Windows Virus newdev.exe???
Solved
Lilipi
Posted messages
10
Status
Member
-
Lilipi Posted messages 10 Status Member -
Lilipi Posted messages 10 Status Member -
Hello,
Let me explain.
I have a PC with a dual boot of Ubuntu and Windows 7.
For a few hours now, when I boot my PC into Windows, it is extremely slow, so much so that I can't do anything!!! (it takes more than 20 minutes to load the desktop icons ...)
It took over 45 minutes to shut down ...
Anyway, I can no longer use Windows at the moment.
So I booted into Ubuntu where I don't seem to have any problems.
I downloaded ClamTK and scanned my System32 folder.
Here are the results:
/Windows/System32/newdev.exe
status: Win.Trojan.Agent-213258
My question is, is this a false positive?? If not, what should I do? Should I quarantine the file??
Do you have any idea how to solve this slowdown problem ...???? (considering that I can't boot into Windows right now ....)
Thank you in advance!
Configuration: Linux / Firefox 19.0
Let me explain.
I have a PC with a dual boot of Ubuntu and Windows 7.
For a few hours now, when I boot my PC into Windows, it is extremely slow, so much so that I can't do anything!!! (it takes more than 20 minutes to load the desktop icons ...)
It took over 45 minutes to shut down ...
Anyway, I can no longer use Windows at the moment.
So I booted into Ubuntu where I don't seem to have any problems.
I downloaded ClamTK and scanned my System32 folder.
Here are the results:
/Windows/System32/newdev.exe
status: Win.Trojan.Agent-213258
My question is, is this a false positive?? If not, what should I do? Should I quarantine the file??
Do you have any idea how to solve this slowdown problem ...???? (considering that I can't boot into Windows right now ....)
Thank you in advance!
Configuration: Linux / Firefox 19.0
9 answers
Hi,
It looks like malware, yes.
Download http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner (from Xplode) on your desktop.
Run it, click on [Delete] and wait for the scan to finish (No need to do a Search beforehand).
Once the scan is complete, a report will open. Post the content of the report in your next reply by copy/pasting.
If that doesn't work, use the site http://pjjoint.malekal.com to host the report, give the link to the report in a new message.
Note: The report is also saved under C:\AdwCleaner[S1].txt
then:
Do an OTL scan to diagnose the running programs and detect infections:
You can follow the instructions on this page to help you: https://www.malekal.com/tutorial-otl/
* Download http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ on your desktop.
(If you're using Vista/Win7, you must right-click on OTL and choose Run as administrator)
In the case of Avast!, do not run the program in the Sandbox (see the help link above).
* Launch OTL
* At the top right of Quick Analysis, check "all users"
* On OTL, under Customization, copy-paste the script below:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Click on the Analyze button.
DO NOT COPY/PASTE THE REPORT HERE - PROVIDE THE PJJOINT LINK
* When the scan is finished, use the site http://pjjoint.malekal.com/ to send the OTL.txt report (and Extra.txt if present), give the PJJOINT links pointing to these reports here in a new message.
DO NOT COPY/PASTE THE REPORT HERE - PROVIDE THE PJJOINT LINK
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left.
It looks like malware, yes.
Download http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner (from Xplode) on your desktop.
Run it, click on [Delete] and wait for the scan to finish (No need to do a Search beforehand).
Once the scan is complete, a report will open. Post the content of the report in your next reply by copy/pasting.
If that doesn't work, use the site http://pjjoint.malekal.com to host the report, give the link to the report in a new message.
Note: The report is also saved under C:\AdwCleaner[S1].txt
then:
Do an OTL scan to diagnose the running programs and detect infections:
You can follow the instructions on this page to help you: https://www.malekal.com/tutorial-otl/
* Download http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ on your desktop.
(If you're using Vista/Win7, you must right-click on OTL and choose Run as administrator)
In the case of Avast!, do not run the program in the Sandbox (see the help link above).
* Launch OTL
* At the top right of Quick Analysis, check "all users"
* On OTL, under Customization, copy-paste the script below:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Click on the Analyze button.
DO NOT COPY/PASTE THE REPORT HERE - PROVIDE THE PJJOINT LINK
* When the scan is finished, use the site http://pjjoint.malekal.com/ to send the OTL.txt report (and Extra.txt if present), give the PJJOINT links pointing to these reports here in a new message.
DO NOT COPY/PASTE THE REPORT HERE - PROVIDE THE PJJOINT LINK
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left.