santori
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by santori
-
-
When Malwarebytes quarantined the files, is it safe to delete them afterwards (by going into MWB > selecting quarantine tab > and clicking on 'Delete All')? Would this have any detrimental effect on isolating those infected files? I did this, so I'm wondering if there will be any repercussions.
And lastly, in the event of this occuring again, would you suggest that I quarantine > delete infected temp. files > prepare DDS files and scan with ESET Online Scanner before starting a new thread?
Thanks for your continued assistance, I appreciate it!
-
Just had a quick follow-up question,
I've gone through the process of changing passwords for most of my accounts (primarily targeting accounts I've used since the infection). Would you suggest changing the passwords for accounts that I have not used for a while (i.e. month or so)?
-
Thanks for your help throughout this process,
Would you conclude that my computer is not infected at this point in time then? I ask because I've been avoiding logging into sensitive accounts as well as backing up my HDD. Based on the reports, do you think my external hard drive would get infected by this?
Lastly, will uninstalling ESET Online Scanner through the Control Panel fully uninstall the program? And by manually deleting DDS, you just mean dragging it into the Recycle Bin?
Again, thank you for your time!
-
I haven't noticed any hiccups even before knowing that I had an infection. The only oddity (not sure if this is even related) was Windows 7 aero reverted back to basic for a couple minutes while CPU usage was hovering around 100% (about 15 hours ago).
Would you happen to know what the infection was in the first place? What does it do?
-
The scan has finished, first, here's the results from the window that conducted the scan:
No threats found.
Scanned Files: 120269
Infected Files: 0
Cleaned Files: 0
Total scan time: 00:20:32
Scan status: Finished
There's also the option to uninstall the application upon closing the window. Should I opt to or not?
Here is the log.txt - seems a bit on the small side though:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
Great, thanks.
Maybe due to differing versions, I only removed 'Realtime Protection' whereas Mail and Web Protection, and Firewall are still enabled.
Should I be removing these as well (Mail and Web Protection and Firewall)?
-
I'm sorry for all these questions, I'm a little out of my element here.
How would I go about turning off the anti-virus program then? Since I need the internet, should I be restarting my computer and entering Safe Mode?
-
For the computer scan settings, the 'Enable Anti-Stealth technology' box is checked, should I leave it as it is? Other then that, the 'Scan archives,' 'Scan for potentially unsafe applications,' and 'Use custom proxy settings' boxes are unchecked.
ESET also detected my Avira Anti-virus, may I leave it on or would it be best to stop the program before continuing?
I'll begin once confirmed.
Thanks.
-
Just to confirm before I begin the process, Internet Explorer is giving me a prompt on the bottom of the second window when I click Start on the ESET website.
I tried clicking install and Windows gives me a UAC prompt before installing.
A screenshot of the prompt is attached below. Should I click install or right-click in the white space and install Active-X that way?
-
Hello again,
Here is the Malwarebytes Anti-Malware log of a quick scan (please note that when the scan was complete, there was no prompt or checklist following the notification that there were no detections):
"Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.13.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eric :: ERIC-PC [administrator]
1/13/2013 1:49:26 PM
mbam-log-2013-01-13 (13-49-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228369
Time elapsed: 1 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
"
The DDS logs are attached below. Just to note, after the intial detection two days ago, there have been no prompts after scanning with Malwarebytes (full or quick scan alike) to 'Remove Selected,' or to restart.
Thanks for your time.
-
Hello Maniac,
Thank you for your response.
In regards to the database version, I believe the scan was completeled on two days ago. My current version is: "v2013.01.13.06" - or are you referring to a different databse? I should preface that I'm not that great at computers so I hope I can follow along.
I disconnected my ethernet access and left my Avira anti-virus on. When double-clicking on the dds.scr I clicked once on the desktop to remove the highlighting on the icon as the process was running. Please let me know if I need to re-do this process. However, if not, the logs that were found after the process was completed are included in the attachments below.
Please advise when you can,
Thanks.
-
Hello,
After conducting my weekly scan of Malwarebytes, a full scan found four detections of a malware (?). The following is the log from the full scan:
"Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.11.14
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eric :: ERIC-PC [administrator]
1/11/2013 4:35:37 PM
mbam-log-2013-01-11 (16-35-37).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338383
Time elapsed: 20 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\Eric\AppData\Local\Temp\i4b1531516455917632659.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\i4b6494933294504545606.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\i4b6614693329097637048.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\i4b6746732887919696758.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
(end)"
After receiving this report, I was given the prompt of moving the files into quarantine and were subsequently deleted. I followed up by going to the quarantine tab and clicking on 'Delete All.' It should also be noted that I previously scanned with Avira anti-virus with no detections.
This was then followed by completing two additional full scans throughout today. The respective reports indicated that there were no detections, but I would like some guidance in determining if I am safe or compromised, and/or if there are additional steps needed in order to remove this malicious software/malware.
I've looked into this prior to posting and very little information is available regarding this particular detection. The only conclusions I can come to regarding what I found is either that it is: a) a false positive or b) by visiting a specific website.
If possible, any help would be appreciated.
Thanks.
Multiple Exploit.Drop.3p detection
in Resolved Malware Removal Logs
Posted
Okay, sounds good.
The only other concern I have is regarding backing up my HDD. Since there does not seem to be an infection anymore (no detection from a full scan today) and files have been subsequently quarantined and deleted (from first detection), there should be no risk of transferring anything malcious/compromising to my external hard drive, correct? The last thing I'd like to deal with is transfering files back onto my desktop and dealing with an infection.