Jump to content

New exploit, malware or virus?


Dave
 Share

Recommended Posts

Log
Scan Log
Version of virus signature database: 13274 (20160402)
Date: 4/3/2016  Time: 2:20:56 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\
Boot sector of disk C: - error opening [4]
Boot sector of disk D: - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\ProgramData\Microsoft\Crypto\Keys\3d437992c9a6f048bc22a9e696037153_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\10ece545f1af38978de3bb4ab1921a61_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\345f3ad9475df9b40c35c2aea661e1af_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9fae34777dd6f5dcb77c31965e55c608_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab7068cfe5c354053edbec483a3d204a_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\Dave187.dat - error opening [4]
C:\Users\182\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9158V559\url[1].htm - HTML/Refresh.BC trojan - cleaned by deleting [1]
C:\Users\All Users\Microsoft\Crypto\Keys\3d437992c9a6f048bc22a9e696037153_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\10ece545f1af38978de3bb4ab1921a61_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\345f3ad9475df9b40c35c2aea661e1af_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9fae34777dd6f5dcb77c31965e55c608_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ab7068cfe5c354053edbec483a3d204a_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\Dave187.dat - error opening [4]
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]
C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]
C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]
C:\Windows\PLA\System\System Diagnostics.xml - error opening [4]
C:\Windows\PLA\System\System Performance.xml - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\System32\restore\MachineGuid.txt - error opening [4]
C:\Windows\System32\sysprep\Panther\IE\diagerr.xml - error opening [4]
C:\Windows\System32\sysprep\Panther\IE\diagwrn.xml - error opening [4]
C:\Windows\System32\sysprep\Panther\IE\setupact.log - error opening [4]
C:\Windows\System32\sysprep\Panther\IE\setuperr.log - error opening [4]
C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Media Center.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-API-Tracing%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppID%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCache%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSync%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DhcpNap%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapHost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-EventCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-FMS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Folder Redirection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International-RegionalOptionsControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Iphlpsvc%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MCT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NTLM%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PeopleNearMe%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoostDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Recovery%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ServerUSBDevices%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ServerUSBDevices%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-VDRVROOT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-VHDMP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\dnary.xsd - error opening [4]
Number of scanned objects: 73437
Number of threats found: 1
Number of cleaned objects: 1
Time of completion: 2:22:11 PM  Total scanning time: 75 sec (00:01:15)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

 

 

Can anyone please help me fix this?

 

Thanks

post-11726-0-92015000-1459658500_thumb.jpg

Link to comment
Share on other sites

According to this: hxxp://www.virusradar.com/en/HTML_Refresh/detail , the malware is actually located in a web page. What Eset removed was the URL reference to the malware that was located in the browser cache. I believe your PC is now clear of any malware. 

 

You can always post in the Eset forum malware removal area for further assistance and/or a second opinion. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...