Jump to content

Maniac

Members
  • Posts

    33
  • Joined

  • Last visited

Everything posted by Maniac

  1. Hello Matrix Leader, Yes, they are always on your computer until you clean them, but they are not harmful. You can find information even in SAS website.
  2. I recommend you to follow my instructions above for FRST, to clean the system, to take samples and send them to ESET lab.
  3. This tool makes backup for all removed entries, so we can send them to the ESET lab. Did the same way here: https://forum.eset.com/topic/4939-usb-flash-drive-virus/ I posted the result too:
  4. Hello adikolo and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem. Step 1 Before we proceed further, we should take care for some remnants from your old antivirus program - Avast. Download avastclear.exe on your desktop Start your Windows in Safe Mode Open (execute) the uninstall utility If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!) Click REMOVE Restart your computer Step 2 Please uninstall this program: Aide PDF to DXF Converter 9.6 Packages Step 3 Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Step 4 Please make sure your ESET NOD32 Antivirus is up-to-date and perofrm a full system scan. Let me know about the scan results. fixlist.txt
  5. Hello EmrahEroglu and welcome! This is an English forum. If you don't speak English at all, try using a translator and pasting the translation here.
  6. Hello André, in this case ESET lab needs a few samples for sure. I recommend you to send them several of the infected files following these rules: How do I submit a virus, website or potential false positive sample to the ESET lab? . Send them a link from this thread and explain them the whole situation and I believe they will create a solution.
  7. Hello Melmar and khairulaizat92, I had a recent similar case here, so if you don't have fast answer, I could help to clean your systems and send the samples directly to the ESET lab. For this purpose I need the following information for a start: Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called Main.Txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Main.Txt into your reply.
  8. Hello Ben! My name is Borislav and I will be glad to help you solve your malware problem. Please note: I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them. Make sure you read all of the instructions and fixes thoroughly before continuing with them. Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions. Post your log files, don't attach them. Every log file should be copy/pasted in your next reply. Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know. I would like to see more information about the state of your system then will be able to answer your questions and help you clean it. Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  9. Hello bumblegrum, There is a reason NOD32 to do that. Please locate this log file and post it here to see more details. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3217&actp=search&viewlocale=en_US&searchid=1432713308389
  10. You are blocking the attack, everything is fine. I recommend you to perform a full system scan with ESET NOD32 Antivirus. Better safe than sorry.
  11. It is great that work well on your operating system. At the same time, you have two huge problems. Now, when Microsoft Windows XP support is discontinued you don't have any guarantees about your security. Also, after this step from Microsoft, Windows XP became a major target for any kind of cyber criminals. All are focused on the operating system and therefore you will be constantly attacked in different directions. Software manufacturers (for browsers) will also end support and will become even worse. You should not rely only on NOD32 because solutions about your security are complex. Your second problem is the maintenance of the hardware. Your hardware is much more modern than your operating system and it can not provide you with the best possible support to utilize the maximum of all available resources. Thank you for letting us know!
  12. Hello Majama, I would like to tell you that there are already results from the samples we took from your system. It is already in latest updates from ESET - Win32/TrojanDownloader.Wauchos.AK . I recommend you to perform a full system scan to make sure that your system is already clean. A little later Symantec added it too: 2 / 57
  13. No, the process of modification is not malicious. The code is malicious. This rule is valid for ESET, and for other companies, at least the major antivirus software vendors.
  14. Thank you very much! I already send a sample to ESET lab. You don't need it, because as I explained in my previous reply: NOD32 prevented the infection of your USB flash drives. It is time to test the same things. Manually check for updates from NOD32 and then put your USB sticks into your PC and check for a notification from NOD32.
  15. Hello SeaJays. There is no way McAfee to associated somewhow with ESET products. Please let us know what is the McAfee product name.
  16. Well done! Please generate new fresh FRST logs and post them in your next reply. Next, using WinRaR please compress this folder: C:\FRST\Quarantine And then send it to me via PM like you did it with previous logs. Thanks!
  17. If still not worked, reboot your system and try again.
  18. Thanks for your log files, Majama! Once I analyzed them found what actually happens. Your system is infected. This malicious software attempts to infect any USB device connected to the computer with the aim to spread. This malware is unknown to NOD32, but thanks to its excellent proactive technology, managed to prevent the generated malware to infect the included USB devices. Furthermore, there are remnants of potentially unwanted applications that we are going to clean too. When we are done here, it will be great if you send me these samples to send them to ESET Lab, which will add it to the database. Step 1 Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Step 2 Please allow NOD32 to detect potentially unwated applications: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3204 Next, perform a scan: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3505 When you are ready, please post your scan log file. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2112 Step 3 Please go to www.virustotal.com . Next, click on Choose File, find the following file and double click on it: C:\Windows\jmesoft\JME_LOAD.exe When you are ready, click on Scan it! . If ask you, choose to reanalyse this file. Wait until is finished and copy/paste the URL in your next reply here. In your next reply, post the following log files: FRST log ESET NOD32 Antivirus log Virustotal link fixlist.txt
  19. Please proceed with second step, I will take a look.
  20. Step 1 Download Flash_Disinfector.exe by sUBs from here and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done. Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection. Step 2 Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
×
×
  • Create New...