Author Topic: 3 viruses found not detected by Avast! or MBAM  (Read 10115 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
3 viruses found not detected by Avast! or MBAM
« on: August 26, 2014, 11:42:50 PM »
So, I found out that the laptop a guy gave me for free had a bunch of viruses and malware on it. Soon after I found this out I installed MBAM and Avast! on the system to clean it all out. After all the scans were done, I pulled out the network card, booted back into the original OS and removed all folder sharing and the online access accounts the viruses had made. I thought I had cleared it all out with Avast! finding over 1800 files in the system32 along with others scattered throughout other common directories on the laptop and MBAM also finding a good amount of files. I thought everything was good until I found three files under my system32 directory with odd icons. When I scanned the files, they both came out clean by MBAM and Avast! but I still thought I'd upload them to virustotal.com just to see for sure. These are the results of he scan:
1. https://www.virustotal.com/en/file/b80e8636f9ab374c1a3b24133d4fcc2d30ee3ac6da9a16d0aa6f68310af5c871/analysis/1408748526/
2. https://www.virustotal.com/en/file/c449d2e0cea951ce465455d58fcf41f3a2a13d0df5e880666cd0a2275aadbb05/analysis/1408741398/
3. https://www.virustotal.com/en/file/c449d2e0cea951ce465455d58fcf41f3a2a13d0df5e880666cd0a2275aadbb05/analysis/1408740271/
I was rather concerned by what these files were so I renamed them so that they weren't executable anymore and attempted to move them to a safer directory. I successfully moved over opea.exe and wmdtc.exe but dvdpaly.exe execute itself after being moved and Avast! finally picked it up and deleted it. As far as I know, there is now way for me to recover that file and I hadn't even had a chance to extract the icon from it :P. I thought I would just tell you that these files weren't detected by Avast! or anything else I was using and thought you may want to know about them. If you need copies of them to add to your definitions, I still have opea.exe and wmdtc.exe. I don't think I could get dvdpaly.exe back for adding to the definitions, but if there it, I wouldn't mind being able to extract the icon from that too as I could add it to my collection of odd low-res icons I got from viruses that can't be detected my my AVs.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #1 on: August 27, 2014, 05:46:09 AM »
You can report undetected malware here: http://www.avast.com/contact-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #2 on: August 27, 2014, 06:03:48 AM »
i recomend you attach a diagnostic log here and let the malware experts here take look inside
scroll down to Farbar Recovery Scan Tool   https://forum.avast.com/index.php?topic=53253.0
follow instructions and attach logs here


REDACTED

  • Guest
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #3 on: August 28, 2014, 01:43:51 AM »
i recomend you attach a diagnostic log here and let the malware experts here take look inside
scroll down to Farbar Recovery Scan Tool   https://forum.avast.com/index.php?topic=53253.0
follow instructions and attach logs here
That's allot of applications that the thing says to install. Is it necessary to install all of them an run scans? If so, it would probably slow down my PC allot and I wouldn't be able to use it for a day or two as the scans take a long time to complete. I'm also worried about overheating. I'm using a laptop and it doesn't have very good cooling and when I did the Avast! and MBAM scans they each took over 4 hours each and I could only do one at a time because when it does the scan it uses 100% of my CPU power.

I just wanted to check if this was the only way to be sure that I'm not still infected because it's very time consuming and slow. I'd also like to point out that I am not currently booted into the infected OS as this is a tri-booted system. I installed this current copy of XP on a new partition not too long ago when I upgraded my HDD. I still have the original dual-booted installation of Windows 2000 and 95 on the first partition as I took a disk image of it before I installed the new HDD and wrote that image to a 20GB partition on the new disk. I installed XP on the second partition and only after that is when I was able to run the scans. All the infected files were on the Win 2000 side and not a single file was detected on my XP installation. Even the three files I listed were found in Windows 2000's system32, not Windows XP.
Does this mean if I still want help from here I would need to install every application listed and run scans with them?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #4 on: August 28, 2014, 08:07:16 AM »
Quote
Does this mean if I still want help from here I would need to install every application listed and run scans with them?
see my post above ..... only one tool ..... Farbar Recovery Scan Tool, and the log expert will remove the tool when he is done

a diagnostic log is the only way to see what is going on in your system



« Last Edit: August 28, 2014, 08:10:16 AM by Pondus »

REDACTED

  • Guest
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #5 on: August 28, 2014, 08:49:46 PM »
Quote
Does this mean if I still want help from here I would need to install every application listed and run scans with them?
see my post above ..... only one tool ..... Farbar Recovery Scan Tool, and the log expert will remove the tool when he is done

a diagnostic log is the only way to see what is going on in your system
Sorry, I misread that. I have now attached the two logs that you said I should add to my post.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #6 on: August 28, 2014, 10:41:46 PM »
You are a bit short on RAM you have Total physical RAM: 383.48 MB which even for XP is pushing it


CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
C:\xmplay
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

REDACTED

  • Guest
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #7 on: August 29, 2014, 12:49:44 AM »
You are a bit short on RAM you have Total physical RAM: 383.48 MB which even for XP is pushing it


CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
C:\xmplay
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
What is this process actually doing? C:\xmplay is the location of xmplay, the music player that I always use on a regular basis. I have it installed on all my computers with Win32 OSes that have sound cards. I didn't even install it on here specifically, I copied it off my desktop a long while back and that's how I've copied it to all my systems. This is the exact copy I have on all my computers. If you're saying this is a infected file, that would mean that all my systems are infected, even my Windows 98 and 2 other XP computers. I did have it running while I was doing the scan so that's why you see it as a running process. I actually even have it running now as I type this message, so, is this going to damage the files in any way because I don't want to loose my 290 song playlist.
Quote
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
I haven't noticed any adds popping up on my system that would suggest that I have adware on it. Did you see something running that I didn't, because I haven't noticed anything on this OS that isn't normal. I'm pretty sure the infections are only on Windows 2000 on my other partition(C: is for Windows 2000 & 95 while XP in on D: ). I have noticed some adware on Windows 2000 though I will admit, and this is going to remove the stuff on that operating system even if I'm not booted into it at the moment and can't run it from within that environment specifically? I just want to make sure before I do anything else on here.

Also, by the way, thank you for pointing out in bold that I have 383.48MB of RAM. That was actually a upgrade that I recently did so that Firefox 30 would load faster. Before this upgrade, I was running only 200MB of RAM. This is more RAM than my other XP systems though, my desktop has 256MB and my other laptop does also. I am aware of all my system's hardware because I've done work on all of them and haven't taken a singe one of them to a repair shop before ever, I like to do all that stuff by myself instead. I'm basically just cleaning up the mess of viruses the previous owner left behind on that partition without knowing it.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #8 on: August 29, 2014, 02:33:09 PM »
No the reason for the removal is that the programme is running from C drive when everything else is on your D if you are happy with it then just leave it

AdwCleaner will also remove old orphan registry entries for adware, lack of popups do not mean they are not there

REDACTED

  • Guest
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #9 on: August 29, 2014, 09:04:44 PM »
Well, I've done the scan with AdwCleaner and nothing of importance came up, just a JavaScript .js file and a uninstaller left over in my temp folder. I've attached the log below but I'm afraid that Windows 2000 still has a bunch of unwanted stuff on it that it didn't detect. It doesn't appear it checked any of the files for my other operating systems because IE6 is still full of unwanted toolbars and stuff on Windows 2000 left from the last owner.

Is there a way that I can clean Windows 2000 because I've kept Windows XP all clean and clear ever since I've installed it but I every time I check it's like the stuff on Windows 2000 just won't go away. Like I said, I think I've cleaned Windows 2000 off but can't be sure because none of the tools are looking specifically where the stuff is hiding in Windows 2000, and the location of where that is, I don't really know. It's like every time I think it's gone I notice something else that shouldn't be there like when I found opea.exe and dvdpaly.exe.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #10 on: August 29, 2014, 09:26:52 PM »
Have you wiped the drive where 2000 is installed.  None of my tools look at dual boot systems they only operate in the active windows

REDACTED

  • Guest
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #11 on: August 29, 2014, 09:59:06 PM »
Have you wiped the drive where 2000 is installed.  None of my tools look at dual boot systems they only operate in the active windows
I haven't wiped the partition Windows 2000 is installed on because I don't have a Windows 2000 install disk. This is the only copy of 2000 I have and that's why I still have it instead of removing it and reinstalling.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #12 on: August 29, 2014, 10:21:20 PM »
If you boot into the 2000 you could try to run FRST from there although I am not sure if it still works on that OS

REDACTED

  • Guest
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #13 on: August 30, 2014, 03:38:38 AM »
If you boot into the 2000 you could try to run FRST from there although I am not sure if it still works on that OS
In the latest version of FRST, Windows 2000 doesn't recognize it as a valid Win32 application :P. Do you by ay chance have a copy that is compatible with Windows 2000 that I could use just to see what's really going on in the background of the system when I boot into it and if there's anything suspicious going on? It would be greatly appreciated.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 3 viruses found not detected by Avast! or MBAM
« Reply #14 on: August 30, 2014, 12:45:44 PM »
OK OTL is still 2000 compliant

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Save both files as ANSI and attach to your next post