Follow Up question_ check for vulnerabilties
Hi, this is a follow up question from this:
https://www.experts-exchange.com/questions/27146589/Possible-Security-issues-and-Infections-unnoticed.html
Since that one was already with plenty information, i have decided to take the last recommendations on tools that i should use, and start this new question. I think my issues have pretty much been solved in the first question, but i prefer to take these last extra steps and try some more security tools.
RPGGamergirl recommended to run Kaspersky Online scan, and Combofix, so here i am attaching my Log to combofix, but the Kaspersky Online Scan is not currently available since they are doing some improvements to it (says in their webapge)....
http://usa.kaspersky.com/d
Combofix LOG:
COMBOFIX-Log---A.txt
ComboFix deleted some suspicious files, so thats good, and i am glad that this tool was recommended for my case.
Also RPGGAMERGIRL recommendend me this other tools:
OTL , Gmer and aswmbr
Where could i get those tools securely_and how should i use them?
Thanks a lot.
https://www.experts-exchange.com/questions/27146589/Possible-Security-issues-and-Infections-unnoticed.html
Since that one was already with plenty information, i have decided to take the last recommendations on tools that i should use, and start this new question. I think my issues have pretty much been solved in the first question, but i prefer to take these last extra steps and try some more security tools.
RPGGamergirl recommended to run Kaspersky Online scan, and Combofix, so here i am attaching my Log to combofix, but the Kaspersky Online Scan is not currently available since they are doing some improvements to it (says in their webapge)....
http://usa.kaspersky.com/d
Combofix LOG:
COMBOFIX-Log---A.txt
ComboFix deleted some suspicious files, so thats good, and i am glad that this tool was recommended for my case.
Also RPGGAMERGIRL recommendend me this other tools:
OTL , Gmer and aswmbr
Where could i get those tools securely_and how should i use them?
Thanks a lot.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info Sharma and RPGGAMERGIRL.
I think UPHClean fixed the error. After running it, When i Turned off or rebooted the computer it urned off a little faster i think. But truly i will read more carefull its instructions so i can verify this.
RPGGAMERGIRL, i have followed carefully all your instructions, which i have to say everytime they are very detailed and very easy for me to follow. Thanks for taking that extra effort on being more specific and detailed, is really very helpful.
So i have runned the 3 programs, and i am attaching the 3 Logs, but i have to say something important, i think i have a bigger problem now, because i am almost sure that right after i installed and did the 3 scans of this last programs, my computer started to act EXTREMELY SLOW. It turns off fast, but when i Start my computer or reboot, it takes Way too much time to just log onto the WELCOME SCREEN, and then from there a lot more time to log into windows. And i have to mention that i only made the Scans, never i hit the "fix" button on any of those 3 programs...
I am looking at the task manager and the CPU usage is fluctuating between 25% and 40%, with no program or software running by me...
Under Processes, i have noted that the Process that have the biggest value under MEM USAGE are MsMpEng.exe,, and others, so i am attaching a PRINTSCREEN of my Task manager so is easier to explain...
I think that i am going to try system Restore to undo my system before i runned this 3 security programs (Gmer, aswMBR, and OTL), and see if that is what caused the trouble. Because the whole computer is acting slow, even if i try to open the programs that i use frequently like Photoshop or 3dsMax, it takes too much time to load or even work on them....
So finally, here are the logs:
GMER
Gmer.log
AswMBR
aswMBR.txt
OTL (2 logs)
OTL.Txt
Extras.Txt
So is it possible that any of this 3 programs could have caused these slow behavior on my computer? I will do a system restore and let you know.
Thanks
I think UPHClean fixed the error. After running it, When i Turned off or rebooted the computer it urned off a little faster i think. But truly i will read more carefull its instructions so i can verify this.
RPGGAMERGIRL, i have followed carefully all your instructions, which i have to say everytime they are very detailed and very easy for me to follow. Thanks for taking that extra effort on being more specific and detailed, is really very helpful.
So i have runned the 3 programs, and i am attaching the 3 Logs, but i have to say something important, i think i have a bigger problem now, because i am almost sure that right after i installed and did the 3 scans of this last programs, my computer started to act EXTREMELY SLOW. It turns off fast, but when i Start my computer or reboot, it takes Way too much time to just log onto the WELCOME SCREEN, and then from there a lot more time to log into windows. And i have to mention that i only made the Scans, never i hit the "fix" button on any of those 3 programs...
I am looking at the task manager and the CPU usage is fluctuating between 25% and 40%, with no program or software running by me...
Under Processes, i have noted that the Process that have the biggest value under MEM USAGE are MsMpEng.exe,, and others, so i am attaching a PRINTSCREEN of my Task manager so is easier to explain...
I think that i am going to try system Restore to undo my system before i runned this 3 security programs (Gmer, aswMBR, and OTL), and see if that is what caused the trouble. Because the whole computer is acting slow, even if i try to open the programs that i use frequently like Photoshop or 3dsMax, it takes too much time to load or even work on them....
