Been trying everything and that's just as bad as whatever I have
- Thread starter tiogegeca
- Start date
- Status
Deleted the folders, restarted and could not connect to internet (wifi, iPhone by Ethernet etc). Also browsers said proxy servers were refusing connection. I tried to reset browsers and proxy settings but it didn't work. I restarted the notebook with difficulty and a blue screen crash that said there was some general driver problem. Avira returned an analysis of those files I had submitted. I'll post it on a next msg, because I'm using iPhone.
Here's the analysis of those two files by Avira
Avira Lab Response - Tracking number 2003925
A
Avira Virus Lab Response Team
to me
1 hour ago
Details
Dear Sir or Madam,
Thank you for your email to Avira's virus lab.
Tracking number: INC02003925.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
28742554 sysnetwk.exe 7.08 MB MALWARE
28742555 winsecurity.exe 6.91 MB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
sysnetwk.exe MALWARE
The file 'sysnetwk.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.tfsa.10. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename Result
winsecurity.exe MALWARE
The file 'winsecurity.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.tfsa.11. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. Detection will be added to our virus definition file (VDF) with one of the next updates.
Alternatively you can see the analysis result here:
https://analysis.avira.com/en/status?uniqueid=XAsJZbNBLccPdkdFIdRMPDBR5k4XNJmK&incidentid=2003925
An overview of all your submissions can be found here:
https://analysis.avira.com/en/overview?uniqueid=XAsJZbNBLccPdkdFIdRMPDBR5k4XNJmK
Please note: If you have specific questions, please visit our website Avira Support for further details.
Kind regards
Avira Virus Lab
---------------------------------------------
Avira Operations GmbH & Co. KG
Kaplaneiweg 1, 88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-500 3000
Internet: http://www.avira.com
CEO: Travis Witteveen
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------
Reply
Forward
O acesso à sua conta do PayPal foi restaurado
S
06:16
service
Olá, Rogerio Braga de Assunção, Nossa análise está concluída e restauramos sua conta. Agradecemos sua
Avira Lab Response - Tracking number 2003925
A
Avira Virus Lab Response Team
to me
1 hour ago
Details
Dear Sir or Madam,
Thank you for your email to Avira's virus lab.
Tracking number: INC02003925.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
28742554 sysnetwk.exe 7.08 MB MALWARE
28742555 winsecurity.exe 6.91 MB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
sysnetwk.exe MALWARE
The file 'sysnetwk.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.tfsa.10. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename Result
winsecurity.exe MALWARE
The file 'winsecurity.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.tfsa.11. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. Detection will be added to our virus definition file (VDF) with one of the next updates.
Alternatively you can see the analysis result here:
https://analysis.avira.com/en/status?uniqueid=XAsJZbNBLccPdkdFIdRMPDBR5k4XNJmK&incidentid=2003925
An overview of all your submissions can be found here:
https://analysis.avira.com/en/overview?uniqueid=XAsJZbNBLccPdkdFIdRMPDBR5k4XNJmK
Please note: If you have specific questions, please visit our website Avira Support for further details.
Kind regards
Avira Virus Lab
---------------------------------------------
Avira Operations GmbH & Co. KG
Kaplaneiweg 1, 88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-500 3000
Internet: http://www.avira.com
CEO: Travis Witteveen
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------
Reply
Forward
O acesso à sua conta do PayPal foi restaurado
S
06:16
service
Olá, Rogerio Braga de Assunção, Nossa análise está concluída e restauramos sua conta. Agradecemos sua
Sorry. I had copied and pasted part of a related problem where PayPal said my account was being accessed from somewhere in the US
'm not really done with that problem yet. But I'd say it's almost a case closed case. If it doesn't come back somehow, I still have too many windows readjustments to do. I'll probably have to reformat and reinstall everything whenever I get a break in my agenda. I have to thank you very much for your skilled attention and help. Many other users from this community have given me insights too, so I have to state that I'm really happy with this community here. I hope to be able to pay back some other users with the same kind of generosity. If I ever get to some better knowledge I hope it can be of some use here too.
Lots of windows security configs still locked, blocked or changed. These tools have done it, like I've done a lot of it too (UAC fussing was important to beware of changes). But most of it is over. Besides changing passwords whenever I have a break I'll do a complete reformat and reinstall.
RogueKiller fixed some stuff again (log uploaded). But I'm still paying attention to some other things like: Proxy Server config is still being changed by windows user into http=127.0.0.1:8080;https=127.0.0.1:8080 And Zemana keeps deleting VeriSign root certificate. Also antimalwarebytes stopped loading at startup.
RogueKiller fixed some stuff again (log uploaded). But I'm still paying attention to some other things like: Proxy Server config is still being changed by windows user into http=127.0.0.1:8080;https=127.0.0.1:8080 And Zemana keeps deleting VeriSign root certificate. Also antimalwarebytes stopped loading at startup.
- Mar 8, 2013
- 22,627
Okay, let's then remove all the remnants of that file:
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition.txt option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
- Mar 8, 2013
- 22,627
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
- Mar 8, 2013
- 22,627
It seems to be clean. The only problem now is that my windows is all messed up, partly because I have blocked lots of things myself. I'll try to tweak it back into normal shape. I have completely uninstalled some tools but this will take a little longer. Thank you very much TwinHeadedEagle for all your attention, patience and knowledge!
- Status
Similar threads
- Locked
