cpctech

CLOSED Using Techsuite emsisoft finds "Gen:Variant.Graftor.53846 (B)" but can't remove

Recommended Posts

Hi there,

I am having a bit of trouble with this one file that EMSI soft finds but can't remove.  I have tried running various tools in regular and save mode.   I have cleanned up most of the infections but I am stuck on this one.

I have followed the instructions and attached are my first logs.

 

EEKscan_181006-123205.txt

FRST-181006-1236.txt

Addition-181006-1236.txt

Share this post


Link to post
Share on other sites

Redacted logs are not acceptable.  Logs are not to be altered in any manner.  Any altered logs will be rejected as they contain incomplete information about the system, which means I will more than likely miss a piece of information that is critical to fixing the system.  All logs posted in this forum can be accessed only by approved Emsisoft employees.

Share this post


Link to post
Share on other sites

Due to HIPPA and FINRA guidelines I can not publish the redacted information. 

 

Where <REDACTED> is the user folder or user name and is exact.  As far as where that information was redacted it can be replaced on my end with Foo.

I can supply you a log that has the actual user name replaced with John Doe, the validity of the logs will not change, I am just under law compelled to not supply that information in a pulbic forum.

Share this post


Link to post
Share on other sites

If HIPPA and FINRA are the governing laws then you should not be sending anything to us for action.  We cannot legally do anything with those systems since no one here is certified and read-on to handle those systems.

Share this post


Link to post
Share on other sites

SO you do not support business in general and are only end-user support?

 

I see the files that are supplied are not clickable by me, (I was not aware of this before)  My problem is when you submit a fix to run you do not put it in a format where only the intended receipient can read.  thus exposing potentially confidential info to the public.

Example:

C:\Users\lmwhi_000\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncShell.dll -> No File

Is found in this post below.  I can see the username of lmwhi_000 in the case of the above supplied files, the username is not as cryptic and thus any fix posted as in the post linked below would expose my client to the public. (effectively breaking HIPPA and/or FINRA laws.)

https://support.emsisoft.com/topic/29725-genvariantstrictor-3-others-found-by-emsisoft-cant-be-removed-by-emsisoft/

Is there away I can supply  you with the scans and just change username to generic?  This would be the only change and if you needed to supply a fix back I could change the username back to the propper setting prior to running said fix.

 

Thanks,

Share this post


Link to post
Share on other sites

There are limits Enterprise support.  Systems covered by HIPAA, FINRA, and contain sensitive data require an NDA, approved access, and the required certifications necessary by law.  User Account ID is the only thing that would show in the logs and that information is not subject to HIPPA or FINRA.

Loglines that read like

 C:\Users\lmwhi_000\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncShell.dll -> No File 

Sometimes are incorrect, and need to be verified by manually navigating to the file path shown in the log before attempting to fix those items.

Logs posted in the Malware Removal section of our forums are not publicly accessible.  The personnel who can access those are limited to myself and a handful of Emsisoft personnel, currently, that is 7 people.

Share this post


Link to post
Share on other sites

Ok, I am closing up shop for the weekend.  I will get with the customer on Monday and get approval to submit unaltered logs.

Thanks and have a good weekend.

Share this post


Link to post
Share on other sites

If you are worried about anything that I post as a fix then we can handle this via the Private Message system.  That way only the 2 of us would have access to any information exchange between us.

Share this post


Link to post
Share on other sites

In light of AVAST's track record on privacy, CCleaner is not something I would recommend on system contain and/or process sensitive information.  Might want to uninstall CCleaner.  I'm not seeing any malware in the logs.  There are a few things that should be fixed and I will send that in a PM.   In the meantime please send me the scan report that shows the "Gen:Variant.Graftor.53846 (B)" detection.

Share this post


Link to post
Share on other sites

Yes, I understand the CCleaner issue, and I remove it from every system I can convince the owners of the issue they had potentially still being an issue.  It's removed on all my Doctors/medical office clients w/o question.

I'll find a way to get that log to you, it may not be in the original format since it's parced by Techsuite.

 

 

Share this post


Link to post
Share on other sites

I applied the fix you sent and received an error... Please check the message I sent you and let me know if I should create the file FRST recomends.

 

Thanks,

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.