tjg79 3 Posted October 8, 2015 Share Posted October 8, 2015 Hi, My system was hit with a virus. I downloaded and ran the Microsoft Safety Scanner for my Win 7 Pro x64 system. The MS Safety Scanner detected a Trojan Dynamator virus. I'm not sure about that spelling. However, I'm not sure the virus has been completely removed or if all the viruses on this system have been detected, because the system doesn't appear to be behaving normally. I ran ESET Smart Security 8 Smart Scan and it didn't detect anything, but the scan log indicates it had an error opening the boot sector. So, I don't think the ESET SS 8 was able to successfully scan the boot sectors of the C:\, D:\, E:\, & O:\. Also, the scan log indicates errors opening several other files. The symptoms of this virus were constant downloading of temp files, abnormal use of system resources, very sluggish system when navigating between different folders using Windows Explorer, very sluggish system when using the Start Button to view and select programs. I've attempted to do a complete system clean-up, but I suspect the virus reloads from the unscanned boot sectors after I reboot. Do you have a solution? Regards Link to comment Share on other sites More sharing options...
TomFace 539 Posted October 8, 2015 Share Posted October 8, 2015 (edited) Hello tjg79. Did the Microsoft Safety Scanner do any cleaning/deleting? Is it now showing a clean scan? Were you able to secure the path from Microsoft Safety Scanner? Edited October 8, 2015 by TomFace Link to comment Share on other sites More sharing options...
tjg79 3 Posted October 8, 2015 Author Share Posted October 8, 2015 When I checked the results of the Microsoft Safety Scanner, it indicated that it detected the virus mentioned. I presume it cleaned as well, because I didn't see any options to only detect. However, the virus is still on my system and ESET Smart Security 8 Smart Scan didn't detect it. Is it more effective to run the virus scan in Safe Mode? Will ESET Smart Security 8 be able to scan the boot sectors? Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted October 8, 2015 ESET Staff Share Posted October 8, 2015 Hi tjg79, The "smart scan" is just that. I suggest you do this: Enter "custom scan" In "Scan profile" select "In-depth scan" Enter "Setup". In "Cleaning", move the bar to "Strict cleanig" "Accept" to save and exit. Now select in "Targets" > "Local drives" Mark also "operating memory" and "Boot sector" hit "Save" then "Scan as administrator" (if not present just clic on "scan". "Strict cleaning (ESET will attempt to automatically clean or delete infected files without user intervention. If a threat is found in System files, you will be prompted for the action to take)." Warning: this type of scan takes time, hours (depending how big is your system, hard, drive, etc). Can you post here the logs of "MS Safety Scanner" about the virus? Link to comment Share on other sites More sharing options...
tjg79 3 Posted October 8, 2015 Author Share Posted October 8, 2015 Do you know where the MS Safety Scanner logs are located? I didn't see any indication that the program created a log. The MS Safety Scanner is a program that you just download and don't install. Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted October 8, 2015 ESET Staff Share Posted October 8, 2015 Yes, they should be on: "C:\Windows\Debug\msert.log" Link to comment Share on other sites More sharing options...
tjg79 3 Posted October 8, 2015 Author Share Posted October 8, 2015 Hi tjg79, The "smart scan" is just that. I suggest you do this: Enter "custom scan" In "Scan profile" select "In-depth scan" Enter "Setup". In "Cleaning", move the bar to "Strict cleanig" "Accept" to save and exit. Now select in "Targets" > "Local drives" Mark also "operating memory" and "Boot sector" hit "Save" then "Scan as administrator" (if not present just clic on "scan". "Strict cleaning (ESET will attempt to automatically clean or delete infected files without user intervention. If a threat is found in System files, you will be prompted for the action to take)." Warning: this type of scan takes time, hours (depending how big is your system, hard, drive, etc). Can you post here the logs of "MS Safety Scanner" about the virus? Will the scan be able to open the boot sectors? Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted October 8, 2015 ESET Staff Share Posted October 8, 2015 Should be cleaning by ESET, if not they are some specific tools to clean that kind of infection. But, for that case ESET Support needs to know which malware are you infected, that means you have to contact them. By the way, you can generate an ESET SysInspector Log (hxxp://support.eset.com/kb762/) and forward to support. Link to comment Share on other sites More sharing options...
tjg79 3 Posted October 8, 2015 Author Share Posted October 8, 2015 I thought this was the support forum for ESET. Link to comment Share on other sites More sharing options...
