Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on December 17, 2014, 01:55:44 PM
-
So someone puts a link to a game on my steam profile, since i have avast sandbox i thought who cares why not, so i opened the exe with avast sandbox instant virus warning then my avast was oddly turned off, and i got a notification that it wanted to turned off even though it already was?
Anyway here is the virus analysis, avast did not detect anything my pc works fine now avast works fine after a reboot and no virus is detected with either malwarebytes or avast should i worry? or should i reformat i would apreeciate a response as soon as possible
i use avast internet security
Antivirus Result Update
ALYac Gen:Variant.Zusy.117925 20141217
Ad-Aware Gen:Variant.Zusy.117925 20141217
BitDefender Gen:Variant.Zusy.117925 20141217
DrWeb Trojan.PWS.UFR.3856 20141217
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.PX 20141217
Emsisoft Gen:Variant.Zusy.117925 (B) 20141217
GData Gen:Variant.Zusy.117925 20141217
Ikarus Trojan-Downloader.MSIL.Small 20141217
MicroWorld-eScan Gen:Variant.Zusy.117925 20141217
NANO-Antivirus Trojan.Win32.Small.djrxno 20141217
-
https://forum.avast.com/index.php?topic=53253.0
-
Antivirus Result Update
ALYac Gen:Variant.Zusy.117925 20141217
Ad-Aware Gen:Variant.Zusy.117925 20141217
BitDefender Gen:Variant.Zusy.117925 20141217
DrWeb Trojan.PWS.UFR.3856 20141217
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.PX 20141217
Emsisoft Gen:Variant.Zusy.117925 (B) 20141217
GData Gen:Variant.Zusy.117925 20141217
Ikarus Trojan-Downloader.MSIL.Small 20141217
MicroWorld-eScan Gen:Variant.Zusy.117925 20141217
NANO-Antivirus Trojan.Win32.Small.djrxno 20141217
always post link to scan result, as there are lots of info we cant see when you just copy and paste
-
Antivirus Result Update
ALYac Gen:Variant.Zusy.117925 20141217
Ad-Aware Gen:Variant.Zusy.117925 20141217
BitDefender Gen:Variant.Zusy.117925 20141217
DrWeb Trojan.PWS.UFR.3856 20141217
ESET-NOD32 a variant of MSIL/TrojanDownloader.Small.PX 20141217
Emsisoft Gen:Variant.Zusy.117925 (B) 20141217
GData Gen:Variant.Zusy.117925 20141217
Ikarus Trojan-Downloader.MSIL.Small 20141217
MicroWorld-eScan Gen:Variant.Zusy.117925 20141217
NANO-Antivirus Trojan.Win32.Small.djrxno 20141217
always post link to scan result, as there are lots of info we cant see when you just copy and paste
i sent you a pm with the link thankyou
ok here it is
https://www.virustotal.com/en/file/1cf68de50488ff53d75967c1ba5da05fa119320f0de6114f9bc220978464f862/analysis/1418822036/
according to properties of the file it used to be called pvp.ganker.exe
i also did a malwarebytes rootkit scan checking the rootkit box but still nothing found
-
asw log
-
We need FRST the most..
-
here
-
Holy crap... You have a lot of torrents!!
Also, can you uninstall PunkBuster? It's classified as Spyware.
-
one frst log is missing ...... additional.txt attach that also
-
And Shortcut.txt, as I see you have that too.
-
Damm sorry I fell asleep ok I will add those
-
Nothing readily apparent so far, are you having any problems
-
well i still have the final files to attach
-
and shortcut (i was not able to attach all of them at once
and no the pc works perfect nothing no but i worry that i might have a keylogger now or someone spying on it so yeah avast works fine too
-
They also look good
-
They also look good
so is it safe to say that i am safe no hidden impossible to find thing or anything avast did stop it considering it did detect it when opened but then i wounder why it suddenly wanted to turn off after this
it was off but then suddenly it sent that all over screen avast shutdown notification
-
No unknown files were logged over the last week or so and all registry start points looked good, no anomalous drivers or tasks were seen.
-
so should i feel safe and keep using my pc? no hidden suprises or anything keyloggers backdoors etc
and thankyou for this help i apreeciate it alot
-
Essex is the best I know of in this field. If he thinks you're clean, chances are 99.99% sure you are indeed clean :-)
-
Essex is the best I know of in this field. If he thinks you're clean, chances are 99.99% sure you are indeed clean :-)
thankyou sorry for the double response i didn't notice page 2 so i responded twice
also if it's important or not i use premier not is
thankyou again :)
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/)
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
If you do need to keep Java then download JavaRa (https://singularlabs.com/software/javara/javara-download/)
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
(https://dl.dropboxusercontent.com/u/73555776/javara.JPG)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)
Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Unchecky (http://unchecky.com/)
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe :wave:
-
i ran delfix as for the crypto program i wish something like that was whithin avast already so i can run them allongside?
-
is this just really bad luck? it refuses to let me visit page 2 of this thread (sorry for double post but i can't edit the former post)
(https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-xap1/t31.0-8/10869525_10152852163771668_1920690478713160969_o.jpg)
oh and what i wanted to post before this weird thing happened
# DelFix v10.8 - Logfile created 18/12/2014 at 16:31:51
# Updated 29/07/2014 by Xplode
# Username : Jonathan - TITANTI
# Operating System : Windows 8.1 Pro (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Users\Jonathan\Downloads\Addition.txt
Deleted : C:\Users\Jonathan\Downloads\aswmbr.exe
Deleted : C:\Users\Jonathan\Downloads\FRST (1).txt
Deleted : C:\Users\Jonathan\Downloads\FRST.txt
Deleted : C:\Users\Jonathan\Downloads\FRST64.exe
Deleted : C:\Users\Jonathan\Downloads\Shortcut.txt
~ Cleaning system restore ...
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
-
update on your file
https://www.virustotal.com/nb/file/1cf68de50488ff53d75967c1ba5da05fa119320f0de6114f9bc220978464f862/analysis/1418916902/
Norman/BlueCoat auto added signature as Suspicious_Gen5.AZXWK when i uploaded it in there analysis tool
after manual analysis detection name is changed to DLoader.ATMIJ
-
do you know what they do or is it just a false positive?
thankyou
-
do you know what they do or is it just a false positive?
thankyou
They would not add signature if it was a FP .... and from the detection name Norman/BlueCoat gave it DLoader.ATMIJ = a downloader that downloads crap/malware to your machine
Surf Safe .... Case closed 8)