Author Topic: Interesting Case  (Read 42915 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Interesting Case
« Reply #45 on: January 23, 2014, 08:54:17 PM »
If you try to run a game does it work or do you get an error ?

Also could you run FRST :)

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #46 on: January 23, 2014, 08:59:37 PM »
ok ill try to run a game after this post hear are the to FRST notes

i beleave i put both in if i dint please tell
« Last Edit: January 23, 2014, 09:02:28 PM by alan1998 »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #47 on: January 23, 2014, 09:06:20 PM »
alright i tried to open minecraft.exe (at lease that's what it says now) and it worked BTW i opened it without wifi i doint know if that affects it or not i just thought i would tell u
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Interesting Case
« Reply #48 on: January 23, 2014, 09:08:24 PM »
OK lets run this and then see what problems remain

Download the attached fixlist.txt to the same location as FRST
Run FRST and press FIX

Please post the log that this generates.


Then use the computer to go online and let me know how it is behaving

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #49 on: January 23, 2014, 09:10:01 PM »
alright i will do it now thx  :)
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #50 on: January 23, 2014, 09:15:53 PM »
alright hear it is, is there specific things i should be looking for?, and thanks for everything  :D

i just got on the wifi and all the icons turned to not icon thair there but thai not the actual icon only way i can describe it is they look like files but i beleave thats not right sorry
« Last Edit: January 23, 2014, 09:20:05 PM by alan1998 »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Interesting Case
« Reply #51 on: January 23, 2014, 09:17:42 PM »
Nope just anything that seems a bit iffy or odd .. Web redirects, slowness or stuttering etc 

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #52 on: January 23, 2014, 09:21:49 PM »
if you didn't see what i added please look and i also got off the wifi just incase

some icons just came back should i restart my computer and sorry for asking all these questions cant be to safe
« Last Edit: January 23, 2014, 09:25:27 PM by alan1998 »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Interesting Case
« Reply #53 on: January 23, 2014, 09:24:26 PM »
Was this as soon as you connected to the net ?

Do you also use USB drives to copy programmes to other computers ?

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #54 on: January 23, 2014, 09:28:14 PM »
yes and yes i will start the download as soon as i post this thanks.

Edit: All the icons are back - Michael
Edit #2: Bailey has a Thumbs.bd file hidden on his desktop. Is that normal? Or a dead remnant
« Last Edit: January 23, 2014, 09:34:55 PM by alan1998 »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #55 on: January 23, 2014, 09:46:20 PM »
alright hear is the mc shield scan- Bailey
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Interesting Case
« Reply #56 on: January 23, 2014, 10:02:20 PM »
Thumbs.db is a hidden system file so can be left.  Could you try and connect to the net again and see if the icons change again

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #57 on: January 23, 2014, 10:05:17 PM »
sure, nothing yet but it said it was taking longer to connect to the internet than usual.

When I try to open skype, it asks for permission from a admin (program name Skype code sign, Verified publisher: skype software Sarl, file origin: hard drive on this computer) I got this when I had the malware by the way.

Edited: Corrected Spelling & Grammar
« Last Edit: January 23, 2014, 10:25:27 PM by alan1998 »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Interesting Case
« Reply #58 on: January 23, 2014, 10:36:11 PM »
That is the UAC in operation, combofix set that to default, I would recommend that you keep it that way

We will look at the connection time later.  Meanwhile how is the computer performing in general 

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Interesting Case
« Reply #59 on: January 23, 2014, 11:13:40 PM »
vary well thank you so so so much if theirs anything i can do to repay u please tell thank you Agean- Bailey but skype is still vary slow/lagy and dosent come up
« Last Edit: January 23, 2014, 11:16:19 PM by alan1998 »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.