft_Windows_XP Key Gen\Windows.XP.Keygenerator.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Chris\AppData\Local\Temp\hi.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    Last edited by A320; 12 Nov 2009 at 09:14.
      My Computer
    Quote Quote

  7. Tews
    Posts : 11,840
    64-bit Windows 8.1 Pro
       New #5

    Interesting files in your deleted list...
      My Computer
    Quote Quote

  8. A320
    Posts : 353
    Win 7 Ultimate x64
    Thread Starter
       New #6

    ya I know looks bad, but as a newly founded hobby and student of mild programming, I don't do that $hit anymore considering I now know what it takes to develop software. Bad thing is I NEVER delete anything so everything acquired over the past few years I have kept which apparently includes some malicious or infected software. I don't know where the xpkeygen came from though as I have always purchased windows. To me it's like using a hacked antivirus program?!?! How can you run an important component to your computer like that and trust it if it's been messed with itself?!
      My Computer
    Quote Quote

  10. A320
    Posts : 353
    Win 7 Ultimate x64
    Thread Starter
       New #7

    since the odd behavior, I ran 2 deep scans with Vipre (normal and safe mode) and the above results with Malware bytes came AFTER these 2 scans so I am starting to agree with your latter point and am thinking of purchasing ESET's NOD32. Prior to the Vipre trial I was trialing ESET and was gonna make a purchase decision between the two. I was rooting for Vipre but I think It's gonna be ESET.
      My Computer
    Quote Quote

  11. sclausnitzer
    Posts : 15
    WIndows 7 RC1 (32bit)
       New #8

    Another set of tools you can use are the free AV boot CDs from the different AV vendors. Each has it's own strengths and weaknesses. I suggest running them while hardwired to your router, as wireless support is less than spectacular.

    FREE Bootable AntiVirus Rescue CDs Download List

    You can find CD ISOs from Kaspersky, FSecure, Avast, Avira, BitDefender, Panda, and others.
      My Computer
    Quote Quote

  12. Qdos
    Posts : 3,960
    W7 x64
       New #9

    What a humungous nerd star, loading pirated programs, which you certainly haven't paid for, then using trojanised Keygens to authenticate them - and you wonder why you have infections? Then asking on a public forum! Are you for real? Sheesh...........
      My Computer
    Quote Quote

  13. A320
    Posts : 353
    Win 7 Ultimate x64
    Thread Starter
       New #10

    Yes I am. I didn't hide the fact and I think I explained myself clearly. The recent problems I am having have nothing to do with that keygen. It wasn't run and it has merely be sitting on my HD for some time. So you are patronizing me (and assuming) by indicating how unintelligent I am that I would actually have ran keygens and wondered why I am having problems. I have been running a squeaky clean computer for years.

    But I am glad to know that you are a better person than me because yes I have scammed software in the past. As I stated I don't do that $hit anymore. If you want to contribute to the thread then pony up, otherwise please spare me on how pure your soul is and that you are great humanitarian. I don't feel that I need to prove that to you.
      My Computer
    Quote Quote

 
Page 1 of 3 123 LastLast

  Related Discussions
http://i.imgur.com/8bE5b4I.jpg What steps should I take ? How do I resolve this issue
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
my windows infected ramnit virus and virut virus,how to clean them?
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:10.
Find Us