So finally, here are the logs:
GMER
Gmer.log
AswMBR
aswMBR.txt
OTL (2 logs)
OTL.Txt
Extras.Txt
So is it possible that any of this 3 programs could have caused these slow behavior on my computer? I will do a system restore and let you know.
Thanks
ASKER
And the TaksManager PRINTSCREENS:
(Uploading these 2 attachments was also very slow)
(Uploading these 2 attachments was also very slow)
ASKER
And one more thing, before i installed and runned all this programs i Disabled Microsoft Security Essentials Real Time protection, and now that i wanted to turn it on Again, it took forever, and an error message appeared saying something like "real time protection could not be enabled, it timed out..." then i tried again and it worked...
@ unrinoceronte,
MsMpEng.exe is Microsoft's Windows Defender auto-protect service that is part of Windows Defender.
Windows Defender is now part of Microsoft Security Essentials, and you can uninstall Windows Defender ...its not now needed.
This could be the reason why you're suddenly faced with a high CPU usage figure.
MsMpEng.exe file information:
http://www.file.net/process/msmpeng.exe.html
MsMpEng.exe is Microsoft's Windows Defender auto-protect service that is part of Windows Defender.
Windows Defender is now part of Microsoft Security Essentials, and you can uninstall Windows Defender ...its not now needed.
This could be the reason why you're suddenly faced with a high CPU usage figure.
MsMpEng.exe file information:
http://www.file.net/process/msmpeng.exe.html
That last statement doesn't sound very explicit.
It means Windows Defender is now contained within Microsoft Security Essentials(MSE), and does not need to exist separately.
MSE took a while to re-establish when you enabled it again possibly because of interaction between the two.
It means Windows Defender is now contained within Microsoft Security Essentials(MSE), and does not need to exist separately.
MSE took a while to re-establish when you enabled it again possibly because of interaction between the two.
ASKER
Ok, @AWAWADA: I think you are in the wrong post, excuse me but i think you are referring to someone else or to something else, possible by a mistake you enter in the wrong question, i have never seen your name before, and if i am no wrong your comment is not related to what is happening in my questions.
@Jonvee. I will check on that, about Windows Defender and see if i can uninstall it. In worst case scenario i will uninstall MICROSOFT SE also and install it again.
ONE GOOD NEWS, is that i made a System restore to a point before i installed all this 4 last programs (UPHCLEAN, Gmer, aswMBR, and OTL) and my system is working again as good as before this. So definetely one of this programs was the cause of this problem.
Before i did the System Restore, i tried uninstalling UPHCLEAN, but the problem persisted, that is when i decided to do the System restore. and Voila!..
Ok, so nevermind this problem, still the important thing here is just to check those last LOGS for those 3 security programs that RPGGAMERGIRL asked me to run. I will wait for her cooments on them and close the question.
Thank you.
@Jonvee. I will check on that, about Windows Defender and see if i can uninstall it. In worst case scenario i will uninstall MICROSOFT SE also and install it again.
ONE GOOD NEWS, is that i made a System restore to a point before i installed all this 4 last programs (UPHCLEAN, Gmer, aswMBR, and OTL) and my system is working again as good as before this. So definetely one of this programs was the cause of this problem.
Before i did the System Restore, i tried uninstalling UPHCLEAN, but the problem persisted, that is when i decided to do the System restore. and Voila!..
Ok, so nevermind this problem, still the important thing here is just to check those last LOGS for those 3 security programs that RPGGAMERGIRL asked me to run. I will wait for her cooments on them and close the question.
Thank you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
unrinoceronte, although i'm not yet familiar with a couple of those programs that rpggamergirl gave you, "aswMBR" appears to have successfully removed a rootkit.
i could be wrong, and it would be wise to wait for rpg's confirming comments.
Studying the other two logs at present ...
i could be wrong, and it would be wise to wait for rpg's confirming comments.
Studying the other two logs at present ...
Sorry for the delayed post.
So you already did a System Restore and those 3 programs are no longer installed.
If the slowdown was due to the 3 programs, then UPHCLEAN must've conflicted with one of your programs. UPHCLEAN is the only one of those 3 that installs and creates a service,
Gmer when it's not scanning shouldn't affect the system and OTL is not even installed.
In your task manager processes it's the Firefox and MsMpEng.exe that's using most mem usage and NVIDIA is the one using most cpu. So UPHCLEAN must've conflicted with other programs as by itself it's only using 1,308K mem usage.
So you already did a System Restore and those 3 programs are no longer installed.
If the slowdown was due to the 3 programs, then UPHCLEAN must've conflicted with one of your programs. UPHCLEAN is the only one of those 3 that installs and creates a service,
Gmer when it's not scanning shouldn't affect the system and OTL is not even installed.
In your task manager processes it's the Firefox and MsMpEng.exe that's using most mem usage and NVIDIA is the one using most cpu. So UPHCLEAN must've conflicted with other programs as by itself it's only using 1,308K mem usage.
ASKER
Thanks Jonvee and RPGGamergirl.
I think Windows Defender is no more on my syytem, as i haven´t found it, only that process MsMpEng.exeand i dont know how to remove it.. ....
