IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
I run a system scan once a week with Avira. This week it threw up a hidden object when it did the 'Hidden objects search'. I'm pretty sure it found just one hidden object, then it advised me to restart my system and scan again, and it found 2 hidden items on the 2nd scan.
I'm attaching the logfile to my post. Anybody have any suggestions on how to proceed?
Please copy and paste reports for easier viewing and reference. I'll paste it here.
Avira Free Antivirus
Report file date: 22 January 2013 16:47
Scanning for 4704931 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JAMES-PC
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20130122-164322-52C81AA3.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: 22 January 2013 16:47
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting search for hidden objects.
HKEY_USERS\S-1-5-21-1782297335-1938775777-2195318004-1000\Software\Avira\AntiVir Desktop\profDataStr
[NOTE] The registry entry is invisible.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.
The scan of running processes will be started
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '35' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '64' Module(s) have been scanned
Scan process 'chrome.exe' - '100' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '48' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'issch.exe' - '40' Module(s) have been scanned
Scan process 'postgres.exe' - '37' Module(s) have been scanned
Scan process 'postgres.exe' - '37' Module(s) have been scanned
Scan process 'postgres.exe' - '37' Module(s) have been scanned
Scan process 'postgres.exe' - '37' Module(s) have been scanned
Scan process 'postgres.exe' - '47' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '41' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'hpqSRMon.exe' - '30' Module(s) have been scanned
Scan process 'avscan.exe' - '89' Module(s) have been scanned
Scan process 'avcenter.exe' - '82' Module(s) have been scanned
Scan process 'openvpntray.exe' - '45' Module(s) have been scanned
Scan process 'avgnt.exe' - '82' Module(s) have been scanned
Scan process 'flux.exe' - '53' Module(s) have been scanned
Scan process 'DCSHelper.exe' - '28' Module(s) have been scanned
Scan process 'OpenTFTPServerMT.exe' - '23' Module(s) have been scanned
Scan process 'ouc.exe' - '26' Module(s) have been scanned
Scan process 'mbbservice.exe' - '32' Module(s) have been scanned
Scan process 'hsswd.exe' - '36' Module(s) have been scanned
Scan process 'hsssrv.exe' - '36' Module(s) have been scanned
Scan process 'openvpnas.exe' - '44' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
End of the scan: 22 January 2013 17:21
Used time: 34:19 Minute(s)
The scan has been done completely.
0 Scanned directories
1832 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1832 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes
1069687 Objects were scanned with rootkit scan
2 Hidden objects were found
Click on the "Download EXE" button and save the randomly named .exe file to your desktop.
Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.
Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.
If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:
IAT/EAT
Any drive letter other than the primary system drive (which is generally C).
Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.
Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.
Open the ark.txt file and copy and paste the contents of the log here please.
Status
Not open for further replies.
You have insufficient privileges to reply here.
Related Threads
?
?
?
?
?
Tech Support Guy
9.9M posts
859.7K members
Since 1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!