0 Members and 7 Guests are viewing this topic.
Hi Heantrad,You are welcome.Regards.
So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.Any idead of what can it be? (I haven't deleted it yet).
Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.
And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?
So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.
So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.
Hi Heantrad,Quote from: HeantradSo today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.Any idead of what can it be? (I haven't deleted it yet).Could you please post RogueKiller log ? I'm sure Ron won't make you install something unsafe.Quote from: HeantradAlso, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.This is a bug on our side. Don't worry about that.Quote from: HeantradAnd, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?Yes. RogueKiller doesn't display legit hooks anymore.Quote from: HeantradSo... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.Please see this with Ron. If something must be removed, he will instruct you how to do it with FRST.Quote from: HeantradSo, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.Yes, the file could be useful for analysis.Please rar it and attach it with your next reply.Regards.
Hi Heantrad,Sorry, I didn't see the log at first sight.The new lines are liked to ESet Smart Security driver, so they are legit.I checked the file you attached.It's not a valid PE file (exe file) and therefore it poses no threat.Regards.
I unistalled them because I thought that the trojan might have created them, it's okay anyways right?
So, if I execute the file, what would happen
So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?
Hi Heantrad,Quote from: HeantradI unistalled them because I thought that the trojan might have created them, it's okay anyways right?Yes.Quote from: HeantradSo, if I execute the file, what would happenAbsolutely nothing since Windows cannot interpret it.Quote from: HeantradSo, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?AutoRun could be subverted by malwares for propagation purposes but, most of the time, the instruction on the autorun.inf file are perfectly legit.For more information, please read Creating an AutoRun-Enabled Application.Regards.
Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.
Also, for curiosity, is hotmail/outlook that bad?
Hi Heantrad,Quote from: HeantradCould it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.This is certainly the case.Quote from: HeantradAlso, for curiosity, is hotmail/outlook that bad?Not at all. I think it's a pretty good solution for end-user.Regards.
Hi Heantrad,It's legit.Regards.
Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?
And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?
What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.
Hi Heantrad,Quote from: HeantradAlso, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?CCleaner installer don't contains any adware.Quote from: HeantradAnd a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?I'm sorry but I have no clue.Quote from: HeantradWhat are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files..lnk files are Shell Links.If you enable SAS! to follow them, it will then scan the files "linked" to them. It won't make it analyzes less files.Regards.