Jump to content

Weird application running while i shutdown my laptop


Recommended Posts

so i was using my laptop and weird things started to happen! so first when i  to shutdown my computer it said it can't shut down because of this application but there was no name on it! when i tried to use adwcleaner it had a blank screen besides the logo which was weird so i scanned with malwarebytes and nothing came up! so i tried it again on safe mode but still NOTHING!

 

i use windows 10

:unsure:

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Okay, let me get some scans and fresh logs please.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

  • Root Admin

You have a few odd entries.

HKLM-x32\...\Run: [AIM] => C:\PROGRA~2\AIM95\aim.exe -cnetwait.odl 
This would appear to be the very old AOL Instant Messenger. Does that still even work?

You're running a P2P application. Though there are some legal uses probably 98% of all use is illegal in all industrialized nations. I'd highly recommend removing and not using such software.
HKU\S-1-5-21-2632454508-2318818714-3497054491-1002\...\Run: [uTorrent] => C:\Users\nshih\AppData\Roaming\uTorrent\uTorrent.exe [1983672 2018-04-18] (BitTorrent Inc.)

There is a batch file that runs when the computer starts. It's not native and someone set it up. If you're not sure what it is, you can open it with Notepad and see what it does.
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\easy.bat [2017-12-24] ()

This appears to be a bogus program. Looks like the file might be missing already though or if it's still there is being hidden from detection, in either case it should be removed.
S2 IntelSSTSvc; "C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe" [X]

A Google search does not find this file. Very possible it's legit, but also possible it's not. You could upload it to Virustotal.com to have them scan it
R0 zvmon; C:\WINDOWS\System32\DRIVERS\zvmon.sys [47680 2018-04-09] (Windows (R) Win 7 DDK provider)

These tasks appear to be bad and FRST wants to remove them. Unless you manually created them and/or know what they are we should remove.

C:\Windows\Tasks\{45D6DF1D-2A64-63CA-454A-34EC2DC4C4B3}.job
C:\Windows\Tasks\{5A488E88-D262-B6D8-228C-296A78C66725}.job

 

If at all possible you should try to run your computer without Java. Older versions are often compromised and help lead to an infection. Most users don't need Java, using P2P applications though often do need it.

Do you know what this is?
System32\Tasks\restartRSServices => C:\ProgramData\CyberSight\restartServices.cmd

Lot of things we could clean up from starting or removal. Not sure it would address your concern about something running on shutdown though. Can you screen shot that with your phone or something?

Let me know what you'd like to do.

Thanks

Ron


 

Link to post
Share on other sites

hello i have identified the files and determined that the tasks are bad and did not know what it was so i deleted it and the cybersight CMD is for anti ramsonware, here is cypersight let me know if is bogus thanks! 

 https://cybersight.com/

 the AOL is also for a project :)

 

Edited by AdvancedSetup
Placed link in code tag
Link to post
Share on other sites

UPDATE: I just shutdown my computer, unfortunately, I did not have m iPad with me so no picture but there was an application called G and just G plus the .EXE file with no name (they are both .exe files) i think i have a rootkit virus

Edited by nshih3548
UPDATE 2 forgot something
Link to post
Share on other sites

  • Root Admin

I do not think it is a rootkit. I think it's probably a legitimate logoff spawned by one of your applications.

We'll go ahead though and do a couple other scans just to be sure. Please follow the directions below.

 

Next,

 

Please download and run the following Kaspersky antivirus to remove any found threats

Kaspersky Virus Removal Tool

Post back all logs when ready.

Thanks

Ron

 

Link to post
Share on other sites

  • Root Admin

Let me get a new FRST set of logs and I'll double check and see if I can find something that might be kicking it off, but really looks to be a normal logoff process. Windows has had shutdown issues for many years and has come a long ways in correcting most of the issues but sometimes things do cause problems by not responding to the shutdown request that is broadcast to all processes when you tell the computer to shut down.

 

Link to post
Share on other sites

  • Root Admin

Let me get the following too

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.