Jump to content

hcova

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Dear Aura. I followed your instructions without any results. I avoided consider the option of adding the detected file into the Malwarebytes' scan exclusion list. Each time that MalwareBytes deleted the PUP malware, the next time I run MalwareBytes again, the malware continued in the computer. Regards
  2. Hi there. I took a bit of time trying to solve the issue by myself. After of trying many ways to eliminate PUP.Optional.Ask it was impossible the delete it for me. MalwareByte detected it but it is unable to delete by itelf. MalwareBytes says that the problem is the file C:\......\AppData\Local\Google\Chrome\USER DATA\Default\Web Data Any help will be welcome Best Regards Hernan
  3. Hi there. When I run AdwCleaner 7.0.4 it tells me that my computer is infected with PUP.Optional.22ChromeEXT. (Please see the attached AdeCleaner [2017.11.09-S8].txt report file. However when I run MalwareBytes 3.3.1.2183 it shows me that my computer is infected with PUP.Optional.Ask. (Please see the attached MalwareBytes 3.3.1 (2017.1.09 log).txt file) I have included HijackThis log report too. (Please see the attached hijackthis.log report file) I am running windows 8.1. Please anyone could help about : a) Does my computer is infected with PUP malware b) How can I remove this malware? I have tried with both AdwCleaner and MalwareBytes without any success. Each time I try to remove it with MalwareBytes and reboot my computer, and re sacn my computer the PUP is there!! c) Is it possible that each time I run Chrome (with a lot of default pages) some web pages contains the infection? (For instance, chineese pages) Warm Regards Hernan Covarrubias AdwCleaner[2017.11.09-S8].txt MalwareBytes 3.3.1. (2017.11.09 log).txt hijackthis.log
  4. Hi there. I have installed a clean Win XP Service Pack 3 a few days ago and for security I have avoides browse in dangerous website. I have run antivirus withou any problem. However when I restart my laptop in Safe Mode I get the following messages ------------------------------------------- multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\pcmcia.sys multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\disk.sys multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\sr.sys multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\ntfs.sys multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\NDIS.sys multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\Mup.sys -- -- -- and so on ------------------------------------------- It seems that it is a common problem on users on the web. I have read that It seems that it is a Service Pack 3 issue with the Boot. Any idea how to solve this issue?? Hernan
  5. I can run any program installed in my computer. However since yesterday, after I visited some brazilean websites for music downloads I have had problems. If I download any new .EXE into my computer I can not run it. Double click on it doesn't work. However, I can run any other previously installed .EXE file. One trick I learned is add any new .exe into a .zip file. Then double click the .zip file and run the .exe from inside the zip. In this way I can run any new .exe downloaded in my hard disk. Conclusion: If I add any .exe files to my hard disk. It will not launched. All others previously installed .exe files run without any problem. Do I have a virus? Any help is welcome Here you will find the HijackThis Log. Best Regards Hernan =============================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:45:58 PM, on 03/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\crypserv.exe C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\eTSrv.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Archivos de programa\Java\jre6\bin\jqs.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe C:\Archivos de programa\Java\jre6\bin\jusched.exe C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\atiptaxx.exe C:\Archivos de programa\PC Tools Firewall Plus\FirewallGUI.exe C:\Archivos de programa\LogMeIn\x86\LMIGuardian.exe C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\polipc\Configuraci
  6. Yes, you are right. I have installed an accelerometer. (C:\WINDOWS\system32\AccelerometerSt.exe) So if understand well I have not any malware or spyware? Best regards. Here the hijackthis.log: =============================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:14:27 PM, on 3/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\AccelerometerSt.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ThreatFire\TFTray.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFL.EXE C:\Documents and Settings\Hernan Covarrubias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFL.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\WINDOWS\system32\JRService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe C:\Program Files\ProtectTools\Embedded Security Software\SpTna.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTServs.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\DllHost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Hernan Covarrubias\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Hernan Covarrubias\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Hernan Covarrubias\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Hernan Covarrubias\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Hernan Covarrubias\My Documents\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [OwnData2Switch] #owndata20switch.exe O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EPSON Stylus TX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFL.EXE /FU "C:\WINDOWS\TEMP\E_S8E7.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hernan Covarrubias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [\\Nanopc\EPSON Stylus TX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFL.EXE /FU "C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\E_S38.tmp" /EF "HKCU" O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1237558851375 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: JR Service - Jurik Research Software; www.jurikres.com - C:\WINDOWS\system32\JRService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe -- End of file - 13327 bytes ================================================================
  7. Hi there. Anybody can explain which is meaninig of the "Spyware MarketScore". I run a quick scan of MB and get this 3 infections, all related with this spyware. QUESTIONS: 1. Is it a false positive?. Is it Dangerous? I bought my new computer few days ago and i just installed all original software. 2. Could my computer be infected by using MS Internet Explorer in certain web pages? 3. Which is the risk of keeping this spyware in my computer? =================================================== Scan type: Quick Scan Objects scanned: 70819 Time elapsed: 2 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> No action taken. HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) =================================================== Best Regards Hernan
  8. Hi there. Anybody can explain which is meaninig of the "Spyware MarketScore". I run a quick scan of MB and get this 3 infections, all related with this spyware. =================================================== Scan type: Quick Scan Objects scanned: 70819 Time elapsed: 2 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> No action taken. HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) =================================================== QUESTIONS: 1. Is it a false positive?. I bought my new computer few days ago and i just installed all original software. 2. Could it be infected by using MS Explorer in certain web pages? 3. Which is the risk of the spyware? Best Regards Hernan
  9. Hi Aspirina: Thanks God it seems I solved the issue. Sorry, Microsoft site solved the issue. I run the MS onecare Full Service Scan and it found an infection. After clean the infection the problem was solved. At least I have not found any "*.sys" malware at C:\WINDOWS\system32\drivers. Of course I am not sure if the computer is completelly clean but I can access the web without any problem. Onecare website: onecare.live.com/site/en-US/default.htm Thanks a lot Aspirina for your support. Best Regards HCOVA
  10. If I can delete it from the safe mode, could it eliminate the malware forever? Do I need to run anything else in safe mode? for example NOD32 or SpywareDoctor or any other? (SpywareDoctor do not recommend to run it in safe mode....i do not why) Thanks for your help. HCOVA
  11. Aspirina: I tried to copy paste the malware you mention. This is located in C:\WINDOWS\System32\Drivers.....has you told us. It can not be copied in the usual way. The other characteristic is that it updates by itself in real time. I can see in windows explorer its "Date Modified" field. It has same creation date that the computer clock. !!!!! It is in a loop. Question: 1) What can i do to avoid a spread of this malware in my computer. To avoid it installs a new rootkit. 2) Do you recommend me to keep the computer ON always? Avoid to shut down it.? I am ver afraid of this issue, because I could loss my computer......i think I am using NOD32 and PCtools Spyware Doctor. Best regards HCOVA
  12. 1) I have the same problem. In my case the malware es called 4ebde4e8.sys. The question is How Can I remove it. Can MalwareBytes do that using the today new database version 1856? or Do I need to follow the Aspirine solution? 2)Until now anybody, has tried using another antispyware - malware to solve this issue? 3) This infection slow my computer when I try to connect my computer to internet. Load a web page take a lot. However, sometimes everything is with the normal speed. It seems that the malware stops to slow my computer.....for a while Best regards HCOVA
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.