Avast WEBforum
Other => Viruses and worms => Topic started by: YouthWork on August 25, 2012, 05:35:48 AM
-
C:\HP\BIN\ProcessLogger.exe
Status PUP:Win32:PUP-gen [PUP]
severity low
.........................
1. How was it detected?
2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
3. When was it downloaded or received?
My browsers were stalling. Hotmail and Google were not loading. My other laptop found same virus 2 weeks ago and I made an effort not to use the usb that I believe it came from, nor my cellphone (which i believe is also infected) on this computer. But today after the browsers started acting up, I used my digital camera memory stick (which I also used at a internet cafe along with the infected USB). Surprised that Avast didn`t pop up as it did on my other computer. I decided to do a bootscan anyway. When avast popped up on the other computer, thats what it recommended, a boot scan.
The file came from a college library computer. I went to my former college`s library to scan something (same place I brought home a virus from when I first used the computer there 6 years ago); used my usb. when i got home, I used same usb on my laptop. My cell was plugged in cause I was tethering. Browsers stalled, pages wouldn`t load, Avast eventually popped up after 15-20 mins (Can`t remember if before or after I restarted computer).
I pulled out my cell right after seeing the avast warning. My cell wouldn`t turn off or on. It was just blank. I pulled out the battery, put it back, then it turned on. I was convinced that it is infected.
4. What is the exact file name with extension.
C:\HP\BIN\ProcessLogger.exe
Status PUP:Win32:PUP-gen [PUP]
5. What was the exact wording of the message that the AV program came up with? This is important for later. Right click the asvast ball and left-click show last pop-up message!
During the bootscan and now in Avast results:
Error 0xc0000034 object name not found
0xc000009c (Status_Device_Data_Error)
Error 42060 File was not repaired
C:\HP\BIN\Error 0xc000000D {An invalid parameter was passed to a service or function}
...........................
When I tried to load and update Malwarebytes, this error appears: DCSH HOST error.
Then, when I try to reload it, "Malwarebytes is already running" but I can't find it anywhere.
I would greatly appreciate any assistance possible.
Thanks
-
Hey PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
Not all antivirus programs scan for PUPs and avast has it turned off by default (an exception being the boot-time scan).
follow this guide if you think your infected.
http://forum.avast.com/index.php?topic=53253.0
good luck
-
this PUP detection has been reported many times before..(C:\HP\BIN\ProcessLogger.exe ) search the forum and see
the file belongs to a factory installed HP program.
you will also find similar detections from Toshiba an Dell programs reported in here
anyway, avast is just telling you that you have a program that can be used for good or bad if abused
and as already said, PUP scan is default off in quick/full scan but on in boot scan
so you should be prepaired for a scan result like this when running a boot scan
-
The above posts are entirely accurate. However, the problems you describe sound like they could be from another malware on the system. Please post logs as described in http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) and wait for a removal expert.
-
Thanks. And thanks flashgamer001 for recognizing that it could be something else.
Here are my logs for MBAM, OTL, and asmMBR:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.25.01
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
user :: USER-PC [administrator]
24/08/2012 11:42:59 PM
mbam-log-2012-08-24 (23-42-59).txt
Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325559
Time elapsed: 1 hour(s), 31 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
.....................
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:15:36
-----------------------------
12:15:36.864 OS Version: Windows 6.0.6000
12:15:36.864 Number of processors: 2 586 0xF0D
12:15:36.864 ComputerName: USER-PC UserName: user
12:15:39.859 Initialize success
12:15:40.452 AVAST engine defs: 12082600
12:16:01.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:16:01.451 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
12:16:01.482 Disk 0 MBR read successfully
12:16:01.482 Disk 0 MBR scan
12:16:01.497 Disk 0 unknown MBR code
12:16:01.497 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145412 MB offset 63
12:16:01.544 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7210 MB offset 297805824
12:16:01.560 Disk 0 scanning sectors +312571904
12:16:01.638 Disk 0 scanning C:\Windows\system32\drivers
12:16:14.681 Service scanning
12:16:42.340 Modules scanning
12:16:55.834 Disk 0 trace - called modules:
12:16:55.897 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:16:56.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b71110]
12:16:56.427 3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x85b23798]
12:16:56.427 5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b29030]
12:16:58.283 AVAST engine scan C:\Windows
12:17:01.731 AVAST engine scan C:\Windows\system32
12:19:36.218 AVAST engine scan C:\Windows\system32\drivers
12:19:52.910 AVAST engine scan C:\Users\user
12:25:52.287 AVAST engine scan C:\ProgramData
12:27:13.111 Scan finished successfully
12:29:29.065 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:29:29.080 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:15:36
-----------------------------
12:15:36.864 OS Version: Windows 6.0.6000
12:15:36.864 Number of processors: 2 586 0xF0D
12:15:36.864 ComputerName: USER-PC UserName: user
12:15:39.859 Initialize success
12:15:40.452 AVAST engine defs: 12082600
12:16:01.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:16:01.451 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
12:16:01.482 Disk 0 MBR read successfully
12:16:01.482 Disk 0 MBR scan
12:16:01.497 Disk 0 unknown MBR code
12:16:01.497 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145412 MB offset 63
12:16:01.544 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7210 MB offset 297805824
12:16:01.560 Disk 0 scanning sectors +312571904
12:16:01.638 Disk 0 scanning C:\Windows\system32\drivers
12:16:14.681 Service scanning
12:16:42.340 Modules scanning
12:16:55.834 Disk 0 trace - called modules:
12:16:55.897 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:16:56.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b71110]
12:16:56.427 3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x85b23798]
12:16:56.427 5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b29030]
12:16:58.283 AVAST engine scan C:\Windows
12:17:01.731 AVAST engine scan C:\Windows\system32
12:19:36.218 AVAST engine scan C:\Windows\system32\drivers
12:19:52.910 AVAST engine scan C:\Users\user
12:25:52.287 AVAST engine scan C:\ProgramData
12:27:13.111 Scan finished successfully
12:29:29.065 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:29:29.080 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
12:29:46.189 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:29:46.205 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
Thanks
-
i see you have IObit advanced system care!
here is some info about that company :-\
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217
-
I can see no apparent malware, have you tried an uninstal and then reinstal of MBAM ?