Jump to content

ESET online scanner found 7 threats


jarlaxe

Recommended Posts

Hi,

I'm new here and I need your help.

 

My niece's pc had problems (frozen, problem with initializing user profiel, etc.). It operates on XP and the install CD is lost but this is an official version.

 

I've used Advanced SystemCare 7 and Malwarebytes Anti-Malware to try to get it fixed. There were several problems found and fixed. Unfortunately it still has problems with starting in normal mode only safe mode can be used.

 

Then I found a previous post here today: https://forums.malwarebytes.org/index.php?showtopic=136852

I realized that the problem might be similar (I've also found problems in registry keys) therefore I followed the steps that were listed by Marius (Psychotic) back in November last year (run adwcleaner, then junkware removal tool and then Eset).

 

I stopped after Eset online scanner found 7 threats:

 

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\wrtc.exe.vir a variant of Win32/Toolbar.Perion.G potentially unwanted application
C:\Documents and Settings\Home User\My Documents\Downloads\bsplayer263.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\Home User\My Documents\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DAZO96Z\SkywalkerSetup[1].exe Win32/SweetIM.G potentially unwanted application
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8HEN8XYN\SkywalkerSetup[1].exe Win32/SweetIM.G potentially unwanted application
C:\Program Files\Webteh\BSplayer\bsptb.exe Win32/Toolbar.Conduit potentially unwanted application
 
My question is whether I also need to use FRST to fix the problem and if yes could you please help me in it?
 
Or can I use Eset online scanner to remove found threats?
 
Thank you in advance.
 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Create/Scan with Kaspersky Rescue Disk

Follow the instructions on this page for downloading the kav_rescue_10.iso (200 mb) file and creating the Kaspersky Rescue Disk.

Make sure you set to boot the machine from the CDRom drive first. Then save and exit the BIOS. The computer will begin to boot. Insert the disc in the CDrom drive, then restart the machine. It should then boot from that CD.

It's best if you refer to the instructions and images at Kaspersky How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Once it boots from CD, press a key so it continues to boot from that CD.

Select the language, then be sure to select Kaspersky Rescue Disk Graphic Mode.

Kaspersky should begin scanning your machine. If it finds infection, look carefully at the files it lists. If any of them seem to be legit files, do not allow it to clean/quarantine/delete them. Rather, save the log and post the results for me to look over.

Link to post
Share on other sites

Hi Marius,

 

Sorry, this week is very busy.

Yesterday night I run Kaspersky rescue disk. It found only one trojan and I deleted it. (was not legit file but something that was downloaded by my niece).

Still have the same symptoms.

 

Thank you for your support, I really appreciate your help. I think I give it up for now.

 

Thanks again. Have a nice day.

Link to post
Share on other sites

Create/Use Boot-Repair-Disc

  1. DOWNLOAD BOOT-REPAIR-DISK
    Note: Select the right version depending on which windows is installed on your system.
  2. Then burn it on CD or put it on USB key via Unetbootin
  3. Insert the Boot-Repair-Disk and reboot the PC,
  4. Choose your language,
  5. Connect internet if possible
  6. Click "Recommended repair"
  7. When finished, you are provided a link to paste.ubuntu.com - write it down somewhere
  8. Reboot the pc --> solves the majority of bootsector/GRUB/MBR problems
  9. Post up the link you wrote down at step 6.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.