Also, firefox blocks sites like mail.google.com and support.mozilla.org or mozilla.org saying the sites were configured improperly. And that because HTTP strict transport security it won't admit exceptions etc
Been trying everything and that's just as bad as whatever I have
- Thread starter tiogegeca
- Start date
- Status
As the malwarebytes was blaming all of its blockings to sysnetwk now I did another virustotal scan
Here's the URL
Antivirus scan for a261979a454f38adb52bec36a4cfe6ed4b95e54b692491027ff0283fcb654a6b at 2016-03-06 14:42:11 UTC - VirusTotal
Besides the recent alerts by only Avast and McAfee
Avast Win32:Malware-gen 20160306
McAfee Suspect-AN!F8AB87FDC591 20160306
Under behavioural information tab it shows that it failed user checking
C:/Documents and Settings/All Users/Application Data/Documents/{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} (failed)
C:/WINDOWS/Temp/{CD2F8BB9-5758-4151-B5BB-E507B7C16422} (failed)
C:/DOCUME~1/<USER>~1/LOCALS~1/Temp/{01193C1E-21DF-4D50-8393-687E2938346B} (failed)
C:/Documents and Settings/All Users/Application Data/AMD\{86D5CF5F-9452-4A99-ABA9-9CCC0878F5B6} (failed)
C:/Documents and Settings/All Users/Application Data/Intel\{17E87DD9-4270-4452-A06D-4F6DE04A9136} (failed)
C:/RECYCLER/S-1-3 (failed)
Here's the URL
Antivirus scan for a261979a454f38adb52bec36a4cfe6ed4b95e54b692491027ff0283fcb654a6b at 2016-03-06 14:42:11 UTC - VirusTotal
Besides the recent alerts by only Avast and McAfee
Avast Win32:Malware-gen 20160306
McAfee Suspect-AN!F8AB87FDC591 20160306
Under behavioural information tab it shows that it failed user checking
C:/Documents and Settings/All Users/Application Data/Documents/{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} (failed)
C:/WINDOWS/Temp/{CD2F8BB9-5758-4151-B5BB-E507B7C16422} (failed)
C:/DOCUME~1/<USER>~1/LOCALS~1/Temp/{01193C1E-21DF-4D50-8393-687E2938346B} (failed)
C:/Documents and Settings/All Users/Application Data/AMD\{86D5CF5F-9452-4A99-ABA9-9CCC0878F5B6} (failed)
C:/Documents and Settings/All Users/Application Data/Intel\{17E87DD9-4270-4452-A06D-4F6DE04A9136} (failed)
C:/RECYCLER/S-1-3 (failed)
I was thinking of running Kaspersky's Stinger and ZHPCleaner by Nicolas Coolman (french) but I will wait for your next instructions which I guess may include doing a FRST scan first.
Let me thank you for your attention and patience with my case.
Avira folks (I signed one of their plans I don' remember now) disappeared after repeating the same instructions of running two useless tools: "Avira support collector" on safe mode. It took many hours and it generated a zipped file of more than 25MB. I tried to send by gmail, but it was refused because of the size (Gmail sent the files to my Google Drive instead). I tried to send a zipped file of the results with my Hotmail email but it was denied again because it contained a virus and could not be attached. I also tried to run the GMER tool they asked me to download, but it crashes almost immediately in all of the ways that I tried it. Avira's instructions and tools have been useless and time-consuming to me. But worst of all is that they either disappear or keep repeating they won't do anything before they get the logs from their useless instructions, regardless of the abnormal situation of my computer. I think I just want my money back from them but that should be another problem.
Let me thank you for your attention and patience with my case.
Avira folks (I signed one of their plans I don' remember now) disappeared after repeating the same instructions of running two useless tools: "Avira support collector" on safe mode. It took many hours and it generated a zipped file of more than 25MB. I tried to send by gmail, but it was refused because of the size (Gmail sent the files to my Google Drive instead). I tried to send a zipped file of the results with my Hotmail email but it was denied again because it contained a virus and could not be attached. I also tried to run the GMER tool they asked me to download, but it crashes almost immediately in all of the ways that I tried it. Avira's instructions and tools have been useless and time-consuming to me. But worst of all is that they either disappear or keep repeating they won't do anything before they get the logs from their useless instructions, regardless of the abnormal situation of my computer. I think I just want my money back from them but that should be another problem.
