S
seanmichael60
Guest
Recently I was hit with 3 viruses. MSE caught them but one kept coming back. I let Microsoft support take over my computer and after they finished they assured me it was clean. I later found a file on my desktop and I didn't put it there. I deleted it, the short cut and the location it pointed to. I checked my event logs and founf the following entry;
Microsoft Antimalware has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Dofoil.O&threatid=2147653354
Name: TrojanDownloader:Win32/Dofoil.O
ID: 2147653354
Severity: Severe
Category: Trojan Downloader
Path: containerfile:_C:\Documents and Settings\Dell\Application Data\A6AF17.exe;file:_C:\Documents and Settings\Dell\Application Data\A6AF17.exe->(UPX);regkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networks;runkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networks
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
User: NT AUTHORITY\NETWORK SERVICE
Process Name: Unknown
Signature Version: AV: 1.121.908.0, AS: 1.121.908.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
After seeing this I went into the registry and did a search for S-1-5-21-1390067357-1767777339-1801674531-1003 which is part of the above path. There are many entries in the registry. I'm familiar with the registry and editing it. However, I do not make modifications to it unless I know for a fact what I'm doing. Do I need to remove these entries from the registry? In my research I also found in Local Security Settings > Local Policies > User Rights Assignments several entries of the same string under the Security Setting column. Do I need to do any thing with these entries?
Any help will be greatly appreciated.
Continue reading...
Microsoft Antimalware has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Dofoil.O&threatid=2147653354
Name: TrojanDownloader:Win32/Dofoil.O
ID: 2147653354
Severity: Severe
Category: Trojan Downloader
Path: containerfile:_C:\Documents and Settings\Dell\Application Data\A6AF17.exe;file:_C:\Documents and Settings\Dell\Application Data\A6AF17.exe->(UPX);regkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networks;runkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networks
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
User: NT AUTHORITY\NETWORK SERVICE
Process Name: Unknown
Signature Version: AV: 1.121.908.0, AS: 1.121.908.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0
After seeing this I went into the registry and did a search for S-1-5-21-1390067357-1767777339-1801674531-1003 which is part of the above path. There are many entries in the registry. I'm familiar with the registry and editing it. However, I do not make modifications to it unless I know for a fact what I'm doing. Do I need to remove these entries from the registry? In my research I also found in Local Security Settings > Local Policies > User Rights Assignments several entries of the same string under the Security Setting column. Do I need to do any thing with these entries?
Any help will be greatly appreciated.
Continue reading...