Avast WEBforum
Other => Viruses and worms => Topic started by: aphil4 on November 30, 2017, 06:26:40 PM
-
I had a look through RegEdit and found some worrying entries. I first thought it maybe something to do with browsing in private mode as the entries are under HKEY_CURRENT_USER "Yes I know what you are going to say don't delete" but to late the two original folders were gone for a couple of days and now I have three, this was all done previous to the post and scan so cannot go back. I have done the scans required and are listed below. Sorry should have added snapshot of regedit so you can view, by the way I have never played or installed Football Manager "not my sort of thing".
If you can help rectify I will be most grateful.
-
Malware experts are notified. It may take hours before they are online
-
No problem I noticed this a few days ago so if this is malware or the like it has probably done what it has to sadly.
Thanks for the update though.
P.S
Are the files safe posted here of will this reveal PC details!!!
-
I had a look through RegEdit and found some worrying entries. I first thought it maybe something to do with browsing in private mode as the entries are under HKEY_CURRENT_USER "Yes I know what you are going to say don't delete" but to late the two original folders were gone for a couple of days and now I have three, this was all done previous to the post and scan so cannot go back. I have done the scans required and are listed below. Sorry should have added snapshot of regedit so you can view, by the way I have never played or installed Football Manager "not my sort of thing".
If you can help rectify I will be most grateful.
Just a quick update, just scrolled through deeper into RegEdit and found the following WHICH IS A WORRY because it seems to have access to create handshakes but not an expert in this area!!!
See attached
-
May as well have a go myself does not seem like anyone has the same problem and all my scans give no results so I'm going to delete the access I found after making a backup at least I will be able to use my PC on the net. :(
-
Please post MBAM and FRST logs as instructed on following link.
https://forum.avast.com/index.php?topic=194892.0
-
I'm not sure if Scans, Other Scans, Boot Time Scan was included as part of your free version that I currently use or was updated after my posting but after running the Boot Time Scan it found Win32-GenMalicious-IYO [trj] so I am a happy person now ;D and thank you for your help. One thing for other users that wish to run this, it took around 8 hours to run so no access to PC but glad it found my malware.
Thanks Avast
-
I know this was some time ago and Avast seemed to rid me of this problem, well its not surfaced again.
BUT a file that was downloaded and installed around the time the Chinese letters appeared in the registry files. the other day I used the same file in another PC with Win 7 installed and the same characters appeared in the Perflib file so had a look through community where I found Jotti listed a a website that scans files, I had the files scanned but nothing was found but seems very strange that after installing, I started having issues, once file is removed everything stops, now it could be just me but thought I would put it in the post.
File names : Academy_Engraved_LET.ttf and copyfonts.com_academy-engraved-let.ttf
I know they are small files and if anything would annoy rather than corrupt thing but if anyone has a isolated system for testing I would love to know if they contain malware or virus.
By the way I hand corrected errors in Registry and Perflib restored with no help from anti-virus software that found nothing wrong!!!
-
Follow the directions from Sass Drake. He is one of the Malware experts.
See his reply to you. Reply #5