Author Topic: SandBox malfunction possibly virus  (Read 30363 times)

0 Members and 1 Guest are viewing this topic.

CAS159

  • Guest
Re: SandBox malfunction possibly virus
« Reply #15 on: March 03, 2014, 08:56:11 AM »
I'm attaching the MalwareBytes log.  I think OTL must be run with the virus checker, Avast and my firewalls, Windows and Outpost off?  If FireFox can find and list the files and Windows can't I would like to wait.
I had trouble finding the log file because the Application Data was not listed so I found it under My Documents.  I just found MalwareBytes has two log files which are not identical in name and size.
The first      "mbam-log-2014-03-02 (18-57-49).txt 7KB 12:26am".
The second "MBAM-log-2014-03-03 (00-24-36).txt  6KB 12:25am".
I don't know which one is safe to post.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: SandBox malfunction possibly virus
« Reply #16 on: March 03, 2014, 09:40:45 AM »
Quote
I don't know which one is safe to post.
they are all safe to post


Quote
I think OTL must be run with the virus checker, Avast and my firewalls, Windows and Outpost off? 
just follow instructions for OTL   http://forum.avast.com/index.php?topic=53253.0





CAS159

  • Guest
Re: SandBox malfunction possibly virus
« Reply #17 on: March 03, 2014, 10:17:05 AM »
Okay this is weird or trojan.  I posted the two Malwarebyte logs but could not find them listed until now with a warning message and there are two extra of the same two logs. I'll just include the first two.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: SandBox malfunction possibly virus
« Reply #18 on: March 03, 2014, 12:57:38 PM »
Please do the same with the OTL log.
Attach them to your next post.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: SandBox malfunction possibly virus
« Reply #19 on: March 03, 2014, 03:02:49 PM »
Hi I am not 100% sure what the problem is... Is it the programme VuePrint  or the PUP's that MBAM detected ?

An OTL scan will enable me to see if there is anything else that may be causing problems

Also what is the MB size of your picture folder

CAS159

  • Guest
Re: SandBox malfunction possibly virus
« Reply #20 on: March 03, 2014, 03:45:52 PM »
I ran OTL this morning and shut down Avast, windows and Outpost firewalls, and shut down screen saver program, power for monitor, hard disk, standby all off.
I woke up to a shut down computer and hit the power button and searched for the OTL.txt and I did not find it.  I've captured my search. I ended the Extras.Txt search since it could not find anything.
VuePrint crashes if the file directory is too large for it to access JPG files.  The fact is "FireFox. Tools, Downloads, Open Containing Folder" brings up the files, but Explorer can't find it. I don't know the size of the subfolder previous to this event of file loss.  However, I have all the files named in alphabetical order only showing files starting A and some in B, and there are 157 files, 3 folders, two of them sub-folders under A, 37.2 MB size on disk.
Yesterday I did a scan of the problem directory of missing files and one jpg had an error message,
"Error: Data error (cyclic redundancy check) (23)".   Before all this happened I was waiting for the Full System scan to finish because it had found a bug.  I found that to be a trojan, JS:ScriptPE-inf[Trj].

This morning I ran OTL to directions posted:
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Select All Users
    Select LOP and Purity
    Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Attach  both logs
« Last Edit: March 03, 2014, 04:01:01 PM by CAS159 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: SandBox malfunction possibly virus
« Reply #21 on: March 03, 2014, 03:53:10 PM »
The proper OTL.txt looks to be 491Kb could you attach that one

CAS159

  • Guest
Re: SandBox malfunction possibly virus
« Reply #22 on: March 03, 2014, 06:21:49 PM »
My search for the OTL.txt file brought up the file from last September when I ran another OTL.  I've attached the file.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: SandBox malfunction possibly virus
« Reply #23 on: March 03, 2014, 06:30:16 PM »
We need a OTL log created today, in 5 months a lot can have changed.
Therefor a old OTL log is useless.

CAS159

  • Guest
Re: SandBox malfunction possibly virus
« Reply #24 on: March 03, 2014, 06:42:44 PM »
I think the bug ate the log file.  My computer was not supposed to shut down.  All the power settings were set to never.  You can only run OTL once?  The OTL.exe is still on my computer from last September.  I thought that was supposed be erased?
« Last Edit: March 03, 2014, 06:46:56 PM by CAS159 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: SandBox malfunction possibly virus
« Reply #25 on: March 03, 2014, 06:48:05 PM »
Download a fresh copy of OTL and the main text will suffice for now

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs

CAS159

  • Guest
Re: SandBox malfunction possibly virus
« Reply #26 on: March 03, 2014, 08:07:39 PM »
I ran OTL.  I've attached OTL.txt.  Extras.Txt was not found.  I'm doing a scan to see if it is on my computer.  I deleted the September OTL.exe, OTL..txt, Extras.Txt, and program directories from my system before running OTL.  I shutdown Avast, Windows and Outpost Firewalls.  The only thing I forgot to shutdown was the clock on the toolbar.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: SandBox malfunction possibly virus
« Reply #27 on: March 03, 2014, 08:13:28 PM »
Quote
I ran OTL.  I've attached OTL.txt.  Extras.Txt was not found.
only created first time OTL is run.....just extra computer tech info and usually not needed, so no worry

CAS159

  • Guest
Re: SandBox malfunction possibly virus
« Reply #28 on: March 03, 2014, 08:21:40 PM »
Thanks but I let the clock run.  Why would FireFox be able to find files downloaded yet Explorer would not unless FireFox was not corrupted in its' file organization with that directory.  It just a thought.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: SandBox malfunction possibly virus
« Reply #29 on: March 03, 2014, 08:36:08 PM »
The logs look clean ..  Have you cleared sandbox and then tried the programme again ?