Why are there THREE ESET logs? Two of them run on Sept. 20th
2012-09-20 03:05:59 (-0600, Central Daylight Time)
Scanned =128228 files
That found 6 threats and cleaned 0
and then another run at
2012-09-20 07:58:08 (-0600, Central Daylight Time)
Scanned =13564 Was this scan done on some external drive or something???
That found 0 threats and cleaned 0
and then the third one run TODAY
2012-10-02 12:16:36 (-0600, Central Daylight Time)
Scanned=127110 files
Found=5 threats
Cleaned=5
Now I have to be very honest here, one of us has to be.
The fact that two of these logs show that ESET scans were run on the 20th, two days BEFORE you returned here after your original post and you didn't tell me that you had run this when you returned after two weeks is bad enough, but the fact that I asked you yesterday to run it and you did not have the common courtesy to tell me that you had run it 12 days earlier really is extremely annoying. In order to give correct assistance helpers need all information. I have not received all information throughout this thread.
Another thing:
4 of the files found in the first run, and unable to remove and then 4 files found today, and removed this time, are the same files. These files were OTL Quarantined Files.
WHEN did you run OTL and WHO told you to run OTL?? It had to have been run BEFORE Sept.20th because the OTL Quarantine would not have been present at that time without the program having been run. OTL is a very powerful tool, one that should only be run if told to run it by an Expert trained on OTL use and who has told you to run it. It is not a tool one should run on their own unless they have been trained to run it. Have you been trained to run it? Improper use can result in data loss, or an unbootable system.
So there are TWO programs that I know of now that you ran but neglected to tell me and I now I don't know how many others you neglected to mention.
Two of the files found in the first scan and not removed, were not present when the scan was done yesterday. How were those two removed? What program was used to remove them? They would not have "dropped off" the computer on their own unless they were temporary files and you had emptied temporary files. The location of these files were
C:\Documents and Settings\Aggrofemme\My Documents\
C:\WINDOWS\Installer\
Obviously not temporary files. So they had to have been removed by "something"
The one other file found and removed by the scan yesterday was entirely different than the ones found on the earlier scan so that infection cannot be blamed on your friend because it had to come onto the computer AFTER September 20th. Had it been on the computer on the 20th then it would have been found by that ESET scan on the 20th, but it was not so it wasn't there on that date.
This was an infected install file for the downloaded program GraboidVideo. It would NOT have downloaded onto the computer by itself, it had to have been manually downloaded by somebody actually using the computer after September 20th.
Now several things have caused me great concern throughout this thread. One I have already told you, you have not been sticking with this which is vital when cleaning an infected computer.
You made your first post, posted logs and then left for 18 days. You said you were out of town and away from the computer, I took you at your word. However now I know you weren't away from the computer for 18 days because you ran ESET twice 16 days later but didn't come back here for two more days and neglected to mention the running of ESET.
I gave you the next instructions on the 23rd and you didn't come back until the 27th. I gave you instructions and you returned on the 28th and said,Well I know now that wasn't true, you did run at least two ESET scans on the 20th and "sometime" before the 20th you ran OTL AND had it Quarantine those 4 files. So you are not being honest with me at all. You obviously didn't remove it correctly because it removes it's Quarantine file when the program is removed. It is NOT a program you keep on the computer. Anytime it is used on a computer a new copy must be downloaded, and it is not a program you save for use later on another computer, a new copy must be used because the program is updated frequently.I just haven't had time at home to run the scans and get the logs posted. I will do so tomorrow.
The other thing that really concerns me that you said is this:
which "implies" that you have the knowledge to work on other peoples computers. Yet on your very own computer when trying to clean off multiple infections supposedly caused by your friend you have done the following using some instructions you say you got from some "hijack website", what exactly IS this "hijack website"?I work on computers from home and it's very important that I keep my cleaners uptodate and run them.
If you do work cleaning other people's computers then you would have known, long ago that HiJackThis had it's last stable release in 2010, that Trend Micro ceased development when it couldn't be used on Vista or Windows 7 because it cannot read those two operating systems and no longer can flag possible infected files. There are no reputable computer help forums that have recommended its usage for well over two years.
There is NO web site for the program Hijack This. It is no longer being developed and was relased by Trend Micro to open source. They are no longer associated with it and I know absolutely that Trend Micro would not have recommended some of the steps you have taken on this computer.
So on your own personal computer you have used two Junk programs, Rising PCDoctor, Advanced system care 5, which certainly is well known for being junk and causing damage on computers for several years. You had AVG Anti-Rootkit Free which hasn't been available OR updated since the release of AVG 9 in 2009. Though your system was installed in 2010, meaning you put a year old non-updated program on your computer. You said you keep your cleaners up to date, you could not have updated this program because updates stopped one year prior to the install of your system.
You said you did scans with THREE onboard anti-virus programs, two of them showed in your DDS log, ZoneAlarm Antivirus and Microsoft Security Essentials and you say you scanned with AVAST which also had to have been installed in order to do a scan, so at sometime you had to have install it. If you do cleanup work on other people's computers then you should have know that the #1 rule is NEVER run more than One onboard anti-virus program on a computer. You obviously did not know this.
Though there is NO evidence in the logs whatsoever of AVAST having been on the system going back to June5th. Even if you had installed it and then removed it, it should have shown in the logs someplace and it does not. So either it was never installed or your system files are damaged enough that DDS Scanner will not give a correct picture. There is NO portable version of AVAST either and the only Online Avast scanner is a single file scanner not a scanner like ESET or BitDefender.
If you work on cleanups on other people's computers two of the key programs, recommended at virtually every reputable computer help site, that should be used are Malwarebytes' Anti-Malware (MBA-M) and SUPERAntispyware, yet you didn't even know how to find the scan logs in either program and both are key for use in doing removals, even on your own computer. Both programs show users where the logs are right on the Front Page of the programs, yet I had to give you instructions on how to find them.
Frankly, I think this thread has gone on long enough. You have not been honest with me, you have not been forthcoming fully as to what you have done and you have not stayed with this but continued to do one post a day or every couple days, despite the fact that I have asked you to stay with this in rapid fashion.
Using the junk programs, using OTL without being told to do so and the fact that a new infected file was found that had to have been downloaded to the computer AFTER Sept. 20th shows also that you have not been really only working to clean the computer, says to me that your best option may be to take the computer to a shop and let them clean it.
Reply With Quote