Virus help

Go down

Virus help

Post by Skywatcher on Tue Oct 04, 2011 5:03 pm

I ran a scan on my laptop, and got the following results:

Scanning Report
04 October 2011 17:03:37 - 17:58:14
Computer name: LAPTOP-VICKIE
Scanning type: Full scan
Target: C:\ + system + rootkits


--------------------------------------------------------------------------------

Result: 20 malware found
Gen:Heur.Bodegun.1 (virus)
C:\Aenea updates\nwncx-0.2.rar\nwncx_disablems.dll
C:\Aenea updates\nwncx_tweaks-0.1.rar\nwncx_tweaks.dll
C:\Aenea updates\nwncx-0.2.rar\nwncx_nwnxbridge.dll
C:\Aenea updates\nwncx-0.2.rar\nwncx_tweaks.dll
C:\Aenea updates\nwncx-0.2.rar\NWNCX_Loader.exe
Backdoor.Generic.672180 (virus)
C:\Aenea updates\nwncx-0.2.rar\nwncx_patch.exe


Rest were tracking cookies which it deleted, but it said it could not delete these 6. Any tips?
avatar
Skywatcher
Pureblooded Aenean
Pureblooded Aenean

Male Number of posts : 540
Age : 60
Location : Cookeville, TN, USA
Main Character : Velvet Stormcaller
Other Character : Skywatcher Stormcaller
Other Character. : Lyann Twiceborn
NWN Username : Skywatcher
. :
Registration date : 2008-08-08

View user profile

Back to top Go down

Re: Virus help

Post by Skywatcher on Tue Oct 04, 2011 5:05 pm

And I also got 17 files not checked?

Files not scanned:
Cannot open file (click here for more info) C:\PAGEFILE.SYS
Cannot open file (click here for more info) C:\HIBERFIL.SYS
Cannot open file (click here for more info) C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\00862350707C81C15A85E3FAC2B9E632CBFF4D2D.HOMEGROUPCLASSIFIER\C7115A835B0C89F761245D0FB1420AF3\GROUPING\DB.MDB
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_add_tiles1.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core0.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core1.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core2.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core3.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core4.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core5.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core6.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_add_phenos1.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_add_phenos2.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_add_phenos3.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_add_phenos4.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_add_phenos5.hak
Cannot open a file in archive C:\Aenea updates\CEP_24_a.rar\hak\cep2_core7.hak
avatar
Skywatcher
Pureblooded Aenean
Pureblooded Aenean

Male Number of posts : 540
Age : 60
Location : Cookeville, TN, USA
Main Character : Velvet Stormcaller
Other Character : Skywatcher Stormcaller
Other Character. : Lyann Twiceborn
NWN Username : Skywatcher
. :
Registration date : 2008-08-08

View user profile

Back to top Go down

Re: Virus help

Post by daveyeisley on Tue Oct 04, 2011 5:44 pm

Well, first question is, what program did you scan with?

Second question is, what OS is the machine running?

Third question is, what prompted the scan? Are you seeing symptoms of odd behavior? (ie. pop-ups or search redirections)


All the files in both lists are related to the NWN Client Extender (NWNCX) or the cep haks, with the exception of these 3 which are windows system files:

Cannot open file (click here for more info) C:\PAGEFILE.SYS
Cannot open file (click here for more info) C:\HIBERFIL.SYS
Cannot open file (click here for more info) C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\00862350707C81C15A85E3FAC2B9E632CBFF4D2D.HOMEGROUPCLASSIFIER\C7115A835B0C89F761245D0FB1420AF3\GROUPING\DB.MDB

So... this leads me to two possible conclusions - one, all the items found are "false positives" meaning they are not really malware, the scanning engine just misidentified them, OR, they were originally safe files, but some sort of polymorphic file infector has "patched" them with malicious code.

By telling me what you scanned with, I will have an idea about false positives. If you can get me MD5 checksums on these, I can compare to my copies of the same files and tell if they have been patched:

Gen:Heur.Bodegun.1 (virus)
C:\Aenea updates\nwncx-0.2.rar\nwncx_disablems.dll
C:\Aenea updates\nwncx_tweaks-0.1.rar\nwncx_tweaks.dll
C:\Aenea updates\nwncx-0.2.rar\nwncx_nwnxbridge.dll
C:\Aenea updates\nwncx-0.2.rar\nwncx_tweaks.dll
C:\Aenea updates\nwncx-0.2.rar\NWNCX_Loader.exe
Backdoor.Generic.672180 (virus)
C:\Aenea updates\nwncx-0.2.rar\nwncx_patch.exe
avatar
daveyeisley
Ludicrous Level
Ludicrous Level

. : Dungeon Master
Male Number of posts : 6911
Age : 41
Location : Watching Aenea from my Inner Sanctum on the surface of Sharlo, Aenea's Silver Moon
Main Character : Dave's List of PCs
NWN Username : Dave Yeisley
DM Name : Dungeon Master Mythgar
Time Zone : GMT - 5:00
. :
Registration date : 2008-06-03

View user profile

Back to top Go down

Re: Virus help

Post by Skywatcher on Tue Oct 04, 2011 6:35 pm

OK, running Windows 7, used F-Secure to run the check, that is my antivirus/firewall/anti spyware program suite, and I am not sure how to get MD5 Checksums on the files, I can send you the size as reported by Windows, will that suffice?

My system seems to be running OK, maybe a little slow, I just noticed I had not set a schedule for regular full scans, so I ran one then set up a schedule...............
avatar
Skywatcher
Pureblooded Aenean
Pureblooded Aenean

Male Number of posts : 540
Age : 60
Location : Cookeville, TN, USA
Main Character : Velvet Stormcaller
Other Character : Skywatcher Stormcaller
Other Character. : Lyann Twiceborn
NWN Username : Skywatcher
. :
Registration date : 2008-08-08

View user profile

Back to top Go down

Re: Virus help

Post by daveyeisley on Wed Oct 05, 2011 9:35 pm

Well, for MD5 checksums, google MD5 to learn a bit about it. You can download a free MD5 generator here.

Simply run the program, click the folder icon, browse to one of the files listed above, click ok, and it will generate an MD5 checksum. Copy the checksum of each file into a post, and I will do the same on my end. It is not a 100% certainty, but it is a good indicator.

Another thing to try would be to download Malwarebytes Antimalware, install it, update it, and run a quick scan (this will scan system files and registry mainly, not the whole drive). Then go the folders that contain the files listed above, right-click the folder(s), and select "scan with Malwarebytes" just to be safe.

For slowness issues, try defragging your hard drive (check out Defraggler - its faster than windows defrag and the interface is more informative). Then clean out your temp files. The TFC utility is very good for this. Then make sure your computer properties (right-click the computer icon on the desktop and select 'properties) is showing the amount of RAM your PC is supposed to have.

If you do those steps you should see some improvement over time. There are other little tweaks you can do with the performance optios and virtual memory, but usually those only help systems that are starved for RAM.

If you arent experiencing behavioral issues, you are probably fine. I understand wanting to be sure, though Smile
avatar
daveyeisley
Ludicrous Level
Ludicrous Level

. : Dungeon Master
Male Number of posts : 6911
Age : 41
Location : Watching Aenea from my Inner Sanctum on the surface of Sharlo, Aenea's Silver Moon
Main Character : Dave's List of PCs
NWN Username : Dave Yeisley
DM Name : Dungeon Master Mythgar
Time Zone : GMT - 5:00
. :
Registration date : 2008-06-03

View user profile

Back to top Go down

Re: Virus help

Post by Ramana Jala on Tue Oct 11, 2011 10:35 am

I'd like to reiterate that it's really important that you are aware of false positives, because some files and programs that you absolutely need to have for some legitimate applications can exhibit virus-like qualities to many anti-malware programs. Legitimate application files that patch other programs, like the Aenea Updater, can totally look like a malware downloader/virus.

I regularly exclude certain areas of my drive, such as Program Files and My Documents, from casual scans, and when I do scan those sections, I give the results a hard look and never automatically delete anything.

Unless you are having malware issues, and really understand what the files are that your antivirus program is labeling as malware, you should use a program that quarantines rather than immediately deletes a suspicious file. I've been subscribed to Spyware Doctor for a while(which does quarantine and I consider well worth the money for many reasons), so I don't remember which others quarantine. That way, if you find that your application, like your game program, doesn't work correctly after you set aside the suspicious files into quarantine, you can reinstate them.

avatar
Ramana Jala
Epic Level
Epic Level

Female Number of posts : 1032
Location : Earth, Sol system, in the Mutter's Spiral galaxy
Main Character : Ramana Domefarar -
Publicly a Ranger, privately an Opportunist.
Lay Follower of Jewel,
Sensate and practitioner of the Way of Pleasure.

Other Character : Ranara Duauth -
A being created by shadow and water, a wizard.
Is actually another persona of Ramana.

Other Character. : Dae, the panther,
companion to both Ramana and Ranara,
and the best real eye-witness to the
strange circumstance of those alternating personae.

Other Character.. : The Personae of Ramana Jala
NWN Username : Ramana Jala
Time Zone : US Eastern Time
Registration date : 2011-08-29

View user profile

Back to top Go down

Re: Virus help

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum