Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.
Erefin

Caught a virus - Kaspersky helpless - Redirected via Ucrainian servers + Daemon

Recommended Posts

Dear everyone,

I'm a faithful Kaspersky user since almost 4 years now and nothing bad has happened so far - or at least, whenever my PC caught a Virus/a trojan/ sth. else during the occassional Streaming of series on dubious Websites, Kaspersky detected it and removed it with ease. However, yesterday evening while streaming my PC seemingly caught... something... which Kaspersky can't get rid of:

The 'symptoms':

1. Far greater strain on the battery than usual

2. Kaspersky crashes, reporting bad_module_info. Whenever I do the complete scan it crashes halfway through, saying the same. The Crash "somehow" resumes afterwards, reporting no viruses or other threats have been found...

3. Google and other Websites block my IP adress, in order to protect other users from me

4. When using Chrome (Win10,64bit), my Google is beinng turned into Google.com.ua, i.e. my Internet traffic is redirected via the Ukraine!

5. Opening the Win10 Task-Manager reveals that Edge and Google Chrome use up a ton of working Memory (almost 1GB each), even though I'm barely doing anything

6. The task-manager also Shows that there's aprogram active called 'file picker', several 'COM surrogate's and a VPN-Client that I've never installed...

 

Employed 'solutions':

1. Running Kaspersky's thorough search doesn't find anything

2. Rootkit search won't get beyond 0.1%

3. Windows-Defender didn't detect anything, too (of course...)

4. I've blocked my online-Banking account and everything else

 

What should I do? Would wiping and completely einstalling Windows help? Could I Keep some PDF-files, as I'd really Need them for my master-Thesis? I'm truly desperate and I can't contact my local Kaspersky Support as it's the Weekend.

Cheers

Felix

 

P.s.: I've downloaded the GetSystem Info but it gets opened with a wrong program (MindMaple) and thus can't be executed...

 

 

Edited by Erefin

Share this post


Link to post

Welcome. Please open GetSystemInfo executable with the normal default Windows app.

 Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software.
and do a databases update > reboot, then do a scan.  

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

After that, uninstall any recently installed junk > reboot. 

After that, uninstall any and all junk toolbars > reboot.

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers. 

Remove the junk argument from the target field of the browser shortcut properties. 

Remove any and all junk search providers in all of your browsers.

Then if need be, change your home page, in all of your browsers. 

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319

If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot. 

Any better after that? 

If still no go, please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the second Important topic. There, you will find instructions for GSI and AVZ logs.

Please see the small print that is located at the bottom of this message. 

 

Share this post


Link to post

Dear all,

thanks to you, richbuff, I've seemingly managed to get rid of the (supposedly? I'm not sure how to call it exactly) Virus/Adware/Trojan. I've also employed the AVZ tool and used the GSI- log creating tool, for both of the user accounts I have running on the same PC - this is why I'll post 2 pairs of AVZ and GSI-logs. 

So far, my remaining questions are the following:

1. Do the AVZ-logs and GSI-logs look good/safe? Did all the viruses get deleted permanently (I'm not sure, as for example this line of the AVZ-log makes it Sound as if a Virus had been found but simply got 'reprogrammed': Function kernel32.dll:ReadConsoleInputExA (1123) intercepted, method - ProcAddressHijack.GetProcAddress ->768EB2AE->74390A20)?

2. This infected PC of mine also had a Micro-SD-Card inserted in the back on which I've had the most important data. I've managed to scan it (with anothr PC that had Kaspersky Total Security on it) and to move the most important files (mostly PDF-files) to that other PC - and made a thorough Windows-formatting afterwards (by unticking the 'fast-format' Option that Win10 offers). Now the entire Micro-SD Card has been wiped clean and no data can be found when opening the Card with WinExplorer - however, when going to 'properties', it is reported that 1.25MB of the Micro-SD-Card are already taken up - but I can't tell by what? Chkdsk didn't find anything suspicious. Are These simply two files (as said by chkdsk) that are necessary for the Micro-SD-Card to run properly? Or could they be traces of the Virus?

Gratefully Yours

Felix

P.s: Link to the first GetSystemInfo file: http://www.getsysteminfo.com/read.php?file=b78a9023ceb68adf47a0eca715c2b205

KL_syscure.htm

KL_syscure.zip

Share this post


Link to post

You're welcome. Your logs look clean. Let's get another opinion. 

Please download AdwCleaner and save it on your Desktop.

Right click the file that you saved and Run as administrator, press the Scan button and wait for the scan to complete.

When the scan is complete, the report will be saved in the following location: C:\AdwCleaner\AdwCleaner[S0].Txt

Please attach AdwCleaner[S0].Txt to your next post.

Share this post


Link to post

Then we can conclude that we've resolved that issue. Thank you so much, richbuff, you've really saved me from a lot of worry and a stressful weekend. :-) Cheers and a big 'thank you'once again ~Felix

Share this post


Link to post

It appears as though the Problem hasn't been resolved yet and there's some Virus hidden somewhere:

1.: Google Scholar tells me that my Computer or Network is sending automated queries

2.: I'm now using Google.fr - even though I'm not living there

3.: The security rask Manager found some pretty dubious programs, especially that VPN DAEMON and the Microsoft Photos.exe

How can this be - and what should I do?

Cheers

Felix

Background_programs.PNG

Google Scholar.PNG

Edited by Erefin

Share this post


Link to post

Furthermore, there seems to be something wrong with Kasperksy:

1. It didn't find the Virus beforehand - nor does it now

2. Even though Kasperksy Signals that the scan has been completed, the Windows-Icon says otherwise (see Image)

3. Kaspersky is having 4 Background processes running, even though I'm not actively running the program at the Moment, e.g. with a scan (see Image)

Incomplete Kaspersky..PNG

4 times Kaspersky.PNG

Share this post


Link to post

Uninstall TouchMe by AppsolutelyApps , and you can uninstall Kaspersky Secure Connection, if you are not using it. Uninstall all Chrome extensions if they are not important. Reboot when done. Any better? 

Share this post


Link to post

Dear Richbuff,

your advise seemingly resolved the issue (adwcleaner states so, too). Thank you - once more. Did TouchMe Gestures (a WindowsStore-App and the necessary engine downloaded from the Internet) compromise the security?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×