Skip to main content

Persistent virus on virtual memory

Comments

16 comments

  • Support


    Hi @Jack,



    It's possible that it's a false positive and then adaware antivirus will stop finding the threat when the definitions have been changed.



    Please follow the instructions in




     



    P.S. No problem with understanding what you wrote and if you don't understand what I've written (not my native language), please ask.

    0
  • Customer


    Hello @Jack!  Please answer a few questions: 




    • Can you reproduce this detection alert after every Adaware's Full scan?


    • Do you have PostgreSQL installed?


    • Did you run a full scan by Microsoft antivirus tools  with installed Adaware and Panda?


    0
  • Customer


    Thank you for the quick reply,



    i have attached 5 files: 1)the latest adaware scan report, 2)a jpeg image of adaware notification, 3-5) the three files derived from using FRST.



    To answer your questions: 1) The detection alert appears after every adaware scan.



                                                    2) PostgreSQL is not installed (checked registry, program files and program files (x86) folders).



                                                    3) Also, i have run full scans in safe mode with microsoft security essentials, panda, malwarebytes free , microsoft office scan, windows defender offline.



                                                       All showed everything is fine (no infection).



    P.S. I know it is not recommended to have 3 antiviruses installed at the same time but I installed microsoft security essentials to double check panda and adaware.



     


    adaware_Report_Full_Manual_28-4-2018 93940.xml

    Addition.txt

    FRST.txt

    Shortcut.txt

    0
  • Support


    1. It's better to use online antivirus scans instead of installing several antivirus programs, that can lead to BSOD and other types of crashes due to conflicting drivers, and false positives. Therefore it's important to always install adaware antivirus in compatible mode when installed with another antivirus program.



    2. The Firefox add-on Flash Control is not compatible with the latest version of Firefox and should be uninstalled.

    The installed Adobe Flash and Shockwave Player versions are very old and not safe. Please, uninstall and install the latest version if needed (don't turn off automatic update of it).



    3. There are some left-overs of very old Ad-Aware antivirus that might disturb adaware antivirus. You can remove them in this way:



    Please, move the FRST program from the Download folder to the Desktop.



    Start Notepad.

    Copy all text that is in the box:



    CreateRestorePoint:
    CloseProcesses:
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-03-12] (GFI Software)
    R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2018-03-04] (Sunbelt Software)
    Reboot:



    and paste in Notepad. Check that no files have been split on two lines.

    Save the file as fixlist.txt on the desktop.


    Exit all programs.

    Start FRST, please.

    Click the Fix button.

    Wait until the tool has finished.


    It creates a log file, called Fixlog.txt, on the desktop.

    Please, paste the content of that file in your reply.



     



    4. I can't see any threats in the log files of FRST and I'll move this topic to the forum for false positives and let LS Artem handle that problem.

    0
  • Customer


    Thank you again for your reply. Regarding your remarks I have done the following:



    1) There are two antiviruses installed now: Panda and Microsoft Essentials. I will keep Essentials for a while and if there are no infections or alerts I will uninstall it as well.



    Adaware has been uninstalled.



    2)Flash control has been uninstalled. Instead, i have activated Panda Safe Web.



    Adobe flash and Shockwave have been installed with automatic updates on.



    3)I have followed the instructions and attached the relevant file.



    4)I am relieved that it is a false positive.



    Again, thank you.



    Jack


    Fixlog.txt

    0
  • Support


    You're welcome



    1) Panda and Microsoft don't approve that their antivirus programs are installed together. There are risks for conflicts. MS Security Essentials can be replaced by MS Safety Scanner: https://www.microsoft.com/en-us/wdsi/products/scanner



    2) Good



    3) You don't have those two left-overs any more.



    4) Please, wait for a response from Artem.

    0
  • Customer


    Hello!  



    Adaware's scanner found some suspicious activity in your system memory.  The problem is that it couldn't be deleted or terminated because it is a part of some Process that was allowed to run by your system and all antiviruses. It can also be a part of Panda utilities. 



    I can't find any anomalies except too working antivirus services and suspicious CCleaner64.  CCleaner was compromised last year. 



    First of all please send us binary file of CCleaner that is located here " C:\Program Files (x86)\CCleaner\CCleaner64.exe".  



    Clean your %Temp% folder (C:\Users\ADMINI~1\AppData\Local\Temp).



    So please try to uninstall all installed antivirus solutions (leave just license information).  Uninstall all Utilities that were installed with Antivirus.  Reboot your PC. 



    After that you can try to reinstall AdAware and make a new scan. 



