New Virus/malware found

[REDACTED]

A couple days ago my system started running slow. I have run Windows Defender (it won't run now), Malwarebytes finds it but will not get rid of it. So, I looked online for more info and found a program named Reason Core Security that said it could get rid of the virus/malware. I ran the software and it did find a directory in my C;\program files dir named mbcdhze and a exe file in c:\windows/system32 named sneiukpsvc.exe. I start task manager and attempt to end the process and get a window saying The operation could not be completed. Access denied. I can't delete the file because it is running. I am able to delete the mbcdhze firectory but it keeps returning. I am running an AMD FX8320 (8core cpu) with a R7 200 2gig vid card and 16gigs of ram on Windows 7 Ultimate. Hoping one of the Avast is aware of this issue and working on a fix. I believe this isa new virus/malware because there is NO INFO on this file sneiukpsvc.exe which makes me think it is new. I always wonder when a new virus is found and there seems to always be 1 company out there that offers the fix. Makes me think the company that is selling the Malware/virus scanner (that seems to be the ONLY one that knows about it) had a hand in the writing and distribution of the virus/malware. Any suggestions?

Also, I have booted into safe mode and tried running Avast and Malwarebytes but neither find any issues.

When I run Malwarebytes and it gets to the Rootkit section, I get a window that says it couldn't scan for Rootkits and ased to reboot system. Unfortunately MB doesn't seem to want to run anymore so I can't give the exact statement in the window.

[Eddy]

You where asked to provide log files.

[REDACTED]

Uhmm...no I wasn't. All I want to do is let Avast know there is a new virus out there. I am not worried about my system. THe untimate Virus fixer is format and reinstall which takes me about 2 hrs when I get motivated and as I stated in my repost, MB will not run anymore. I believe whatever got into my system, disabled it and other virus/malware checkers.

[Eddy]

https://forum.avast.com/index.php?topic=209388.msg1423858#msg1423858

You sure was!

[REDACTED]

"If you wish help, here are some tools and logs that will speed up the process of getting you clean."

If you are referring to the above line taken from that thread you posted, there is nothing there asking me to provide logs. and the 1st step in those instructions say to run MalwareBytes....which I have already stated it won't run, neither will other virus/malware type software now. To me, it looks like whatever got into my system removed the use of those programs.

Since I am using the free version of Avast, apparently I have no avenue other than the forums to inform someone of a (possibly) new virus/malware. But, I have downloaded and run the program Farbar Recovery Scan Tool. If you tell me which part of the 2 files (FTST.txt and Addition.txt) you need, I will paste them here. I do not feel comfortable uploading a file with the info it contains to a public post.

[Pondus]

FRST logs are computer diagnostic logs, and both logs are needed. And don't paste, attach logs

    I have no avenue other than the forums to inform someone of a (possibly) new virus/malware.

Do you have a sample? It can be sendt to avast lab.
See instructions  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

You can also check suspicious files at: www.virustotal.com / www.jotti.org / www.metadefender.com

  So, I looked online for more info and found a program named Reason Core Security that said it could get rid of the virus/malware. I   

    http://uk.pcmag.com/software/89944/review/reason-core-security

[REDACTED]

FRST logs are computer diagnostic logs, and both logs are needed. And don't paste, attach logs

    I have no avenue other than the forums to inform someone of a (possibly) new virus/malware.

Do you have a sample? It can be sendt to avast lab.
See instructions  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

You can also check suspicious files at: www.virustotal.com / www.jotti.org / www.metadefender.com

I am trying to check the file via the sites you posted. Another oddity with this file that makes me believe it is a virus/malware is the fact that using Windows Commander (file manager) with hidden files turned on I cannot see the file in the directory. But when I navigate to it via windows explorer I can. I cannnot see it when checking (so far) virustotal.com. However, I was able to copy it to another directory (I know, probably not a good idea) and check it from there.  Unfortunately, all three sites say the file is clean

  So, I looked online for more info and found a program named Reason Core Security that said it could get rid of the virus/malware. I   

    http://uk.pcmag.com/software/89944/review/reason-core-security

[Pondus]

Malware expert is notified.

[REDACTED]

Malware expert is notified.

Not sure what you are saying? File is suspicious? After rebooting, the file is there in the running processes and trying to end the process gets a unable to terminate the process. Operation could not be completed, access is denied.

[Pondus]

Malware expert is notified.

Not sure what you are saying? File is suspicious? After rebooting, the file is there in the running processes and trying to end the process gets a unable to terminate the process. Operation could not be completed, access is denied.

Malware expert will check the FRST logs you attached when he is online



You may post link to VirusTotal scan result here

[REDACTED]

Malware expert is notified.

Not sure what you are saying? File is suspicious? After rebooting, the file is there in the running processes and trying to end the process gets a unable to terminate the process. Operation could not be completed, access is denied.

Malware expert will check the FRST logs you attached when he is online



You may post link to VirusTotal scan result here

There were no results all three URLs you posted reported zero of whatever scans they did. All said the file was clean. BUT, the only way I could test the file was copy it to another directory so I guess to be technical, I didn't check the actual (possibly) infected file. There is also a directory C:\program files\mbcdhze being created after each reboot (I can delete the directory b4 reboot) and it is empty. I am assuming it has to do with the file c:\windows\system32\sneiukpsvc.exe.

[Pondus]

  There were no results all three URLs you posted reported zero of whatever scans they did. All said the file was clean.   

There are additional file info given when you scan it, like file type, who made it, digitally signed, seen before, ......... And lots more

[Sass Drake]

Did you install BOINC?

[REDACTED]

Did you install BOINC?

I installed BOINC back in 1999 and have been running it fine since. I have not updated it for a few months either.

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

BootExecute: autocheck autochk * bddel.exe
FF user.js: detected! => C:\Users\KingKoz\AppData\Roaming\Mozilla\Firefox\Profiles\eeiipjvw.default-1489569338083\user.js [2017-03-18]
VirusTotal: C:\Windows\system32\sneiukpsvc.exe

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.