TomFace 539 Posted October 8, 2015 Share Posted October 8, 2015 (edited) It is, but there is always official support through your ESET distributor. It appears that GA was prep'g you for that (but only he can confirm that). I deleted my posting as he was helping you. GA and I are both Members (just like you) not Moderators or ESET staff. Edited October 8, 2015 by TomFace Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted October 8, 2015 ESET Staff Share Posted October 8, 2015 As TomFace say yes, this is the Official ESET Forum, but every country has a Distributor and his partners who provide to clients with "Official support". Official support has access to more information and more resources to help you, In my opinion is always the first thing you should try. The ESET SysInspector report is in most of this cases the first thing they ask from you. A tip, considering you are dealing with malware, is always good to have a backup of your most important information. Because in the "worst case scenario" a format of main drive will be need it. @TomFace - I have no problem in you help him as well. Look the problem from other perspective is good. Link to comment Share on other sites More sharing options...
TomFace 539 Posted October 9, 2015 Share Posted October 9, 2015 (edited) .......... @TomFace - I have no problem in you help him as well. Look the problem from other perspective is good. No thank you. It's all yours. You and I have different priorities. Edited October 9, 2015 by TomFace Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted October 9, 2015 ESET Staff Share Posted October 9, 2015 @tjg79 What was the result of the "Custom Scan" I suggest?Can you post the log? Link to comment Share on other sites More sharing options...
tjg79 3 Posted October 9, 2015 Author Share Posted October 9, 2015 Nothing was detected with the "Custom Scan." Presently, I running it again and Windows Defender, because both have new definitions. I've opened up a case with ESET tech support, case number 1360764, but they don't have a solution yet. They attempted to take remote control of the desktop, but that was unsuccessful due to the malware causing poor connectivity. Presently, they are reviewing the logs I've sent. I will post the log from the custom scan as soon as I complete my current scans. Yesterday evening, I reviewed my setup information and made a few changes to hopefully cause the ESET SS 8 scanning more effective. Do you have any recommendations on setup changes from default settings? Regards Link to comment Share on other sites More sharing options...
tjg79 3 Posted October 9, 2015 Author Share Posted October 9, 2015 Attached is the Microsoft Safety Scanner log file. I ran the program subsequent to the run that detected the Trojan. It didn't detect anything the second time. So, I'm not sure if the log file is overwritten or appended. Regards msert.log Link to comment Share on other sites More sharing options...
tjg79 3 Posted October 9, 2015 Author Share Posted October 9, 2015 After looking at that Microsoft Safety Scanner log file, I don't think that Trojan detection is related to my current issue. The container file for that Trojan was a utility zip file that I downloaded several years ago and saved to my documents folder. It's not unusual for new definitions to detect old dormant "viruses" in old files. However, SuperAntiSpyware did detect a Trojan immediately after I started having malware issues. It was removed, but it likely wasn't the only malware on my system as my system is still infected. Regards Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted October 9, 2015 ESET Staff Share Posted October 9, 2015 Yes, as you pointed that malware was detected on -zip file and removed. -- Results Summary: ---------------- Found Trojan:Win32/Dynamer!ac and Removed! Microsoft Safety Scanner Finished On Thu Oct 08 06:26:08 2015 --- If you open the ESET SysInspector report using ESET (open products > tools > SysInspector > double clic on report), and set the level to 7-8 (red).... Question: do see any file listed in any category? (in level 8-9 red are the very bad malware active on the system - mostly of the cases) Using the MSconfig tool (win+r > type "msconfig") go to Startup and carefully start unmarking some programs (1 at the time+accept+reboot) Criteria: a) you dont use B) you dont know. Warning: Do not unmark the ones mention Microsoft, your laptop/pc company or something you think is important (like 3d drivers card radeon, nvidia, etc.) After disable 1 program test your connectivity. If improves contact ESET support to let them know to try again to do remote support. If you feel not ready to do, pls capture the "startup" and post here. Link to comment Share on other sites More sharing options...
Solution tjg79 3 Posted October 15, 2015 Author Solution Share Posted October 15, 2015 Thank you Gonzalo, ESET tech support analyzed the log files I sent via email and suggested I change the name of a few files. It worked and my system connectivity was stable enough to allow a successful remote desktop control session. The ESET support tech then cleaned my system and repaired the damage. My problem is resolved. Thanks again for all the help. Regards Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted October 15, 2015 ESET Staff Share Posted October 15, 2015 Excellent! Your welcome. Link to comment Share on other sites More sharing options...
Recommended Posts