     

    0
  • Customer


    I know it is not recommended to keep two antiviruses installed. I will uninstall essentials tomorrow. I have already downloaded and used MS Safety Scanner which reported everything is Ok.



    I am waiting a response from Artem.



    Still, thanks for the help.



     

    0
  • Support



    17 minutes ago, Jack said:




    I cannot attach Ccleaner64.exe because upload fails and a message appears ( There was a problem processing the uploaded file. -200 ). I have also tried to zip it for less space but to no avail.





    It should be possible to upload .zip files, but you can also try to change the file extension to .txt.



    If you're using a file sharing site (Dropbox, Microsoft OneDrive, Google Drive etc.) you can upload the file there and link to it in your reply.

    0
  • Customer


    Hello,



    I cannot attach Ccleaner64.exe because upload fails and a message appears ( There was a problem processing the uploaded file. -200 ). I have also tried to zip it for less space but to no avail.



    Could you please explain that CCleaner was compromised last year ?



    I have just uninstalled Microsoft Essentials. How do I uninstall Panda without losing the license information? (Thus I can install it again).



    I have emptied temp folder.



    Thank you for your reponse



    P.S. I could send the file via email. If this is safe and possible please provide with an email adress.

    0
  • Customer


    File uploaded to dropbox. The link is: https://www.dropbox.com/s/1yu4sdwutco1ct2/CCleaner64.exe?dl=0

    0
  • Customer



    3 hours ago, Jack said:




    Hello,



    I cannot attach Ccleaner64.exe because upload fails and a message appears ( There was a problem processing the uploaded file. -200 ). I have also tried to zip it for less space but to no avail.



    Could you please explain that CCleaner was compromised last year ?



    I have just uninstalled Microsoft Essentials. How do I uninstall Panda without losing the license information? (Thus I can install it again).



    I have emptied temp folder.



    Thank you for your reponse



    P.S. I could send the file via email. If this is safe and possible please provide with an email adress.





    Thank you. 



     It seems your binary file of CCleaner is clean. 



     About CCleaner you can read a note here https://www.ccleaner.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users



    Actually I don't know how Panda license works but the normal way to AV vendors is to provide user's accounts with licenses or store the key in a system for reinstall purpose. Panda's account might be here https://myaccount.pandasecurity.com 



    Also maybe this information can be useful for you https://www.pandasecurity.com/usa/support/andnow/.   If you have activation code - you can reinstall Panda without problems.



    Try to install the latest version of Adaware and do a new scan just to be sure that the problem was in AV conflict.

    0
  • Customer


    Hello again,



    I apologise for my late reply. I followed the instructions above (fully removed all antiviruses, rebooted and installed adaware free with all definition updates and activated it).



    The scan showed no infections (all clean). I attach the files of the scan.



    Moreover, I also executed FRST64 file and attach the relevant files.



    Most likely it was a conflict between Panda and Adaware.



    Thank you again for your help and your patience,



    Jack


    adaware_Report_Full_Manual_30-4-2018 31554 μμ.xml

    Addition.txt

    FRST.txt

    Shortcut.txt

    0
  • Support


    Hi Jack,



    Very good that adaware antivirus no longer finds something potentially bad.



    If you want to continue to use both Panda and adaware antivirus, please uninstall adaware, restart the computer, run the removal tool and restart the computer again before installing Panda, restarting the computer and installing adaware in compatible mode. In compatible mode, adaware won't be running the whole time (no real-time protection) but you can start a scan of the computer with it (turn off Panda's real-time protection during the scan to minimize the risk of false positives and to make the scan faster).

    0
  • Customer



    5 hours ago, Jack said:




    Hello again,



    I apologise for my late reply. I followed the instructions above (fully removed all antiviruses, rebooted and installed adaware free with all definition updates and activated it).



    The scan showed no infections (all clean). I attach the files of the scan.



    Moreover, I also executed FRST64 file and attach the relevant files.



    Most likely it was a conflict between Panda and Adaware.



    Thank you again for your help and your patience,



    Jack



    adaware_Report_Full_Manual_30-4-2018 31554 μμ.xml



    Addition.txt



    FRST.txt






    Shortcut.txt





    Hello @Jack! 



    Glad to help you.  Yes it seems was one of the antivirus components.  If you have another questions please ask. 



     



    Many thanks to @CeciliaB

    0
  • Customer


    Thank you both again,



     I will follow your advice to keep adaware along with Panda.



    Regards,



    Jack

    0

Please sign in to leave a comment.