IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT

TBolt

New member
Member
Local time
12:47 PM
Messages
40
IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT

Hi all.
I searched through the forum & didn't find any reports like this. A client's employee needed my help remotely via Teamviewer the last 24 hours. Old, old, old Pentium 4 PC running Win 7 32-bit; 512MB RAM (wth?) :cry:

The system is old, and was running even slower than it usually does (confirmed).
I cleaned out the PC:
  • Malwarebytes found 20 infections -- clean it out.
  • Used CCleaner even though hard drive space is not an issue.
  • Ran AdwCleaner (will attach the logs when I regain access to the PC)
  • Ran a full scan with Trend Micro Housecall -- no infections.
  • Installed Windows Security Essentials - quick scan > no infections

The system is now running fast for a machine that old. Two persistent yet related problems, though ...
  1. When I try to download a safe file (CCleaner via filehippo, as a test), I get a false report that the file contains "a virus and was deleted."
  2. In Chrome, I cannot install any extensions (tried Adblock Plus) -- the download is blocked due to another false virus report.

If anyone has seen this before & can recommend a fix, I'd appreciate the input. It is unusual behavior -- don't know if it's an unreported virus or something else, though.

Thank you!
 

Attachments

  • ie-false-virus-report-screenshot.png
    ie-false-virus-report-screenshot.png
    74.2 KB · Views: 4

My Computer My Computer

At a glance

Win 8.1 ProIntel® Core™ i7-740QM processor8 GBNVIDIA® GeForce® GTX 460M
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Toshiba Qosmio X505-Q894
OS
Win 8.1 Pro
CPU
Intel® Core™ i7-740QM processor
Memory
8 GB
Graphics Card(s)
NVIDIA® GeForce® GTX 460M
Monitor(s) Displays
2
Screen Resolution
1680x945 & 1920x1080
Internet Speed
Cable
Other Info
Excellent desktop replacement for work & gaming.

My Computer My Computer

At a glance

Win 8.1 ProIntel® Core™ i7-740QM processor8 GBNVIDIA® GeForce® GTX 460M
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Toshiba Qosmio X505-Q894
OS
Win 8.1 Pro
CPU
Intel® Core™ i7-740QM processor
Memory
8 GB
Graphics Card(s)
NVIDIA® GeForce® GTX 460M
Monitor(s) Displays
2
Screen Resolution
1680x945 & 1920x1080
Internet Speed
Cable
Other Info
Excellent desktop replacement for work & gaming.
This is a sign of "Zero Access" ... a Rootkit.

Using a known "clean" computer:

STEP 1: Download and create a bootable Kaspersky Rescue Disk CD
1.You can download Kaspersky Rescue Disk utility from link below:
KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will automatically download Kaspersky Rescue Disk (kav_rescue_10.iso) on your computer.)
2.To create the bootable rescue disk, we will need to use the ImgBurn program. You can download ImgBurn from the below link, then install this program.
IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download the ImgBurn program)
3.Insert your blank DVD or CD in your burner, then start ImgBurn and click on the Write image file to disc button.
4.Under Source click on the Browse for file button, then navigate to the location where you previously saved the Kaspersky Rescue Disk utility (kav_rescue_10.iso), then click on the Write button.
ImgBurn will now begin writing your bootable Kaspersky Rescue Disk.

STEP 2: Start your computer using the Kaspersky Rescue Disk
1.Once you’ve got the Kasperky Rescue Disk in hand, insert it into the infected computer, and turn off and then turn it on again.
2.As soon as you power it on, you will see a screen that tells you to press any key to enter the menu, so please tap any key to boot your machine from the Kaspersky Rescue Disk
3.In the next screen, you will need to chose a language, then you click on Kaspersky Rescue Disk. Graphic Mode and press ENTER, to start the Kaspersky Rescue Disk.

STEP 3: Scan your system with Kaspersky Rescue Disk
1.Within a few short seconds you should see the full working environment, with the Kaspersky Rescue Disk screen front and center.
2.Switch tabs over to the My Update Center, and then click the Start update button to load the latest anti-virus definitions. Please be patience while this process its completed.
3.Switch back over to the Objects Scan tab, select the drives you want to scan, and then click the Start Objects Scan button.
4.When Kaspersky Antivirus will detect the “file contained a virus and was deleted” virus, you’ll be prompted to select an action. When this happens, please select Quarantine or Delete to remove this infection from your computer.
5.When the antivirus scan has completed, you can restart back into Windows regular mode, by clicking on the Kaspersky Start button (lower left corner), and selecting Restart.
Once your computer will start in Windows regular more, download Malwarebytes Anti-Malware and HitmanPro (select the 'trial' version), and scan your computer for any left over infections.


Please post all .txt logs :)
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Thank you, Jacee. I'm making arrangements to get my hands on the PC next week.

Maybe it'll be easier to wipe the drive & re-install Windows. hehe.

I'll post logs if I go that route.
 

My Computer My Computer

At a glance

Win 8.1 ProIntel® Core™ i7-740QM processor8 GBNVIDIA® GeForce® GTX 460M
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Toshiba Qosmio X505-Q894
OS
Win 8.1 Pro
CPU
Intel® Core™ i7-740QM processor
Memory
8 GB
Graphics Card(s)
NVIDIA® GeForce® GTX 460M
Monitor(s) Displays
2
Screen Resolution
1680x945 & 1920x1080
Internet Speed
Cable
Other Info
Excellent desktop replacement for work & gaming.
Since I don't advocate trying to clean up a Rootkit, simply because you can never be sure the computer will ever be stable again; I would advise you to do a wipe and clean re-install. ;)
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
TBolt

I'd disagree on the wipe . Leave wiping the PC for the last resort .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
I don't and you cannot guarantee that this person's computer will ever be stable!

Look at the odds ... it's extremly old and possibly won't be able to handle all apps that we throw at it to try to 'fix' it.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Its worth a try . Fixing and reinstalling windows and the apps will take about the same time on a laptop with 512MB
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
TBolt,

As Jacee mentioned, the issue is a sign of a ZeroAccess variant.

The easiest route for this is to run the following diagnostic and removal tool:

:info: Download the Farbar Recovery Scan Tool
Select the version that applies to your system.


Save to the Desktop.
  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • FRST makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
:ar: Please provide the FRST.txt in your reply.


The first time the tool is run, it also makes another log: Addition.txt
:ar: Also post the Addition.txt in your reply.



:info: Next, download Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
:ar: Please provide the FSS.txt in your reply.

Thanks!
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
I really appreciate your opinions & advice, guys.

I got my hands on the PC today ... he has so little data & very few programs installed. It just made more sense to me to wipe, reload the OS & re-install. Much faster, & it's a guaranteed solution. Besides, if it were my PC that was infected like this, I would have wiped everything, too.

Most of all, I'm beefing up his protection & teaching how to stay out of trouble in the future. hehe.
 

My Computer My Computer

At a glance

Win 8.1 ProIntel® Core™ i7-740QM processor8 GBNVIDIA® GeForce® GTX 460M
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Toshiba Qosmio X505-Q894
OS
Win 8.1 Pro
CPU
Intel® Core™ i7-740QM processor
Memory
8 GB
Graphics Card(s)
NVIDIA® GeForce® GTX 460M
Monitor(s) Displays
2
Screen Resolution
1680x945 & 1920x1080
Internet Speed
Cable
Other Info
Excellent desktop replacement for work & gaming.
Good for you! :geek:
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Back
Top