Author Topic: ProcessLogger.exe Virus Assistance Please  (Read 1617 times)

Offline YouthWork

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
ProcessLogger.exe Virus Assistance Please
« on: August 25, 2012, 03:35:48 AM »
C:\HP\BIN\ProcessLogger.exe
Status PUP:Win32:PUP-gen [PUP]
severity low

.........................

1. How was it detected?
2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
3. When was it downloaded or received?

My browsers were stalling.  Hotmail and Google were not loading. My other laptop found same virus 2 weeks ago and I made an effort not to use the usb that I believe it came from, nor my cellphone (which i believe is also infected) on this computer.  But today after the browsers started acting up, I used my digital camera memory stick (which I also used at a internet cafe along with the infected USB).  Surprised that Avast didn`t pop up as it did on my other computer.  I decided to do a bootscan anyway.  When avast popped up on the other computer, thats what it recommended, a boot scan.

The file came from a college library computer.  I went to my former college`s library to scan something (same place I brought home a virus from when I first used the computer there 6 years ago); used my usb. when i got home, I used same usb on my laptop.  My cell was plugged in cause I was tethering.  Browsers stalled, pages wouldn`t load, Avast eventually popped up after 15-20 mins (Can`t remember if before or after I restarted computer).
I pulled out my cell right after seeing the avast warning.  My cell wouldn`t turn off or on. It was just blank.  I pulled out the battery, put it back, then it turned on.  I was convinced that it is infected.

4. What is the exact file name with extension.

C:\HP\BIN\ProcessLogger.exe
Status PUP:Win32:PUP-gen [PUP]


5. What was the exact wording of the message that the AV program  came up with? This is important for later. Right click the asvast ball and left-click show last pop-up message!

During the bootscan and now in Avast results:

Error 0xc0000034 object name not found

0xc000009c (Status_Device_Data_Error)

Error 42060 File was not repaired

C:\HP\BIN\Error 0xc000000D {An invalid parameter was passed to a service or function}

...........................

When I tried to load and update Malwarebytes, this error appears: DCSH HOST error.

Then, when I try to reload it, "Malwarebytes is already running" but I can't find it anywhere.


I would greatly appreciate any assistance possible.

Thanks


Offline mikaelrask

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1303
  • Gender: Male
    • Personal Message (Offline)
Re: ProcessLogger.exe Virus Assistance Please
« Reply #1 on: August 25, 2012, 08:08:18 AM »
Hey PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
Not all antivirus programs scan for PUPs and avast has it turned off by default (an exception being the boot-time scan).

follow this guide if you think your infected.

http://forum.avast.com/index.php?topic=53253.0

good luck
new computer
windows 8 Intel core I-3 64 bit
6 gb ram 500 gb hardrive. avast 9 MBAM

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21798
  • Gender: Male
    • Personal Message (Offline)
Re: ProcessLogger.exe Virus Assistance Please
« Reply #2 on: August 25, 2012, 08:57:43 AM »
this PUP detection has been reported many times before..(C:\HP\BIN\ProcessLogger.exe )  search the forum and see

the file belongs to a factory installed HP program.
you will also find similar detections from Toshiba an Dell programs reported in here

anyway, avast is just telling you that you have a program that can be used for good or bad if abused

and as already said, PUP scan is default off in quick/full scan but on in boot scan
so you should be prepaired for a scan result like this when running a boot scan
« Last Edit: August 25, 2012, 05:36:09 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline flashgamer001

  • Jr. Member
  • **
  • Posts: 36
    • Personal Message (Offline)
Re: ProcessLogger.exe Virus Assistance Please
« Reply #3 on: August 25, 2012, 04:31:00 PM »
The above posts are entirely accurate. However, the problems you describe sound like they could be from another malware on the system. Please post logs as described in http://forum.avast.com/index.php?topic=53253.0 and wait for a removal expert.

Offline YouthWork

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: ProcessLogger.exe Virus Assistance Please
« Reply #4 on: August 26, 2012, 05:17:44 PM »
Thanks.  And thanks flashgamer001 for recognizing that it could be something else. 

Here are my logs for MBAM, OTL, and asmMBR:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.01

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
user :: USER-PC [administrator]

24/08/2012 11:42:59 PM
mbam-log-2012-08-24 (23-42-59).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325559
Time elapsed: 1 hour(s), 31 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
.....................

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:15:36
-----------------------------
12:15:36.864    OS Version: Windows 6.0.6000
12:15:36.864    Number of processors: 2 586 0xF0D
12:15:36.864    ComputerName: USER-PC  UserName: user
12:15:39.859    Initialize success
12:15:40.452    AVAST engine defs: 12082600
12:16:01.451    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:16:01.451    Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
12:16:01.482    Disk 0 MBR read successfully
12:16:01.482    Disk 0 MBR scan
12:16:01.497    Disk 0 unknown MBR code
12:16:01.497    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       145412 MB offset 63
12:16:01.544    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         7210 MB offset 297805824
12:16:01.560    Disk 0 scanning sectors +312571904
12:16:01.638    Disk 0 scanning C:\Windows\system32\drivers
12:16:14.681    Service scanning
12:16:42.340    Modules scanning
12:16:55.834    Disk 0 trace - called modules:
12:16:55.897    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:16:56.411    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b71110]
12:16:56.427    3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x85b23798]
12:16:56.427    5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b29030]
12:16:58.283    AVAST engine scan C:\Windows
12:17:01.731    AVAST engine scan C:\Windows\system32
12:19:36.218    AVAST engine scan C:\Windows\system32\drivers
12:19:52.910    AVAST engine scan C:\Users\user
12:25:52.287    AVAST engine scan C:\ProgramData
12:27:13.111    Scan finished successfully
12:29:29.065    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:29:29.080    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:15:36
-----------------------------
12:15:36.864    OS Version: Windows 6.0.6000
12:15:36.864    Number of processors: 2 586 0xF0D
12:15:36.864    ComputerName: USER-PC  UserName: user
12:15:39.859    Initialize success
12:15:40.452    AVAST engine defs: 12082600
12:16:01.451    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:16:01.451    Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
12:16:01.482    Disk 0 MBR read successfully
12:16:01.482    Disk 0 MBR scan
12:16:01.497    Disk 0 unknown MBR code
12:16:01.497    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       145412 MB offset 63
12:16:01.544    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         7210 MB offset 297805824
12:16:01.560    Disk 0 scanning sectors +312571904
12:16:01.638    Disk 0 scanning C:\Windows\system32\drivers
12:16:14.681    Service scanning
12:16:42.340    Modules scanning
12:16:55.834    Disk 0 trace - called modules:
12:16:55.897    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:16:56.411    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b71110]
12:16:56.427    3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x85b23798]
12:16:56.427    5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b29030]
12:16:58.283    AVAST engine scan C:\Windows
12:17:01.731    AVAST engine scan C:\Windows\system32
12:19:36.218    AVAST engine scan C:\Windows\system32\drivers
12:19:52.910    AVAST engine scan C:\Users\user
12:25:52.287    AVAST engine scan C:\ProgramData
12:27:13.111    Scan finished successfully
12:29:29.065    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:29:29.080    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
12:29:46.189    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:29:46.205    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


Thanks

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21798
  • Gender: Male
    • Personal Message (Offline)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29082
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: ProcessLogger.exe Virus Assistance Please
« Reply #6 on: August 26, 2012, 07:31:07 PM »
I can see no apparent malware, have you tried an uninstal and then reinstal of MBAM ?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now