HitmanPro found something that MWB didn't

[elharris6_9]

A month or so ago, my keyboard had started acting strange, turning off if I moved it a certain way. I'm still having the problem. I thought I had just worn out the cord, but then when I plugged by webcam into the same USB outlet, it did the same thing, only working at certain angles. I was not entirely sure if this problem was created by a virus, and I still am a little skeptical. Then, after I installed an update from Java, hitmanpro came up and ran a scan, showing me two threats were found. I don't know if these viruses came from the Java update, or if they've been there all along, and are the cause of the glitchy USB outlets.

 

[elharris6_9]

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : ZHOLTZ
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Zholtz\Tryjoniche
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-11-07 12:24:08
   Scan mode . . . . . . : Quick
   Scan duration . . . . : 3m 17s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 3,531
   Files scanned . . . . : 3,531
   Remnants scanned  . . : 0 files / 0 keys

Suspicious files ____________________________________________________________

   C:\Users\Tryjoniche\AppData\Local\Temp\_ir_tu2_temp_0\Wow64.lmd
      Size . . . . . . . : 91,440 bytes
      Age  . . . . . . . : 968.0 days (2011-03-15 11:47:28)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 971412AADE4CF64028CC855A632DAD99831877C2C2D098F4573C312A4D139736
      Product  . . . . . : Wow64 Actions Plugin
      Publisher  . . . . : MindQuake Serviços de Informática Ltda.
      Description  . . . : Wow64 Actions Plugin
      Version  . . . . . : 1.0.3.3
      Copyright  . . . . : Copyright © 2010 MindQuake Serviços de Informática Ltda.
      RSA Key Size . . . : 2048
      Authenticode . . . : Self-signed
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file name extension of this program is not common.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Program is code self-signed.
         The file is in use by one or more active processes.
         Program contains PE structure anomalies. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.

 

[TwinHeadedEagle]

Hi,


Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Like everyone, I have a private life, so be patient with me. Sometimes I will respond immediately, sometimes it will take a coupe hours.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

Because of this, I advise you to backup any personal files and folders before you start.


<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>



Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Press Start Scan
• If Suspicious object is detected, the default action will be Skip, click on Continue.
• If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.




Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[elharris6_9]

I couldn't find the logfiles for adwcleaner or tdsskiller. I don't know why. I even searched for them. Would they not create logfiles if they hadn't found anything?

 

[TwinHeadedEagle]

There is no need for those logs, no signs of infection. Hitman Pro detectection is false positive or it is about little more agressive heuristics...

 

[elharris6_9]

There is no need for those logs, no signs of infection. Hitman Pro detectection is false positive or it is about little more agressive heuristics...

What do you mean by 'aggressive heuristics'?

Should I uninstall some of the scanners you had me download?

 

[TwinHeadedEagle]

Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.

What do you mean by 'aggressive heuristics'?

Just it is a False positive detection

 

[elharris6_9]

Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.

What do you mean by 'aggressive heuristics'?

Just it is a False positive detection

Alright. Thanks a bunch, even if it was a false alarm.