Fiskarfred

Member
  • Content Count

    59
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Fiskarfred

  • Rank
    Active Member
  1. I am not sure if I am infected - but lately, I have had trouble connecting to the internet. In particular, I have had trouble connecting my VPN through my wifi. This is usually solved by logging in and out, but not always. I wanted to be safe so I am just wondering if you are detecting anything! I also made a scan with my EAM in addition to the other reports (scan_181009-123225.txt) scan_181009-123225.txt scan_181009-123854.txt FRST.txt Addition.txt
  2. Fiskarfred

    CLOSED Detected worm - need help

    When I opened Windows Explorer, I got the prompt for an unknown publisher to make changes to the computer again under the name Internet Explorer. Note that I had to accept this prompt to open the programs, so I did. When I tried to fix with FRST, it didn't work at first as it said that there was no fixlist.txt even though there clearly was. I tried several times and even put them in a separate folder with nothing else, made new fixlist.txt, but it didn't work. In the process, I had to allow "FRST" to make changes to my computer, after this, the prompts changed from saying "FRST" to "Svchost" again. Svchost promt to make changes is back. I downloaded a new FRST version and it worked. I have attached the result. Finally, after the fix, I took the liberty of running a new EEK and FRST scan and now I got even more alerts than before on EEK. I have attached these logs too. Note that every time I have to open a new program, I have to give "Svchost" permission to make changes to the computer. I have a feeling that every time I have to do this, the worm spreads..? Fixlog.txt scan_180309-183454.txt Addition.txt FRST.txt
  3. Fiskarfred

    CLOSED Detected worm - need help

    Also, I now apparently got 3 important and 14 optional windows updates to install. Could this be the worm in disguise or should I install these updates? It says the important updates are Security updates for Microsoft Visual C++ 2005 Service Pack 1 and are published 2012... I will wait with installing them until I hear what you think.
  4. Fiskarfred

    CLOSED Detected worm - need help

    Weird, now it seems to be back. EEK said that even FRST is affected. I still get the promt to use admin privileges on some programs, it seems. It is almost as if the worm has "revived" itself? Now it asked for admin privileges to open FRST. Also, when I try to open other programs (that actually do need admin privileges), it says that the modules cannot be found. (loadlibrarypythondll not found, then it opens a new "Error"-window showing the way to to a Local\Temp file called python27.dll) FRST.txt Addition.txt scan_180308-224935.txt
  5. Fiskarfred

    CLOSED Detected worm - need help

    When I opened windows explorer to see your reply, I had to allow Svchost to make changes to my computer to open the browser, so I did. While following your instructions I shut down the browser. When opening the browser to attach the log I did not need to give Svchost any permissions to open the browser. I tried to open some other programs and no Svchost promt came up. I even tried opening a program with administrator rights and the program's name came up instead of Svchost (I didn't run the program just in case, though). Should my computer be cured now? If so, is there anything I should look out for (and if I notice it, return here)? Fixlog.txt
  6. When I tried to install a program, the computer said that svchost was created by an unknown publisher that wanted to make changes to my computer. The same applies anytime I try to open any program as an administrator. I scanned C:\windows\svchost.exe and it had a worm. Figured I'd ask you experts for help. Thank you in advance. Addition_06-03-2018 21.33.33.txt FRST_06-03-2018 21.33.33.txt scan_180306-212820.txt
  7. Fiskarfred

    How do I remove this trojan?

    FSS.txt attached. FSS.txt
  8. Fiskarfred

    How do I remove this trojan?

