New Virus or Malware VaXon?

[REDACTED]

Hey all,

So I was sent a word doc file today disguised as someone's resume... when I opened it there was a warning about the doc file being from an older version of word and then a second one about macros disabled  and I stupidly ignored both. Immediately afterward I closed the file, and a pop up came up saying that VaXon had stopped working. Amazingly google has no idea what VaXon is so I'm likely the first to fall for this. I scheduled Avast to run a boot time scan but when I restart I get a blue screen saying a problem has been detected yaddda yadda and when the system reboots the avast scan doesn't run. Any ideas on how I can get the scan to run... though I'm not sure it'll help if google doesn't bring anything up with VaXon to begin with.

[Eddy]

Attach the log files to your next post here.
https://forum.avast.com/index.php?topic=194892.0

[Pondus]

So I was sent a word doc file today disguised as someone's resume...

You can forward suspicious mail(s) to this address  >>  sanitize-beta@metadefender.com

After 10min you should recive a mail with scan info


More info here  >>  https://www.opswat.com/metadefender-email-security-cloud-mesc-faq

[REDACTED]

Attach the log files to your next post here.
https://forum.avast.com/index.php?topic=194892.0

Sorry Log files? Avast isn't detecting anything. All I've got to work with is the minidump file from windows regarding the crash.

[REDACTED]

So I was sent a word doc file today disguised as someone's resume...

You can forward suspicious mail(s) to this address  >>  sanitize-beta@metadefender.com

After 10min you should recive a mail with scan info


More info here  >>  https://www.opswat.com/metadefender-email-security-cloud-mesc-faq

Thanks Pondus, I forwarded it to that address and it was infected. The results are:


I'm running a full scan right now but I'm worried that with it crashing my system on shutdown or reboot Avast won't be able to remove it. Is there a way to tell Avast to run a boot time scan from the dos prompt before windows launches? I tried running avast in safe mode but it doesn't work there... says the UI won't load.

[Eddy]

Did you even read the instructions ?

[REDACTED]

Apologies no, I didn't understand what you were linking me to. Reading now.

[REDACTED]

Ok so as is the problem with Avast, same thing happened with malwarebytes. The program needed to reboot in order to clean the infected files which unfortunately causes a system crash and reboots my computer so the malicious files aren't removed. I'll post the MBAM text file. Second scan however says that there are 0 threats and 0 in quarantine which is disheartening.
I took a screen shot of the results of the scan though as it found 7 threats which I figured it wouldn't be able to remove. Granted I'm not sure at the accuracy as it's identifying my file format converter software for converting video and audio and itunes as threats. I wouldn't think the malware would be able to inject itself into other files so quickly but maybe it can?



Also I should mention that Malware bytes stopped several website connections when it launched.

MBAMSERVICE.log file:

https://pastebin.com/49bNT6UP

[REDACTED]

Here's the two logs from FARBAR

FRST -  https://pastebin.com/1hj6xDTx         

Addition - https://pastebin.com/6ndkyiT1

[Eddy]

Attach the logs to your post as the instructions say please.

[REDACTED]

Sorry, didn't think it would make a difference and figured paste bin was safer since I'm infected.

[REDACTED]

Ok so after using Malware Bytes to clean the system, I rolled back windows to the closest date and this fixed the reboot crash so it looks like my problem is solved. Thanks for the help!

[Pondus]

Ok so after using Malware Bytes to clean the system, I rolled back windows to the closest date and this fixed the reboot crash so it looks like my problem is solved. Thanks for the help!

This will not remove any infected files, it may prevent any malware from starting but not remove

Since you have done a rollback i would create and attach new FRST logs

Malware expert is notified but located in Canada so usually online early morning european time.

[dbrisendine]

If you still need help, please remove all cracked / illegal software from the system, reboot and run fresh FRST logs.  Please post them and I will try to assist you.  Thanks.

[REDACTED]

Ok so Malware Bytes and Avast both say that my system is clean which is why I assumed that the infection was gone. Oddly though Malware bytes keeps stopping my SvChost.exe file in the Windows/System32 folder from accessing a website both inbound and outbound which would lead me to believe that a trojan has injected itself into the file. If this is the case, why are both programs saying I'm clean? I did an Avast Boot time scan and a full Malware bytes scan.

I don't run any pirated or illegal software.

Downloading FRST now...