Jump to content

sc_update_tmp folder in my desktop (I don't know where that came from)

luso

By luso
in Resolved Malware Removal Logs

 Share

Recommended Posts

luso

luso

Posted
Posted

Hi just joined this community, i've been cleaning my computer and using your software for a long time,  but now i come with an issue i don't fully know how to fix, maybe is not too dangerous or dangerous a lot but i wanna make sure my computer is fully clean since running your programs they have been detecting and fixing some issues i will paste here some logs aswell as a screenshot from another program called trojankiller i used the first and showed some issues. The logs are posted in order of scan/cleaning process so maybe some TrojanKiller issues where resolved afterwards by the other programs. The only program i've not run yet is FRST cause i saw a video and it seems complicated for me, maybe u recommend me to scan again with the same programs or other ones. Thanks so much in advance

 

- Luso

trojankiller.png

malwarebytes_log.txt

AdwCleaner[C00].txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Hello luso and welcome to Malwarebytes,

Continue with the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, continue please:

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Windows\system32\msvcsv60.dll
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.
  • Repeat the above steps for the following files



C:\Windows\system32\w3data.vss
C:\Windows\msocreg32.dat
C:\Users\Luis\AppData\Roaming\msregsvv.dll
C:\ProgramData\autobk.inc

Thank you,

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Yes they do indeed show as clean, continue with the following:

Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.


Do not use the Remove Selected option until i`ve had a look at the log..
Link to post
Share on other sites
luso

luso

Posted
  • Author
Posted

RogueKiller V12.12.34.0 (x64) [Sep  3 2018] (Gratuito) por Adlice Software
correo : http://www.adlice.com/contact/
Realimentación : https://forum.adlice.com
Página Web : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.17134) 64 bits version
Comenzado en : Modo Normal
Usuario : Luis [Administrador]
Iniciado desde : C:\Users\Luis\Desktop\RogueKiller_portable64.exe
Modo : Análisis -- Fecha : 09/08/2018 02:36:51 (Duración : 00:16:06)

¤¤¤ Procesos : 0 ¤¤¤

¤¤¤ Registro : 0 ¤¤¤

¤¤¤ Tareas : 0 ¤¤¤

¤¤¤ Archivos : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Archivo Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤

¤¤¤ Exploradores Web : 0 ¤¤¤

¤¤¤ Comprobacion MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 970 PRO 512GB +++++
--- User ---
[MBR] 0f1f89c80289434984de980f10457465
[BSP] 7f71e6840079742a05b1617569749b7a : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1261568 | Size: 487770 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Función incorrecta. )

+++++ PhysicalDrive1: ST1000LM048-2E7172 +++++
--- User ---
[MBR] 64d0f1f37c023d482860510fa25bfd5b
[BSP] b76b137f5f704d76fbeb532f5bd8e05f : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK

 

I didn't find that Remove Selected option and i didn't do anything weird so i think i didn't mess up. Thanks

-Luso

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Yes "remove selected" would only be there if any malicious entries were found...

One more scan please:

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This maybe listed as Install This will unpack or install Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction or installation is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.


Let me see those logs in your reply, also tell me if there are any remaining issues..

Thank you,

Kevin
Link to post
Share on other sites
luso

luso

Posted
  • Author
Posted

Ok just want to make sure i didn't tho anything wrong. First apparently the app didn't installed  a shortcut to my desktop so i opened the folder path and clicked on the Emsisoft emergency kit x64 bits directly (I hope this was correct cause then the program opened and scanned my computer). Secondly the log page is different in my side i am uploading a gif to show which logs i choosed to attach here ( again i hope all this steps were correct). My remaining issues is that i got an strange folder out of nowhere apparently in my desktop (i am uploading a photo too) and I started thinking my computer may be infected i used trojankiller and it showed i had some trojans like this program has detected too. So I started worrying used the windows defender and it cleaned some issues but i guess i still have some, well i put them in quarentine with Emsisoft. Again thanks so much for the help Kevin.

