Wortex 8 Posted May 13, 2015 Share Posted May 13, 2015 (edited) In past month and this month I was just playing GTA V and CS:GO also surfing on facebook and nothing more and today I went to check for trash in %temp% and more ( I have ccleaner but just in case checked) and when scroling down Roaming folder and ESET poped out.... OS - Windows 8.1 Pro x64 All updates installed. ESET Smart Security 8.0.312.0 Also founded in C:\Users\Lukas\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦 and scanned with ESET and nothing but I deleted this file.... And about games they are legit from Steam no cracked content. HitmanPro after ESET detected and deleted virus nothing founded.... log.xml log2.xml Edited May 13, 2015 by Wortex Link to comment Share on other sites More sharing options...
Maniac 2 Posted May 13, 2015 Share Posted May 13, 2015 Hello Wortex! My name is Borislav and I will be glad to help you solve your malware problem. Please note: Make sure you read all of the instructions and fixes thoroughly before continuing with them. Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions. Post your log files, don't attach them. Every log file should be copy/pasted in your next reply. Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know. Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted May 13, 2015 Administrators Share Posted May 13, 2015 Do you suspect the file to be a false positive? The detection is from the mid of 2013 and it's highly unlikely that a legitimate file named system.exe would be located directly in the Roaming folder. Link to comment Share on other sites More sharing options...
Wortex 8 Posted May 13, 2015 Author Share Posted May 13, 2015 I haven't said it's false positive I believe that this is a threat but my question is how did it get in my system I am the only one who using this PC and care welwell. Link to comment Share on other sites More sharing options...
Wortex 8 Posted May 13, 2015 Author Share Posted May 13, 2015 Hello Wortex! My name is Borislav and I will be glad to help you solve your malware problem.Please note: Make sure you read all of the instructions and fixes thoroughly before continuing with them. Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions. Post your log files, don't attach them. Every log file should be copy/pasted in your next reply. Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know. Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. I don't think there is more malware anymore but thanks for your help. And as you know my question is how did the malware passed ESET also I didn't seen any strange activity on system.So probably I will be waiting for Marcos answer to end this case. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted May 13, 2015 Administrators Share Posted May 13, 2015 Since the threat was detected upon access by explorer.exe and the detection seems to be 2 years old, my assumption is that the threat had been lingering there for a long time until you've opened the folder recently in Windows Explorer which triggered the detection. We don't know if you used to run a full disk scan on a regular basis as in such case the threat would have been detected sooner (we are speaking about an inactive threat that was not running and that was not registered in the system to run automatically). Link to comment Share on other sites More sharing options...
Wortex 8 Posted May 13, 2015 Author Share Posted May 13, 2015 Since the threat was detected upon access by explorer.exe and the detection seems to be 2 years old, my assumption is that the threat had been lingering there for a long time until you've opened the folder recently in Windows Explorer which triggered the detection. We don't know if you used to run a full disk scan on a regular basis as in such case the threat would have been detected sooner (we are speaking about an inactive threat that was not running and that was not registered in the system to run automatically). Thanks for answering my question I have ESET installed from the first day when I installed my windows 8.1 and yes you are right I do not scan my system with full scan. And about virus it's MSIL/Kryptik.BSL and Detection created Apr 17, 2015 hxxp://www.virusradar.com/en/MSIL_Kryptik.BSL/description So you recommend me to do full system scans? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted May 14, 2015 Administrators Share Posted May 14, 2015 Thanks for answering my question I have ESET installed from the first day when I installed my windows 8.1 and yes you are right I do not scan my system with full scan. And about virus it's MSIL/Kryptik.BSL and Detection created Apr 17, 2015 hxxp://www.virusradar.com/en/MSIL_Kryptik.BSL/descriptionSo you recommend me to do full system scans? It's a good practice to run a full disk scan from time to time. As for the time the detection was added, without checking the particular file by us it's impossible to tell. First MSIL/Kryptik.BSL detections are from 2013. Link to comment Share on other sites More sharing options...
Recommended Posts