We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Help Windows XP Update repeating
Comments
-
They might be traces - otherwise harmless - Post the log or give the full file, path to file & detection name.
EG: C:\directory\folder\sub_folder\filename.exe -> Win32:Trojan.gen0 -
I do hate scanners which make you wait!murphydavid wrote: »Its been running now for 5 hours and is currently saying I have 5 infected files. F-secure does not find these! I have to wait till it ends to find out what they are.Stompa0 -
They might be traces - otherwise harmless - Post the log or give the full file, path to file & detection name.
EG: C:\directory\folder\sub_folder\filename.exe -> Win32:Trojan.gen
I will do if it ever ends. I made the mistake of hitting cancel to see if it would stop and tell me where they were but it just ended so I had to start again. Now its been going again for 8hrs and 7 minutes it has scanned over 1,700,000 files (how on earth did I get one and three quarter million files). Still once again says 5 infected files and looking at the "what is currently scanning" I can see it is alphabetical and it has reached W (windows) sub folder I (Install). At least it seems to be thorough. Keep watching
Later (again)0 -
Go to %windir%\debug\msert.log (%windir% usually C:\windows)
See if the detections are wrote to that log yet.
If you haven't done so, try temporarily disabling your installed AV's realtime protection.
http://www.bleepingcomputer.com/forums/topic114351.html
As the MS safety scanner is looking at files, your AV will be wanting access too. Turning it off may speed it up a bit.0 -
Ok now completely off original thread but for completion.
During the scan it was showing 5 threats.
The scan ended after about 9 hours and reported 2 files. Then as suggested I looked at the msert.log and it reports 3 files:
as follows:
Threat detected: RemoteAccess:Win32/TightVNC
containerfile://C:\Downloads\UBCD4WinV350.exe
file://C:\Downloads\UBCD4WinV350.exe->(inno#006031)
SigSeq: 0x00001667AC467722
file://C:\Downloads\UBCD4WinV350.exe->(inno#006035)
SigSeq: 0x0000166795FC9E9E
SHA1: C15AE9468E5D13A3ACD8793B15F7D07549335880
Threat detected: MonitoringTool:Win32/KGBKeylogger
containerfile://C:\Documents and Settings\David\My Documents\DOWNLOADS\refog_setup_free_kl_643.exe
file://C:\Documents and Settings\David\My Documents\DOWNLOADS\refog_setup_free_kl_643.exe->(inno#000001)
SigSeq: 0x00007D78F9AC2FDA
SHA1: 475FDFC60EA7EDAC01D81109C5432D56BE204EE0
Threat detected: MonitoringTool:Win64/KGBKeylogger
containerfile://C:\Documents and Settings\David\My Documents\DOWNLOADS\refog_setup_free_kl_643.exe
file://C:\Documents and Settings\David\My Documents\DOWNLOADS\refog_setup_free_kl_643.exe->(inno#000004)
SigSeq: 0x0000A56115A8D38B
SHA1: 475FDFC60EA7EDAC01D81109C5432D56BE204EE0
Threat detected: Adware:Win32/OpenCandy
containerfile://C:\Downloads\fdminst.exe
file://C:\Downloads\fdminst.exe->(inno#000151)->(inno#000006)
SigSeq: 0x0000AB78835F0EDB
SHA1: 0C2ABDD3EE0E099307287548218747AEA4FB3E46
As I recognise these files I directed F-Secure to examine them and it found no threat.
The key logger was under my control and I don't use it any more and the other two threats are minor but I have deleted the files anyway just to be sure.0 -
Nothing there to report really as you knowingly have them all installed. Some can be used maliciously, which is why some AV's detect them.
A tool in Ulitmate boot CD - Tight VNC Viewer
https://www.virustotal.com/file/3c66e13d313f9531a5c08692978aec75baf72930908f50004698985402bb8c50/analysis/Threat detected: RemoteAccess:Win32/TightVNC
containerfile://C:\Downloads\UBCD4WinV350.exe
file://C:\Downloads\UBCD4WinV350.exe->(inno#006031)
SigSeq: 0x00001667AC467722
file://C:\Downloads\UBCD4WinV350.exe->(inno#006035)
SigSeq: 0x0000166795FC9E9E
SHA1: C15AE9468E5D13A3ACD8793B15F7D07549335880
https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=RemoteAccess%3aWin32%2fTightVNC
Refog Personal Monitor/keylogger
https://www.virustotal.com/file/a86e6192b11746e13dd9bba88e869cee3e04fb9acb09d50c1944f86d1ef37ae4/analysis/Threat detected: MonitoringTool:Win32/KGBKeylogger
containerfile://C:\Documents and Settings\David\My Documents\DOWNLOADS\refog_setup_free_kl_643.exe
file://C:\Documents and Settings\David\My Documents\DOWNLOADS\refog_setup_free_kl_643.exe->(inno#000001)
SigSeq: 0x00007D78F9AC2FDA
SHA1: 475FDFC60EA7EDAC01D81109C5432D56BE204EE0
https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=MonitoringTool:Win32/KGBKeylogger
Free Download Manager
https://www.virustotal.com/file/9b6c913779e414798187ff88f813709c857f9576ed0423793a4ccd3d83c8e04b/analysis/Threat detected: Adware:Win32/OpenCandy
containerfile://C:\Downloads\fdminst.exe
file://C:\Downloads\fdminst.exe->(inno#000151)->(inno#000006)
SigSeq: 0x0000AB78835F0EDB
SHA1: 0C2ABDD3EE0E099307287548218747AEA4FB3E46
https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware:Win32/OpenCandy0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards