JamesCox

Members

View Profile See their activity

Posts
4
Joined
December 10, 2016
Last visited
March 30, 2020

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by JamesCox

Possible Systemwin.exe Virus Installing through IE Proxy

JamesCox replied to JamesCox's topic in Resolved Malware Removal Logs

Dear THE... I have no idea what you did but it's gone! I've been using my PC for 3 hours and nothing. I've restarted a couple of times and nothing. Thank You very much for your assistance. I'll be sure to tip you for your assistance. THANK YOU!
Possible Systemwin.exe Virus Installing through IE Proxy

JamesCox replied to JamesCox's topic in Resolved Malware Removal Logs

All done. I'll be checking out the issue over the evening. Stay tuned...and THANK YOU! I'll let you know how it goes. James Fixlog.txt
Possible Systemwin.exe Virus Installing through IE Proxy

JamesCox replied to JamesCox's topic in Resolved Malware Removal Logs

Thanks for the speedy reply. FRST_10-12-2016 17.40.53.txt Addition_10-12-2016 17.40.53.txt
Possible Systemwin.exe Virus Installing through IE Proxy

JamesCox posted a topic in Resolved Malware Removal Logs

Dear Forum, I believe I have the SystemWin.exe virus on my computer. I've tried both MWB & Zemana to get rid of it but upon restart MWB is finding the following: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/12/2016 Scan Time: 14:27 Logfile: Results1.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.12.10.04 Rootkit Database: v2016.11.20.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Scan Type: Threat Scan Result: Completed Objects Scanned: 320698 Time Elapsed: 2 min, 33 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\systemwin.exe, 14728, , [c5e79e471f7b9d99c5087cd539c745bb] Modules: 1 PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\mgwz.dll, , [c5e79e471f7b9d99c5087cd539c745bb], Registry Keys: 1 PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemWin, , [c5e79e471f7b9d99c5087cd539c745bb], Registry Values: 5 PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSTEMWIN|ImagePath, "C:\Program Files (x86)\SystemWin\systemwin.exe" --service, , [7d2ffaebc8d285b1fdc1c38ef907fb05] PUM.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [d7d51cc921790d29a9289dc0808321df] PUM.Optional.ProxyHijacker, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [c7e5bc29019971c5bb164f0e7e85ee12] PUM.Optional.ProxyHijacker, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [406c2db87b1f0333f4dd5a03ba496997] PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2581644591-4208433480-3486313852-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [822aa63feab0c274eae7c895db289c64] Registry Data: 0 (No malicious items detected) Folders: 7 PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\images, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates, , [c5e79e471f7b9d99c5087cd539c745bb], Files: 90 PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\systemwin.exe, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\AUTHORS.txt, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\config.txt, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\default.action, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\default.filter, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\LICENSE.txt, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\match-all.action, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\mgwz.dll, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\privoxy.log, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\README.txt, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\sourceid.conf, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\systemwin.log, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\trust.txt, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\user.action, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\user.filter, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\p_doc.css, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\coding.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\cvs.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\documentation.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\index.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\introduction.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\newrelease.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\testing.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\developer-manual\webserver-update.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\configuration.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\contact.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\copyright.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\general.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\index.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\installation.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\misc.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\faq\trouble.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\images\files-in-use.jpg, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\images\proxy_setup.jpg, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\actions-file.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\appendix.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\config.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\configuration.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\contact.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\copyright.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\files-in-use.jpg, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\filter-file.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\index.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\installation.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\introduction.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\proxy2.jpg, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\proxy_setup.jpg, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\p_doc.css, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\quickstart.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\seealso.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\startup.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\templates.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\doc\user-manual\whatsnew.html, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-list-section, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\blocked, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-error-404, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-error-bad-param, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-error-disabled, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-error-file, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-error-file-read-only, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-error-modified, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-error-parse, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\cgi-style.css, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\connect-failed, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\connection-timeout, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\default, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-add-url-form, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-for-url, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-for-url-filter, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-list, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-list-button, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-list-url, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-remove-url-form, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\edit-actions-url-form, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\forwarding-failed, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\mod-local-help, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\mod-support-and-service, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\mod-title, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\mod-unstable-warning, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\no-server-data, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\no-such-domain, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\show-request, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\show-status, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\show-status-file, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\show-url-info, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\show-version, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\toggle, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\toggle-mini, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\untrusted, , [c5e79e471f7b9d99c5087cd539c745bb], PUP.Optional.Privoxy, C:\Program Files (x86)\SystemWin\templates\url-info-osd.xml, , [c5e79e471f7b9d99c5087cd539c745bb], Physical Sectors: 0 (No malicious items detected) I've tried to delete the Systemwin folder from program files but every time I restart it's re-downloading the files which MWB is picking up as a virus. This has something to do with IE and the proxy settings within IE. I'm not sure if that's how's its getting in each time but this little bug is driving me up the wall. I would apprecate any guidence to help me through this bug bash. Kind Regards, James

Sign In

JamesCox

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by JamesCox

Possible Systemwin.exe Virus Installing through IE Proxy

Possible Systemwin.exe Virus Installing through IE Proxy

Possible Systemwin.exe Virus Installing through IE Proxy

Possible Systemwin.exe Virus Installing through IE Proxy

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information