- Mar 8, 2013
- 22,627
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition.txt option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Would you care to look at this too? It's about this strange file running as a process:
winsecurity.exe
https://www.virustotal.com/en/file/...06bc4779fe713286022d96a5/analysis/1457279717/
And it's a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Again, under behavioural information, it fails user account checkings on virustotal
C:/Documents and Settings/All Users/Application Data/AMD\{86D5CF5F-9452-4A99-ABA9-9CCC0878F5B6} (failed)
C:/Documents and Settings/All Users/Application Data/Intel\{17E87DD9-4270-4452-A06D-4F6DE04A9136} (failed)
C:/RECYCLER/S-1-3 (failed)
C:/Documents and Settings/All Users/Application Data/Documents/{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} (failed)
C:/WINDOWS/Temp/{CD2F8BB9-5758-4151-B5BB-E507B7C16422} (failed)
C:/DOCUME~1/<USER>~1/LOCALS~1/Temp/{01193C1E-21DF-4D50-8393-687E2938346B} (failed)
winsecurity.exe
https://www.virustotal.com/en/file/...06bc4779fe713286022d96a5/analysis/1457279717/
And it's a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Again, under behavioural information, it fails user account checkings on virustotal
C:/Documents and Settings/All Users/Application Data/AMD\{86D5CF5F-9452-4A99-ABA9-9CCC0878F5B6} (failed)
C:/Documents and Settings/All Users/Application Data/Intel\{17E87DD9-4270-4452-A06D-4F6DE04A9136} (failed)
C:/RECYCLER/S-1-3 (failed)
C:/Documents and Settings/All Users/Application Data/Documents/{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} (failed)
C:/WINDOWS/Temp/{CD2F8BB9-5758-4151-B5BB-E507B7C16422} (failed)
C:/DOCUME~1/<USER>~1/LOCALS~1/Temp/{01193C1E-21DF-4D50-8393-687E2938346B} (failed)
- Mar 8, 2013
- 22,627
That is normal to see on VirusTotal and all files we scanned are signed by Microsoft. I don't have a reason to believe they are infected.
Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please attach it to your reply.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Thank you. here's the fix log. But the small windows keep coming up, from Malwarebytes saying it's block adpages from sysnetwk.exe
- Mar 8, 2013
- 22,627
Yes. Problem is it doesn't show the problems it detects while active against malicious websites.
I did run a few other scans, like RogueKiller V12.0.1.0 (x64) [Mar 7 2016] (Free), log attached;
1) ZHPCleaner v2016.3.5.37 by Nicolas Coolman (2016/03/05), attached too.
2) Zemana, which keeps finding and deleting more or less the same things that keep coming back; log attached too
3) McAffee Stinger provides a very short html log, transcribed below:
4) McAfee® Labs Stinger™ Version 12.1.0.1945 built on Mar 4 2016 at 14:03:48
Copyright© 2015, McAfee, Inc. All Rights Reserved.
AV Engine version v5800.7501 for Windows.
Virus data file v1000.0 created on Mar 4, 2016
Ready to scan for 9733 viruses, trojans and variants.
Custom scan initiated on domingo, março 06, 2016 17:59:37
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:f8ab87fdc5913f01745016ca3f7a92eb] is infected with Suspect-AN!F8AB87FDC591
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe [MD5:015a355a7890a08dfb38868f8a45610a] is infected with Artemis!015A355A7890
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe has been Deleted
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe is infected with Artemis!015A355A7890
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar is infected
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:f8ab87fdc5913f01745016ca3f7a92eb] is infected with Suspect-AN!F8AB87FDC591
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
Summary Report on C:
J:
File(s)
TotalFiles:............ 4178516
Clean:................. 1021198
Not Scanned:........... 3157313
Possibly Infected:..... 5
Time: 08:42:37
Scan completed on segunda-feira, março 07, 2016 02:42:14
I did run a few other scans, like RogueKiller V12.0.1.0 (x64) [Mar 7 2016] (Free), log attached;
1) ZHPCleaner v2016.3.5.37 by Nicolas Coolman (2016/03/05), attached too.
