Jump to content

Echoes

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. My install of Avast has been trying to update in the last hour and Mbam keeps pointing out this specific dll file as a Trojan. However Virus Total is saying it's probably safe and only MBAM is coming up with a detection. Here are the relevant logs and the file in question. Virus Total results: https://www.virustotal.com/en/file/6cffbda20caaebe365dcbb9d4d104744cad8eac9d17e7f58e4cb21357c92ccd4/analysis/1451693203/ protectionLogJan1_16.txt scanLog.txt Instup.zip
  2. Good to hear it's not on my end then, either way I'm not too worried since the scans run successfully and my system's robust enough that I don't even notice them scanning. Re-installing did nothing to fix the issue, everything runs as normal though. Also I'm not sure yet as I just noticed it, but if "recover task if missed by" is checked after a scan the next scheduled scan will say the same date/ time as the scan that just happened. But if its not checked the day increments to the next day for the next scheduled scan, not sure if it's relevant information but its something I noticed.
  3. Hi, I ran the tools as requested but the logs are quite long (I have a lot of things installed, sorry ). So I'm attaching the logs instead of pasting them in here, as your sticky suggests. Thanks for the help. FRST.txtAddition.txtCheckResults.txt
  4. So every so often (every other day this week) the scheduled threat scan will run twice. I have it set to run every night at 11pm and to repeat if missed within an hour. Often times this is fine, it runs and that's that. Every now and then the scan will run and then 10 or so minutes again run again. The scan completes successfully both times. This has been happening for a little bit, since I changed the scan from 12am to 10pm a few weeks ago. To try and fix it I deleted all scheduled tasks (check for updates every 30 minutes and threat scan) and remade them. this time I made the scan to start tonight at 11pm. It ran shortly before 11 for some reason (10:47pm) and then again just after 11pm. It's not a seriously problem since the scan does run and always completes but it's kind of annoying and if there's an easy way to fix it I'd like to do so. Thanks.
  5. Okay, that makes sense. I just wanted to be sure as I don't really know how MBAM works. Thanks for putting my mind at ease.
  6. Hi, about a week ago I did some cleaning of my drive. Uninstalled a bunch of games I hadn't played in a long while, used disk clean up to clean up temp files and what not. That same day Avast! (my AV currently installed) popped up with a threat blocked warning, which turned out to probably have been a false positive (according to moderators on the Avast! forums). I decided to run an Avast! boot time scan while I was at work just in case, it came back clean. That night after returning from work and checking the Avast! boot-time scan log I ran a MBAM threat scan as I am want to do with rootkit and archive scanning enabled as usual. Much to my surprise instead of the usual 35 to 50 minute scan the scan was completed in 13 minutes or so. Worried about the drastic drop in scan time after not having cleared that much space (around 60 GB out of 600 or so used) I did some digging on these forums. I found some threads about it but all had returned to normal after rebooting the PC. So I did that and ran another scan. It again was finished in 12 minutes or so (like 12:42 or something). Its been a few days now and a dozen reboots and the threat scan is still finishing in around 12-15 minutes when it used to take upwards of 50. With rootkit scanning disabled the threat scan takes between 9 and 10 minutes. I haven't changed any settings in MBAM or Avast and the only change to my PC was the uninstall of a few Steam games and cleaning of my temp folders via disk cleanup. Are these new scan times normal for a 1 TB drive with roughly 500 GB used? Or were my old times more realistic? Thanks for the help. System: Intel i5 2500 @ 3.3 Ghz 8 GB system ram WD Black 1TB drive (c:/) WD 500 GB secondary drive nVidia/ evga GTX 760 2 GB
  7. Hi, as of last night I've had some the scan times had changed dramatically (or well seems dramatic to me). I have scan in archives and scan for rootkits enabled, a threat scan used to take between 30 and 50 minutes (depending if I was using the PC at the time) but as of last night its only taking between 11 and 15 minutes. Between now and then the only changes I made was that I uninstalled a bunch of games I had not played in months and ran an Avast boot time scan. Also last night I ran a custom MBAM scan of all my drive (a 1 TB c drive and a 500 gb d drive) with archives and root kits enabled and it took nearly 3 hours. Which seems on the long side to me. The avast boot scan came up with nothing as did the mbam custom scan, I have been running avast and mbam side by side for nearly a year now and they've never interfered with each other so I'm hesitant to call avast the culprit in this case. Both Avast and MBAM are pro paid versions and fully up to date. I ran the Avast boot time scan because it had popped up with a threat warning of a GOG.com game (Neverwinter Nights 2 Complete), that pop up got stuck in a loop and I couldn't get rid of it. So I uninstalled that game (hadnt played it since the summer) and restarted my pc. I don't know if its relevant but it had said nwn2server.exe was a trojan that was targeting rundll32.exe, the file was in the right folder though (c:/ GOG games). The odd thing was that I was away from the pc at the time, and I hadn't tried to run that program and Avast wasn't doing a scheduled scan (those happen on sunday). Which is why I did a boot time scan to see if anything was left. So far outside of MBAM seemingly skipping files in threat scan everything seems fine. Any help, or expert eyes to tell me everything's normal is appreciated. Logs attached. customScan_dec17.txt longScan_dec_15.txt shortScan_dec17.txt
  8. Hello, since the last database update the Steam program file "nattypeprobe.dll" is coming up as being by trojan.fakeSteam in Malwarebytes and is getting blocked. I let mbam block and quarantine the file but it gets re-created every time I launch Steam and if mbam blocks the file Steam gets stuck in an update window and never actually opens. If I cancel the update and open it again the dll is able to sneak through (seems kinda worrying). I'm not sure but as far as I know the file has always been a part of Steam, and is getting added to my PC via the Steam updater so I think it's a false positive but I want to be safe. Attached is one of the logs that caught it and the actual DLL, I have many since as I said it downloads/ creates the file each time I launch the Steam app. nattypeprobe.zip steamPossibleFalsePositive.txt
  9. I bought a new 1 TB Western Digital Black drive and used that as my Windows partition, the old drive is going to be used as secondary storage. I had the store where I bought the machine do the work as I'm a full time student in my last year (ie very busy). Picking up the machine tomorrow, they said they wiped and FDISK'd the old drive. In the past they've been good about their work and what they said they did or did not do. Of course this is my first experience with a piece of malware or trojan and getting invaded/ intruded/ hacked/ whatever you want to call it. So its possible their lying and they just wiped the drive but didn't perform FDISK. Though I have no reason to suspect they'd do that.
