Author Topic: suspected infection of XP pc passed to new Win 7 pc Help Required  (Read 3591 times)

0 Members and 1 Guest are viewing this topic.

Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Hi, I suspect that my new Win 7 PC may have been corrupted by something from my old XP PC either as they are networked or from USB file transfers, although I set up Avast before anything was connected & always scanned usb before uploading files, partly because I have for a long time suspected something was on XP machine.  I half thought though that it may just be because XP is about 8yrs old & XP is no longer supported etc.

Have scanned XP many times in past with Avast IS, Malwarebytes, Superantispyware, Spybot S&D, & Spywareblaster, but nothing ever shows up.  Regular but not consistent symptoms have been, very very slow to open files of various types from Microsoft Office, Design software (FlexiSign Pro 8.1) PDF complete, Slow browsing, Outlook Express (6) crashing occasionally & very frequently blue screen on shut down (everything goes through correct shut-down until Windows saving settings & then straight to blue screen rather than proper shut down. Then on start-up it displays message that system has recovered from serious fault.
It also seems that frequently if I leave PC with a couple of programs open in the evening particularly, say Flexisign Pro & maybe Firefox & then come back a couple of hours later the programs have become unresponsive & end up having to shut down with on/off button.

A while ago I unistalled MBAM as it seemed to be causing problems. Every time it got to pre sacn operations it would blue screen. I have also in the last week uninstalled superanti as it seemed to be causing pc to become unresponsive during scan sometimes.

Now with new Win 7 PC I have also had a couple of occasions with unresponsive programs, frozen screen & sudden shut down etc. so I fear something is wrong.

I have attached suggested logs here for Win 7 pc but not for XP as MBAM scan again blue screened it. Should I continue with the farbar & aswMBR scans on it & attach them?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #1 on: November 14, 2016, 10:08:31 AM »
Quote
as they are networked or from USB file transfers,

https://forum.avast.com/index.php?topic=53253.0  >>  SPECIFIC INFECTIONS LOGS
Follow MCShield instructions .... this log you copy and paste here (not attach this log)


Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #2 on: November 14, 2016, 12:35:07 PM »
>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<


14/11/2016 11:29:48 > Drive C: - scan started (no label ~149 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<


14/11/2016 11:30:58 > Drive B: - scan started (Drive 2 ~466 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<


14/11/2016 11:31:15 > Drive E: - scan started (KINGSTON ~29504 MB, FAT32 flash drive )...



=> The drive is clean.




Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #3 on: November 14, 2016, 12:36:18 PM »
>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows XP <<<


14/11/2016 10:39:59 > Drive C: - scan started (no label ~139 GB, NTFS HDD )...



=> The drive is clean.


14/11/2016 10:39:59 > Drive D: - scan started (HP_RECOVERY ~10 GB, NTFS HDD )...

>>> D:\autorun.inf > Legitimate file.

>>> D:\desktop.ini - Malware > Deleted. (16.11.14. 10.40 desktop.ini.503414; MD5: ff0799d89628fff26ef5d2cdb9ac1afb)

>>> D:\folder.htt - Malware > Deleted. (16.11.14. 10.40 folder.htt.358238; MD5: d8e318189048d3076ce2d424e4db290c)


=> Malicious files   : 2/2 deleted.

____________________________________________

::::: Scan duration: 2sec ::::::::::::::::::
____________________________________________

14/11/2016 10:40:03 > Drive J: - scan started (Sgt ~29 GB, NTFS HDD )...

>>> J:\autorun.inf > Suspicious > Renamed. (MD5: 0b7a6eb05e0a939e151d7bc86ed6934f)


=> Suspicious files  : 1/1 renamed.

____________________________________________

::::: Scan duration: 4sec ::::::::::::::::::
____________________________________________

14/11/2016 10:40:03 > Drive K: - scan started (Sgt Progs ~391 GB, NTFS HDD )...

>>> K:\autorun.inf > Suspicious > Renamed. (MD5: 0b7a6eb05e0a939e151d7bc86ed6934f)


=> Suspicious files  : 1/1 renamed.

____________________________________________

::::: Scan duration: 5sec ::::::::::::::::::
____________________________________________

14/11/2016 10:40:03 > Drive L: - scan started (Sgt  ~293 GB, NTFS HDD )...

>>> L:\autorun.inf > Suspicious > Renamed. (MD5: 0b7a6eb05e0a939e151d7bc86ed6934f)


=> Suspicious files  : 1/1 renamed.

____________________________________________

::::: Scan duration: 5sec ::::::::::::::::::
____________________________________________

14/11/2016 10:40:03 > Drive M: - scan started (Sgt Recovery ~219 GB, NTFS HDD )...