2) Zemana, which keeps finding and deleting more or less the same things that keep coming back; log attached too
3) McAffee Stinger provides a very short html log, transcribed below:
4) McAfee® Labs Stinger™ Version 12.1.0.1945 built on Mar 4 2016 at 14:03:48
Copyright© 2015, McAfee, Inc. All Rights Reserved.
AV Engine version v5800.7501 for Windows.
Virus data file v1000.0 created on Mar 4, 2016
Ready to scan for 9733 viruses, trojans and variants.
Custom scan initiated on domingo, março 06, 2016 17:59:37
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:f8ab87fdc5913f01745016ca3f7a92eb] is infected with Suspect-AN!F8AB87FDC591
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe [MD5:015a355a7890a08dfb38868f8a45610a] is infected with Artemis!015A355A7890
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe has been Deleted
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe is infected with Artemis!015A355A7890
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar is infected
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:f8ab87fdc5913f01745016ca3f7a92eb] is infected with Suspect-AN!F8AB87FDC591
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
Summary Report on C:
J:
File(s)
TotalFiles:............ 4178516
Clean:................. 1021198
Not Scanned:........... 3157313
Possibly Infected:..... 5
Time: 08:42:37
Scan completed on segunda-feira, março 07, 2016 02:42:14
for further illustration here's a new log from McAfee Stinger. Though very extensive in searching, it fails to treat the menaces it finds.
McAfee® Labs Stinger™ Version 12.1.0.1945 built on Mar 4 2016 at 14:03:48
Copyright© 2015, McAfee, Inc. All Rights Reserved.
AV Engine version v5800.7501 for Windows.
Virus data file v1000.0 created on Mar 4, 2016
Ready to scan for 9733 viruses, trojans and variants.
Custom scan initiated on segunda-feira, março 07, 2016 07:16:53
Rootkit scan result : Clean.
C:\ProgramData\Windows Security\winsecurity.exe [MD5:9d55542b4329e2e7c19326d20b44f643] is infected with Suspect-AN!9D55542B4329
C:\ProgramData\Windows Security\winsecurity.exe couldn't be repaired
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:b8dba4c401d56a834f25f19eb6400d88] is infected with Suspect-AN!B8DBA4C401D5
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe is infected with Artemis!015A355A7890
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar is infected
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:b8dba4c401d56a834f25f19eb6400d88] is infected with Suspect-AN!B8DBA4C401D5
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
C:\ProgramData\Windows Security\f\up\Rar6_54_350\winsecurity.exe [MD5:9d55542b4329e2e7c19326d20b44f643] is infected with Suspect-AN!9D55542B4329
C:\ProgramData\Windows Security\f\up\Rar6_54_350\winsecurity.exe has been Deleted
C:\ProgramData\Windows Security\winsecurity.exe [MD5:9d55542b4329e2e7c19326d20b44f643] is infected with Suspect-AN!9D55542B4329
C:\ProgramData\Windows Security\winsecurity.exe couldn't be repaired
C:\Users\Tio\Downloads\soft\security\delfix_1.011.exe [MD5:e6fa7781d11c3ffdfb91d3b3c78383a3] is infected with Artemis!E6FA7781D11C
C:\Users\Tio\Downloads\soft\security\delfix_1.011.exe has been Deleted
Summary Report on C:
File(s)
TotalFiles:............ 2517246
Clean:................. 708697
Not Scanned:........... 1808541
Possibly Infected:..... 8
Time: 07:45:21
Scan completed on segunda-feira, março 07, 2016 15:02:14
McAfee® Labs Stinger™ Version 12.1.0.1945 built on Mar 4 2016 at 14:03:48
Copyright© 2015, McAfee, Inc. All Rights Reserved.