    I followed your instructions but the program failed to start 4 times. Something kept the repair from running according the log ("_Windows_Repair_Log (try 1 - fail)"). I have attached this log in this thread. The log encouraged me to retry the repair in safe mode, which I did, and it succeeded. The program seems to have done several things, all beyond the grasp of my understanding. I have included the two logs that were created from the succeeded repair ("_Windows_Repair_Log" and "Repair_Volume_Shadow_Copy_Service"). With this repair completed, I tried to restart the SFCfix program. It gave me the same results as last time, but it did create a log this time ("SFCFix")! Lastly, I went onto CMD and executed another "sfc /scannow" command. The command prompt still told me that Windows Resource Protection found corrupt files but was unable to fix some of them, and still no log file was found in "%WinDir%\Logs\CBS\CBS.log". What's the next step to finally fix the corrupted files on my computer? Best Wishes. Fiskarfred _Windows_Repair_Log (try 1 - fail).txt _Windows_Repair_Log.txt Repair_Volume_Shadow_Copy_Service.txt SFCFix.txt
  9. Fiskarfred

    How do I remove this trojan?

    Thank you for the link to this tool. It was unable to find a corruption but urged me to show the generated log file to "a helpter", being able to help me further. The SFCfix program didn't generate a log either. Any help with this? I have attached a photo of what the program said.
  10. Fiskarfred

    How do I remove this trojan?

    Thank you for going above and beyond what was asked of you. Reading through one of your articles I came across another problem. I am not sure if this is the right place to ask for help it but doesn't hurt trying. No hard feelings from my part if this does not belong here and you decide to close this thread. When executing a System File Checker tool, "sfc /scannow", in cmd, the command prompt told me that Windows Resource Protection found corrupt files but was unable to fix some of them. It gave me a path to where the log was kept and I went onto Microsoft support hoping to tackle the problem by following their instructions as to "view details of the System File Checker process to find the corrupted file, and then manually replace the corrupted file with a known good copy of the file." According to the command prompt, the log would be found in %WinDir%\Logs\CBS\CBS.log, but when I went to this location (in my case C:\Windows\Logs\CBS\CBS.log), I did not find any logs, only a CBS.txt document which was 729 MB. Was the log file ever created? If so, how do I reach it? If it wasn't, how do I create one? Thank you and best wishes. Fiskarfred PS. I have made sure that I can see hidden files and folders, it was still not there.
  11. Fiskarfred

    How do I remove this trojan?

    I see. Thank you Kevin for all your assistance! Best Wishes. Fiskarfred
  12. Fiskarfred

    How do I remove this trojan?

    After disabling the Emsisoft Online Armor firewall, my internet browsing speeds went up significantly! I reactivated the firewall after confirming this but would it be a safe and sustainable strategy to keep the firewall deactivated, virus-protection wise? Is there any way to reach as fast internet speeds as when I have the firewall deactivated but still be protected?
  13. Fiskarfred

    How do I remove this trojan?

    There is really no noticeable difference since I ran the fixlist. With this in mind, do you suspect there to be any viruses left? If not, do you have any ideas as to why my internet connection is so slow at times, even though the internet speeds for all the other computers in the household (even with the same Ethernet connection) are way faster? (I have cleaned my computer thoroughly and as I've said before it's not a matter of CPU or RAM, it's solely my internet connection which is significantly slow) Thank you for your help.
  14. Fiskarfred

    How do I remove this trojan?

    Fixlog.txt attached. Fixlog.txt
  15. I want to start off by thanking you for having this service, greatly appreciated! Prior Scan I ran an EEK scan a few days ago, it detected three viruses (see log). Before writing this forum post, I ran another scan as I was asked. It found a new virus, but from a program that I haven't touched since before my last scan. Please also note that the primary scan was a full scan and the latter (as you know) was a smart scan. Symptoms My internet connection has been significantly slowed down lately, but my RAM memory and CPU usage isn't as gravely infected. Sometimes (..often..) internet connection is completely cut off. I am sure that the router is not to blame because my other computer (also connected by Ethernet cable) has plenty of internet -- it shouldn't be a problem as we have a fiber broadband. New scans I have attached the logs (including the prior one) in this topic as I was asked. Best Wishes. a2scan_150530-034212.txt Addition.txt FRST.txt Scan_150529-142115 (before I did Emsisoft Forum).txt