Author Topic: Infection:Filerepmalware  (Read 30063 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #15 on: November 12, 2014, 06:25:40 PM »
Ok, so I message back in 2 hours and say if a alert has come.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Infection:Filerepmalware
« Reply #16 on: November 12, 2014, 06:26:06 PM »
Sure :)

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #17 on: November 12, 2014, 06:31:30 PM »
May I ask why exactly you scheduled those files for deletion?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Infection:Filerepmalware
« Reply #18 on: November 12, 2014, 06:33:52 PM »
They were run once files that pointed to a temp folder using a system programme.  Run once are just that they should not be there after a reboot.  Plus they use run32 which operates under svchost 

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #19 on: November 12, 2014, 06:46:53 PM »
Ah, theres a program in my Taskmgr named: Setupafterrebootservice.exe Which is coming under Realtek audio.

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #20 on: November 12, 2014, 06:54:09 PM »
Also, were those files deleted malicious?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Infection:Filerepmalware
« Reply #21 on: November 12, 2014, 07:20:34 PM »
Realtek is safe and as for the files they may have been downloaders but they were blocked and now dead

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #22 on: November 12, 2014, 07:29:41 PM »
Thank you, no more alerts now.

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #23 on: November 12, 2014, 07:42:34 PM »
Came up again, it's every installer. Rundll32.exe this time.  :(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Infection:Filerepmalware
« Reply #24 on: November 12, 2014, 07:48:15 PM »
OK could you run combofix please and I will look for hidden drivers

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #25 on: November 12, 2014, 07:58:31 PM »
It say's that it won't run with my operating system version.

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #26 on: November 12, 2014, 08:16:27 PM »
It's now reporting URL:MAL and Firefox is opening random sites, I do not need my firefox opening up random dating sites.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Infection:Filerepmalware
« Reply #27 on: November 12, 2014, 08:54:33 PM »
You are on windows 7 aren't you ?

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #28 on: November 12, 2014, 09:09:59 PM »
I know you won't like this, so I don't need to be scolded about it; but it's the technical preview.

REDACTED

  • Guest
Re: Infection:Filerepmalware
« Reply #29 on: November 12, 2014, 09:12:04 PM »
This report is more interesting, it was the same; svchost.exe but it displayed its PID.