Good i got a rootkit removed, but the strange thing is that i only selected the Scan option in all those programs... unless it eliminates automatically known bad rootkits?
As for the problem that was corrected by system restore, yes the 3 programs are no longer on my system, altough as you mentioned they do not install, only UPHCLean has an installer. The strange thing is that before i did the System restore yi uninstalled UPHCLEAN amd rebooted, and the problem persisted. Only when i did systyem restore the systme came back to normal.... Do you think is a good idea that i should run again those 3 programs without installing UPHCLEAN? or can you consider that my computer is already clean and malware free?
Please let me know. Anyways i will close this question now because i think my issues are solved now. Thanks you again Sharma, Jonvee and RPGGamergirl for your assistance.
I think Windows Defender is no more on my syytem, as i haven´t found it, only that process MsMpEng.exeand i dont know how to remove it.. ....
Good i got a rootkit removed, but the strange thing is that i only selected the Scan option in all those programs... unless it eliminates automatically known bad rootkits?
As for the problem that was corrected by system restore, yes the 3 programs are no longer on my system, altough as you mentioned they do not install, only UPHCLean has an installer. The strange thing is that before i did the System restore yi uninstalled UPHCLEAN amd rebooted, and the problem persisted. Only when i did systyem restore the systme came back to normal.... Do you think is a good idea that i should run again those 3 programs without installing UPHCLEAN? or can you consider that my computer is already clean and malware free?
Please let me know. Anyways i will close this question now because i think my issues are solved now. Thanks you again Sharma, Jonvee and RPGGamergirl for your assistance.
"Good i got a rootkit removed, but the strange thing is that i only selected the Scan option in all those programs... unless it eliminates automatically known bad rootkits?"
There was no rootkits removed, unless you acted on the aswMBR scan, that also didn't remove anything.
"I think Windows Defender is no more on my syytem, as i haven´t found it, only that process MsMpEng.exeand i dont know how to remove it."
MsMpEng.exe belongs to your antivirus (MSE) you would not want to delete that file, that is the executable that runs your antiivrus service "MsMpSvc".
If the system is now fine then you probably don't need to run those tools again.
There was no rootkits removed, unless you acted on the aswMBR scan, that also didn't remove anything.
"I think Windows Defender is no more on my syytem, as i haven´t found it, only that process MsMpEng.exeand i dont know how to remove it."
MsMpEng.exe belongs to your antivirus (MSE) you would not want to delete that file, that is the executable that runs your antiivrus service "MsMpSvc".
If the system is now fine then you probably don't need to run those tools again.
ASKER
I see , yes i was a little surprised that i got something removed because i didnt press any fix button. Good to know then. Thanks very much RPGGAMERGIRL, as usual your help and assistance is excellent!
From now on i will be very careful regarding security on my PCs, and will run antivirus and antiwalware scans periodically at least once a week to keep them clean. The thing is that since i did not had any extrange behavior, i was not doing any scans for as long as 4 months i think...
Thanks!
From now on i will be very careful regarding security on my PCs, and will run antivirus and antiwalware scans periodically at least once a week to keep them clean. The thing is that since i did not had any extrange behavior, i was not doing any scans for as long as 4 months i think...
Thanks!
As long as the realtime protection of your antivirus/anti-malware is on, a weekly regular scan is not that necessary. I only do a scan if I noticed that something is wrong(PC is noticeably slow etc).
And if I do notice that my PC is acting strange I always use ComboFix first(or other diagnostic tools) instead of my resident antivirus.
Also, if you have MalwareBytes anti-malware installed, when running a scan a Quick scan is all that is needed, full scan is not necessary.
And if I do notice that my PC is acting strange I always use ComboFix first(or other diagnostic tools) instead of my resident antivirus.
Also, if you have MalwareBytes anti-malware installed, when running a scan a Quick scan is all that is needed, full scan is not necessary.
i was obviously wrong in believing that "aswMBR" might have successfully removed a rootkit, so apologies. Realised it as soon as you confirmed you had only selected the Scan option.
So thanks again to rpggamergirl :)
For what it's worth ... on my own computers i now run MSE and an approximately bi-monthly Quick scan with Malwarebytes ... have not been infected for over five years. Good luck...
So thanks again to rpggamergirl :)
For what it's worth ... on my own computers i now run MSE and an approximately bi-monthly Quick scan with Malwarebytes ... have not been infected for over five years. Good luck...
ASKER
Thank you both, i will have that in mind.
Jonvee,
Not to worry, it's easy to misread it since the reports of either just the scan or the Fix looks similar, :)
Disk 0 fixing MBR ...
Disk 0 MBR restored successfully
unrinoceronte,
You're welcome, I didn't really do much here, :)
I noticed that this thread has an excellent rating, I don't see that very often, mostly I see a rating of 9.3
Well done guys!
Not to worry, it's easy to misread it since the reports of either just the scan or the Fix looks similar, :)
Disk 0 fixing MBR ...
Disk 0 MBR restored successfully
unrinoceronte,
You're welcome, I didn't really do much here, :)
I noticed that this thread has an excellent rating, I don't see that very often, mostly I see a rating of 9.3
Well done guys!
ASKER