  10. I've already decided to take the safest route and wipe the system and start with a fresh install of Windows 7, is it still necessary to go through the malware removal process? The machine has been online for a total of 5 minutes since the 2nd attack just long enough to update Malwarebytes, MSE and Super Anti-Spyware so I could scan my external backup drive. I also forgot to mention I bought Malwarebytes PRO between the two attacks to get real time protection. I use Chrome because I like the interface more than Firefox or anything else, preference really. Any suggestions to an MSE alternative? I used to use Antivir but that got all kinds of annoying and obstructive a few years back so I switched to MSE. Since I scanned my backup drive, which came up clean the machine hasn't even been on let alone online and I don't dare plug in the ethernet cable till I get the drive wiped. Is there a chance whatever this is could survive the format? Do I need to tell the store to "re-certify" the drive (is that even still a thing?) or do some kind of lower-level format to make sure it's blank as blank can be? Keep in mind I am getting a new hybrid drive to use as my primary Windows drive, this current infected drive will be purely secondary storage. Thanks for the suggestions and theories, and yes I will definitely be more selective about where I get software. I must've got duped into visiting a fake site like a newbie. Definitely all on me, but I hope to fix it and get my machine back soon.
  11. Hello, I posted this question in Google's group forums and in Tom's Hardware forums and haven't been able to get any answers or even theories. My problem is this: last friday at sometime between 1am and 2am EST I was browsing the internet using Google Chrome on Windows 7 when suddenly Chrome started acting erratically. Pages were going back and forth, an image slideshow I was browsing would scroll backwards after I scrolled it forwards. I then closed the browser and reopened it thinking it was some kind of bug with Chrome. When I reopened the browser I clicked in the omnibox to get to a site I wanted to browse and as soon as I hit a key a bunch of seemingly random characters appeared followed by white space and the words "Dire EMM" or "Dire Emm" I can't recall. Again I closed the browser and reopened it, but this time opening my history. I wanted to search my history to see if I had searched dire emm at some point in the past. Just as I did I got a string of forward slashes followed by a white space and "W M Light" at this point I yanked out my ethernet cable. When the gibberish became words or a name I thought I was being hacked and controlled. Although I never fully lost control, only seemed to fight for it but as far as I can remember never lost control of my mouse. At the time the machine used Windows Firewall and Microsoft Security Essentials as it's primary anti-malware/ anti-virus solution. I had Malwarebytes installed but the pro trial had expired. After all that I pulled out my backup macbook pro and downloaded the latest malwarebytes and super anti-spyware. I installed those and ran them both along with Microsoft Security Essentials in full scan mode which took till like 5am. Malwarebytes found 3 objects but according to google searches they were false positives. Like an idiot I just deleted them thinking "just to be safe" instead of taking note of what they were. After that I ran all three programs again in full scan. All three reported back that the PC was now clean. I also went and disabled every service related to remote desktop in Windows 7, the nerve wracking bit about this part is I swear I did this years ago when I bought the machine. I also uninstalled (but kept browsing data) and reinstalled Chrome. Also just to be safe I changed my passwords on my macbook. The day after that made it seem like everything was fine, Chrome worked flawlessly the games I chose to play likewise. Everything seemed clear, but then again at around 1:30am EST while browsing some reference material in Chrome (I'm an art student) it started to act weird. Pages were going back and forth, Chrome entered and exited full screen a few times and when I opened up a new tab it "clicked" the link I was hovering over despite me not having clicked. Then when I clicked in the omnibox I got a string of forward slashes "/" followed by a white space and "W M Light". Again I freaked out and pulled the ethernet cable. After I calmed down I uninstalled Chrome and plugged back in just long enough to update all my anti-virus and anti-malware programs. I then ran everything again, again it all came up clean. The confusing bit is this weirdness only seem to happen in Chrome (but I can't be sure, might have happened when I was away from the PC) and both times between 1 am and 2am. All my games and Photoshop seem to function normally. My internet didn't seem unusually slow neither did the PC in general. So I've decided to take my PC to the store where I bought it, I'm buying a new hybrid drive and wiping the old drive. The new drive will house Windows and the old drive will act as storage. I also reset my DSL modem to factory defaults. Now call me crazy, after this reformat is there a chance this "W M Light" person could hit me again? I'm worried he's targeted me and just constantly looking for an in, god only knows why. Like I said I'm a student and on a personal pc not part of some company. I mean they could possibly get what little money I have. My question now is, is there a chance this person could come back after the reformat just using my MAC address or the MAC address of my DSL modem (a 2Wire with Bell Canada)? Or am I just being paranoid, I'd really like something to try and return my piece of mind. I've put a lot of money into my PC and Steam games and I also use it as my primary tool for my craft (illustration) with Adobe CS6 and a nice Wacom. Talking to friends who work in IT the theory is it's either a piece of malicious java code that got into my Chrome install or a backdoor letting the same dude into my system. Again though, nothing even vaguely solid in terms of an answer. Sorry if this is the wrong place to ask this question. Thanks for any help and/ or advice.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.