[Is it true the COOKIES cannot be harmful?]

Hello Matrix Leader,

Yes, they are always on your computer until you clean them, but they are not harmful. You can find information even in SAS website.

[Address Blocking Notification]

I recommend you to follow my instructions above for FRST, to clean the system, to take samples and send them to ESET lab.

[Problem with differentia.ru]

Please do not follow the advice above unless we are able to get the file for analysis and solve the issue ourselves.

This tool makes backup for all removed entries, so we can send them to the ESET lab. Did the same way here:

https://forum.eset.com/topic/4939-usb-flash-drive-virus/

I posted the result too:

 

Hello Majama,

I would like to tell you that there are already results from the samples we took from your system. It is already in latest updates from ESET - Win32/TrojanDownloader.Wauchos.AK .

I recommend you to perform a full system scan to make sure that your system is already clean.

A little later Symantec added it too: 2 / 57

[Problem with differentia.ru]

Hello adikolo and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Step 1

Before we proceed further, we should take care for some remnants from your old antivirus program - Avast.

• Download avastclear.exe on your desktop
• Start your Windows in Safe Mode
• Open (execute) the uninstall utility
• If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
• Click REMOVE
• Restart your computer

Step 2

Please uninstall this program: Aide PDF to DXF Converter 9.6 Packages

Step 3

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 4

Please make sure your ESET NOD32 Antivirus is up-to-date and perofrm a full system scan. Let me know about the scan results.

fixlist.txt

[Adres engellendi uyarısı]

Hello EmrahEroglu and welcome!

This is an English forum. If you don't speak English at all, try using a translator and pasting the translation here.

[Address Blocking Notification]

I have similar problems

 

FRST log:

I need your Addition.txt content too.

[LeChiffre Ramsomware]

Hello André,

in this case ESET lab needs a few samples for sure. I recommend you to send them several of the infected files following these rules: How do I submit a virus, website or potential false positive sample to the ESET lab? .

Send them a link from this thread and explain them the whole situation and I believe they will create a solution.

[Address Blocking Notification]

Hello Melmar and khairulaizat92,

I had a recent similar case here, so if you don't have fast answer, I could help to clean your systems and send the samples directly to the ESET lab. For this purpose I need the following information for a start:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called Main.Txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Main.Txt into your reply.

[browser redirected malware/addware killing performance]

Hello Ben! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

I would like to see more information about the state of your system then will be able to answer your questions and help you clean it.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[NOD32 8 blocking for PUA]

Hello bumblegrum,

There is a reason NOD32 to do that. Please locate this log file and post it here to see more details.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3217&actp=search&viewlocale=en_US&searchid=1432713308389

[potentially unwanted applications disconnect]

You're welcome!

[potentially unwanted applications disconnect]

In this case, good news for you. Everything is fine.

[potentially unwanted applications disconnect]

You are blocking the attack, everything is fine. I recommend you to perform a full system scan with ESET NOD32 Antivirus. Better safe than sorry.

[potentially unwanted applications disconnect]

Hello izit,

is this the first time or it happens periodically?

[Is it worth upgrading ?]

It is great that work well on your operating system. At the same time, you have two huge problems. Now, when Microsoft Windows XP support is discontinued you don't have any guarantees about your security. Also, after this step from Microsoft, Windows XP became a major target for any kind of cyber criminals. All are focused on the operating system and therefore you will be constantly attacked in different directions. Software manufacturers (for browsers) will also end support and will become even worse. You should not rely only on NOD32 because solutions about your security are complex.

Your second problem is the maintenance of the hardware. Your hardware is much more modern than your operating system and it can not provide you with the best possible support to utilize the maximum of all available resources.

Thank you for letting us know!

[USB Flash Drive virus]

Hello Majama,

I would like to tell you that there are already results from the samples we took from your system. It is already in latest updates from ESET - Win32/TrojanDownloader.Wauchos.AK .

I recommend you to perform a full system scan to make sure that your system is already clean.

A little later Symantec added it too: 2 / 57

[Is ESET detecting cracks for games as viruses?]

Cracks are programs that modify another program. Security programs see that as a virus. The only way to use them is to shut down your security programs, but then you open yourself to getting screwed. In this day and age, cracks are a gamble.

No, the process of modification is not malicious. The code is malicious. This rule is valid for ESET, and for other companies, at least the major antivirus software vendors.

[USB Flash Drive virus]

Glad I could help!

You are welcome!

[USB Flash Drive virus]

Here is the FRST log and the dropbox link to the quarantine folder (its too big for an attachment).

 

https://www.dropbox.com/sh/j800iol146f9glq/AADyRcHNKIRxhtuXj_Dnf226a?dl=0

Thank you very much! I already send a sample to ESET lab.

 

What about the Flash_disinfector step? Did I actually remove the virus now or are these still the preparation steps?

You don't need it, because as I explained in my previous reply: NOD32 prevented the infection of your USB flash drives.

It is time to test the same things. Manually check for updates from NOD32 and then put your USB sticks into your PC and check for a notification from NOD32.

[Not sure how McAfee was installed on my computer]

Hello SeaJays.

There is no way McAfee to associated somewhow with ESET products.

Please let us know what is the McAfee product name.

[USB Flash Drive virus]

Well done!

Please generate new fresh FRST logs and post them in your next reply. Next, using WinRaR please compress this folder:

C:\FRST\Quarantine

And then send it to me via PM like you did it with previous logs.

Thanks!

[USB Flash Drive virus]

If still not worked, reboot your system and try again.

[USB Flash Drive virus]

Thanks for your log files, Majama!

Once I analyzed them found what actually happens.

Your system is infected. This malicious software attempts to infect any USB device connected to the computer with the aim to spread. This malware is unknown to NOD32, but thanks to its excellent proactive technology, managed to prevent the generated malware to infect the included USB devices. Furthermore, there are remnants of potentially unwanted applications that we are going to clean too.

When we are done here, it will be great if you send me these samples to send them to ESET Lab, which will add it to the database.

Step 1

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please allow NOD32 to detect potentially unwated applications:

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3204

Next, perform a scan:

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3505

When you are ready, please post your scan log file.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2112

Step 3

Please go to www.virustotal.com . Next, click on Choose File, find the following file and double click on it:

C:\Windows\jmesoft\JME_LOAD.exe

When you are ready, click on Scan it! . If ask you, choose to reanalyse this file.

Wait until is finished and copy/paste the URL in your next reply here.

In your next reply, post the following log files:

• FRST log
• ESET NOD32 Antivirus log
• Virustotal link

fixlist.txt

[USB Flash Drive virus]

Please proceed with second step, I will take a look.

[USB Flash Drive virus]

Step 1

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.