AV Engine version v5800.7501 for Windows.
Virus data file v1000.0 created on Mar 4, 2016
Ready to scan for 9733 viruses, trojans and variants.
Custom scan initiated on segunda-feira, março 07, 2016 07:16:53
Rootkit scan result : Clean.
C:\ProgramData\Windows Security\winsecurity.exe [MD5:9d55542b4329e2e7c19326d20b44f643] is infected with Suspect-AN!9D55542B4329
C:\ProgramData\Windows Security\winsecurity.exe couldn't be repaired
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:b8dba4c401d56a834f25f19eb6400d88] is infected with Suspect-AN!B8DBA4C401D5
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe is infected with Artemis!015A355A7890
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar\Keygen X-force 2015\Keygen X-FORCE 64 bits\xf-adsk2015_x64.exe couldn't be repaired
C:\Autodesk\KEYGEN X-FORCE AUTODESK 2015 WINDOWS.rar is infected
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [MD5:b8dba4c401d56a834f25f19eb6400d88] is infected with Suspect-AN!B8DBA4C401D5
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe couldn't be repaired
C:\ProgramData\Windows Security\f\up\Rar6_54_350\winsecurity.exe [MD5:9d55542b4329e2e7c19326d20b44f643] is infected with Suspect-AN!9D55542B4329
C:\ProgramData\Windows Security\f\up\Rar6_54_350\winsecurity.exe has been Deleted
C:\ProgramData\Windows Security\winsecurity.exe [MD5:9d55542b4329e2e7c19326d20b44f643] is infected with Suspect-AN!9D55542B4329
C:\ProgramData\Windows Security\winsecurity.exe couldn't be repaired
C:\Users\Tio\Downloads\soft\security\delfix_1.011.exe [MD5:e6fa7781d11c3ffdfb91d3b3c78383a3] is infected with Artemis!E6FA7781D11C
C:\Users\Tio\Downloads\soft\security\delfix_1.011.exe has been Deleted
Summary Report on C:
File(s)
TotalFiles:............ 2517246
Clean:................. 708697
Not Scanned:........... 1808541
Possibly Infected:..... 8
Time: 07:45:21
Scan completed on segunda-feira, março 07, 2016 15:02:14
Thanks. I know UAC just tells me something is changing. But this infection isn't really changing it like I thought before.
Thanks. Chrome thing was one of the first that I tried. It finds nothing and resets chrome. That's all. Intersting enough, now that you mentioned the signature, I went back to check and these files (sysnetwk.exe and winsecurity.exe) are all signed up by a same certain Lei Qing. Maybe that's some respected certifier but that's quite strange.
Lei Qing is a software publisher located in Tianjin, China*. No positives in Reason Core (is this respected?) Lei Qing Analysis - Reason Core Security Labs
sysnetwk.exe is installed together with the following file.
wmnet.exe 6.3.9600.17284 (aaa.140822-1915) (f1cdf282a3197cb351ce75c64deb8cdc9b97a7f8)
sysnetwk.exe is installed together with the following file.
wmnet.exe 6.3.9600.17284 (aaa.140822-1915) (f1cdf282a3197cb351ce75c64deb8cdc9b97a7f8)
- Mar 8, 2013
- 22,627
Can you delete these folders?
C:\ProgramData\Microsoft\Network\Dsq
C:\ProgramData\Windows Security
C:\ProgramData\Microsoft\Network\Dsq
C:\ProgramData\Windows Security
This thing probably configures offline files to synchronize after a certain when network becomes active. And this is the folder for these offline files (or something like that). In spite of all the work I will probably reformat and reinstall everything because all of the modifications will give me more work to set back to normal. USB drivers are giving me trouble. Everyday I have to reset browsers. Windows security configs are all blocked, like firewall, antivirus etc. Now I just want to nail what causes all this problem.
I tried but it says there are files in use so that they must be closed before deleting the folders
- Mar 8, 2013
- 22,627
- Status
Similar threads
- Locked