Video of Logs choosen: https://imgur.com/a/p0hryDV

sc_update_folder: https://prnt.sc/ks3m0c

                               -content: https://prnt.sc/ks3ma9

Maybe the folder is not a big deal at all and they are just temp files I moved accidentally or something but it was what made me look for malware or viruses in my computer.

-Luso

 

Forensics_180908-184020.txt

Forensics_180908-184033.txt

Link to post
Share on other sites
luso

luso

Posted
  • Author
Posted

Oh sorry actually i could have tried to drag and drop the folder to the recycle bin in the first place the thing is i just didnt want to do it cause i didnt know what it was and was afraid to lose something important. I've done it and made a reboot, nothing weird seemed to happend, should i delete it completly? it is on the trash right now. Btw Emsisoft didn't ask me for a reboot so i didnt do it but it seems a new log file or something from Emsisoft appeared on my desktop when i rebooted since u asked me for after moving the folder to the recycle bin. I am attaching it to this post. Thanks

-Luso

Forensics_180908-183952.txt

Link to post
Share on other sites
luso

luso

Posted
  • Author
Posted

No i haven't notice anything strange or any erratic behavior just for the sake of looking what TrojanKiller would show now i ran it again and it showed me a couple of alerts. That's better cause before it showed me like 6-7 issues like the screenshot i first sent to you when opened this post. Sorry i didn't know back then TrojanKiller had also logs, I am attaching it to this post. And btw the issues detected in Emsisoft are in quarentine how should i procced with them? should i leave them just like that? and did i sent u all the correct logs,etc, in my last reply? since the Emsisoft GUI seems a bit different on my side. Many many thanks.

-Luso

trojankiller2.png

TK2018-09-09 [15-41-47].log

Link to post
Share on other sites
luso

luso

Posted
  • Author
Posted

The only thing was when my computer went to safe energy mode (or sleep mode, don't know fully how it is call) and i entered to windows again a message showing: your recycle bin is corrupted do you want to empty? i clicked no just in case but i can enter the recycle bin without problem the folder is still there.

Also should i check that download folder with more programs or something? seems it contains malware. Thanks a lot.

-Luso

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)

OK luso, clean up as follows:

Delete RogueKiller portable from your Desktop, also delete this folder if present: C:\ProgramData\RogueKiller

Navigate to and delete the following, (if still present):

C:\ProgramData\Emsisoft
C:\Users\{your user name}\Desktop\start emergency kit scanner - Shortcut.lnk
C:\EEK
C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Edited by kevinf80
Link to post
Share on other sites
luso

luso

Posted
  • Author
Posted

Hey sorry for taking your time i will definetly give u a tip just saw the paypal link (was gonna to reach u out anyways cause u've helped me a lot)  before i start cleaning up the tools i just saw some issues. Uploaded a couple of files to virustotal i suspected may be corrupted and these are the results: https://www.virustotal.com/es/file/a3097759a986cb99c99c0f52f246ff31641bb0d9cf11f97f1abe998a1c5b918f/analysis/1536627505/

and https://www.virustotal.com/es/file/f8274305a4eda4798e50f2965613989d9dc62562f72a74e88858f1775c976efb/analysis/1536629127/

I definetly don't need these programs and not at all if they are corrupted or suspicious in any way. How is the best way to wipe these corrupted files to completly erase them from my computer?

And what should i do with the files detected by Emsisoft that are in quarentine? i don't feel comfortable having them, should i delete them? there is an option for that in Emsisoft. Thanks again for your time.

-Luso

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello Luso

For the files you`ve identified with VirusTotal, navigate to and right click direct on the file and select "Delete"

For Emsisoft, open that program and select "Quarantine" from there delete the items you refer to. Quarantine folder is also removed (deleted) during the uninstall procedure...

Regards,

Kevin...

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.