>>> M:\autorun.inf > Suspicious > Renamed. (MD5: 0b7a6eb05e0a939e151d7bc86ed6934f)


=> Suspicious files  : 1/1 renamed.

____________________________________________

::::: Scan duration: 5sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows XP <<<


14/11/2016 10:44:18 > Drive N: - scan started (KINGSTON ~29504 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows XP <<<


14/11/2016 10:47:16 > Drive O: - scan started (no label ~476 MB, FAT flash drive )...



=> The drive is clean.




Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #4 on: November 14, 2016, 12:38:27 PM »
Hi Pondus, see logs from both pcs above.

Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #5 on: November 15, 2016, 11:35:35 AM »
Can somebody please assist? I have copy & pasted the requested scan logs & would like to know how to proceed.

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #6 on: November 16, 2016, 08:31:59 AM »
Please download and run the MIcrosoft Safety Scanner from this site.  Also, please provide any logs or details that it finds.

Can you provide me with some history into the drives on this system?  FRST reads them as very low on usable space and that could be the issue you are seeing.
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #7 on: November 17, 2016, 03:04:20 AM »
Please download and run the MIcrosoft Safety Scanner from this site.  Also, please provide any logs or details that it finds.

Can you provide me with some history into the drives on this system?  FRST reads them as very low on usable space and that could be the issue you are seeing.

ummm, how long should safety scanner take to scan??  Did it on Win 7 pc & it took a couple of hours & found nothing.   I started it running on XP pc 11.5 hours ago & it's barely a third of the way through yet!!!!  Is that right?  nothing found yet.

Yes I realise the XP HDD is quite full & is no doubt not helping matters regarding speed, but that is definitely not the main issue as even when I occasionally have a good clearout it still suffers the same issues of blue screen during shut down & programs becoming unresponsive. When I say unresponsive programs I mean that nothing will work. even if I use task manager to try to close programs, nothing happens for maybe 10-15 mins. It can literally take an hour or more for the pc to shut down!!  This same problem has now transferred to the Win 7 pc which has bags of space on 2 intenal HDD's  so it can't be just down to space.

I am not overly bothered about the XP machine itself as such because I only need to keep it going long enough to transfer everything over to the Win 7 pc, but I obviously need the bits I transfer over to be clean.

Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #8 on: November 17, 2016, 05:30:28 PM »
Please download and run the MIcrosoft Safety Scanner from this site.  Also, please provide any logs or details that it finds.

Can you provide me with some history into the drives on this system?  FRST reads them as very low on usable space and that could be the issue you are seeing.

OK MSS didn't pick up anything on either PC.   What should I do about the suspicious files that MCShield found? & how do we now proceed please?

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #9 on: November 18, 2016, 08:48:19 AM »
MCShield has already handled (processed/cured) the files so you do not need to do anything with them.

Other errors shown in the logs suggest that there may be a disk controller / drive error; either your hard drive is failing or the driver is not proper for the hardware / OS combination.
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #10 on: November 18, 2016, 10:37:28 AM »
MCShield has already handled (processed/cured) the files so you do not need to do anything with them.

Other errors shown in the logs suggest that there may be a disk controller / drive error; either your hard drive is failing or the driver is not proper for the hardware / OS combination.

Yes I suspect that the internal drive on the old XP (this was the original installed drive so presume it must be proper one) is probably failing as it is so old now, another reason that I am switching.  The issues that MCSheild found were actually on the External Drive which I presume is a good drive still as it is only a couple of years old.

Can you help explain what is happening on my new Win 7 PC?  Although scans are showing it clean, why is it suffering from similar symptoms to XP?

Offline Myles45

  • Jr. Member
  • **
  • Posts: 93
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #11 on: November 20, 2016, 03:52:56 PM »
Hi, Is there any possibility somebody can help me with this issue please?  I have posted the requested logs & replied to questions asked but don't appear to be getting any further help?

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: suspected infection of XP pc passed to new Win 7 pc Help Required
« Reply #12 on: November 21, 2016, 05:53:43 AM »
The 4 logs you posted showed no malware except the possibility of some Microsoft files that had a faint possibility of being corrupted; the Microsoft Safety Scanner would have found and corrected that if they were corrupted.  MCShield has found and removed / repaired the USB malware on both systems it seems, so there should not be any left that way.

The crashing during shut down sounds like a corrupt registry.  Have you tried doing a Safe Mode start-up on the Win7 system?  Start the system and tap the F8 key until the Advanced Boot Options menu shows.  Use the up and down arrows on your keyboard to highlight Safe Mode and the press ENTER.  Once this boots and finishes loading, you can thenrestart the system and let it Boot normally.  See if that fixes the shut down crashes.
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE