Attached Files
-
Attachzip.txt 13.8KB
554 downloads
Edited by Ally, 14 November 2009 - 03:32 PM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] found Trojan.Win32.Pasta.aju!A2 on PC
Started by
Ally
, Nov 14 2009 03:24 PM
-
This topic is locked
7 replies to this topic
#1
Ally
-
- Authentic Member
-
- 200 posts
Authentic Member
Posted 14 November 2009 - 03:24 PM
Register to Remove
#2
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 18 November 2009 - 02:56 PM
Hi Ally,
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
It is possible that the problems that were picked up are due to the number of security programs you are throwing at it. Often, one security program will target another as a potential threat. That's the main reason for the rule of One Anti-Virus, One Firewall, and one real time Anti-Spyware.
However, something could be lurking so lets do a couple things.
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
Then please update and run a scan with Malwarebytes' (you already have it). Please post the results back here.
and finally
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
It is possible that the problems that were picked up are due to the number of security programs you are throwing at it. Often, one security program will target another as a potential threat. That's the main reason for the rule of One Anti-Virus, One Firewall, and one real time Anti-Spyware.
However, something could be lurking so lets do a couple things.
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
Then please update and run a scan with Malwarebytes' (you already have it). Please post the results back here.
and finally
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#3
Ally
-
- Authentic Member
-
- 200 posts
Authentic Member
Posted 18 November 2009 - 04:50 PM
Hi TomK! many thanks for the help,greatly appreciated.I have done the atf and mbytes scan.but when I scanned with ESET it found a win32 trojan but It didnt give me an option to save the log.here is the Mbytes log >Malwarebytes' Anti-Malware 1.41
Database version: 3195
Windows 5.1.2600 Service Pack 3
18/11/2009 21:56:31
mbam-log-2009-11-18 (21-56-31).txt
Scan type: Full Scan (C:\|)
Objects scanned: 202976
Time elapsed: 21 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I have started scanning with ESET again incase I have missed the option to save the logfile.
#4
Ally
-
- Authentic Member
-
- 200 posts
Authentic Member
Posted 18 November 2009 - 04:53 PM
hi,I think I have found the ESET log >ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=127b3ee717f7e84c81f860e0f6818ffe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-18 10:35:57
# local_time=2009-11-18 10:35:57 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1281 16774501 100 100 1132666 32152499 6575 0
# compatibility_mode=8192 67108863 100 0 2076402 2076402 0 0
# scanned=84836
# found=1
# cleaned=0
# scan_time=2056
C:\Program Files\Common Files\Synacast\SynaLive\PPP.dll probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
#5
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 18 November 2009 - 05:22 PM
Ally,
That isn't a virus. It's a password generator that is part of the Synacast program. What is interesting, you obviously have Snyacast but it doesn't show in your add or remove programs in the control panel.
Anyhow, I've found nothing for you to be worried about.
Log looks good
You need to create a new Clean restore point:
Click Start Menu > Run > copy and paste
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.
Remove all previous Restore Points
Click Start Menu > Run > copy and paste
cleanmgr
You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.
Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.
I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein
Also: "How to prevent malware"
by miekiemoes
Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.
That isn't a virus. It's a password generator that is part of the Synacast program. What is interesting, you obviously have Snyacast but it doesn't show in your add or remove programs in the control panel.
Anyhow, I've found nothing for you to be worried about.
Log looks good
You need to create a new Clean restore point:
Click Start Menu > Run > copy and paste
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.
Remove all previous Restore Points
Click Start Menu > Run > copy and paste
cleanmgr
You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.
Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.
I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein
Also: "How to prevent malware"
by miekiemoes
Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#6
Ally
-
- Authentic Member
-
- 200 posts
Authentic Member
Posted 18 November 2009 - 05:56 PM
many thanks for taking the time to check my logs Tom,it is much appreciated.I have followed your instructions and hopefully won't be back here for a very long time!....You guys are saints. thanks Tom.
#7
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 18 November 2009 - 06:01 PM
Ally,
You are very welcome.
Good Luck and Be Well.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#8
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 18 November 2009 - 06:01 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
