G Skrevet 8. april 2013 Del Skrevet 8. april 2013 (endret) Skaffet meg like godt Hitman Pro. Litt på måfå at valget falt på den. Tenkte å prøve det ut. Anti-malware programmet Hitman Pro fant ingen farlige ting. Derimot fant det heller litt suspekte ting på systemet. 1. Først forsøkte jeg å slette folder: /user/pc-navn/AppData 1.b For å få tilgang til folderen AppData måtte jeg gjøre den unhidden på systemet. 2. Gikk så inn i folderen Google, og ut igjen. Tenkte at den kan jeg forsøke å slette totalt. 2.b Før jeg startet med det, så avinstallert jeg Google Chrome, som forøvrig bokmerkene var begynt smått å feile litt på oppretting av foldere. Så dette hadde jeg uansett tenkt å prøve utføre før reinstallasjon. 2.c Først slettet jeg den totalt med Shift-Del som Windows 7 ikke sa noe på. Jeg fikk lov. Og folderen gjenoppstod ikke fra de døde heller. 3. Hvorpå jeg ETTERPÅ kjører Hitman Pro igjen for ordens skyld. Nå rapporterer den nøyaktig samme filer som i begynnelsen. Som i spoileren under: HitmanPro 3.7.3.193 www.hitmanpro.com Computer name . . . . : n/a Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : n/a..........................\VMadmin UAC . . . . . . . . . : Enabled License . . . . . . . : Paid Scan date . . . . . . : 2013-04-08 17:37:58 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 13 Objects scanned . . . : n/a Files scanned . . . . : n/a Remnants scanned . . : n/a files / n/a keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA8007115980 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA80066E32C0 +0 Solution DriverObject . . . : FFFFFA8007115980 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF88000C074D8 \SystemRoot\system32\drivers\ataport.SYS+29912 Suspicious files ____________________________________________________________ C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\ffmpegsumo.dll Size . . . . . . . : 1,552,848 bytes Age . . . . . . . : 31.4 days (2013-03-08 08:49:45) Entropy . . . . . : 6.9 SHA-256 . . . . . : 2194B00DD9803709EA9EE39D30067DDA361ACFF93779FB1650F99C7DE4D8D238 Fuzzy . . . . . . : 26.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\pdf.dll Size . . . . . . . : 4,050,896 bytes Age . . . . . . . : 31.4 days (2013-03-08 08:49:45) Entropy . . . . . : 7.1 SHA-256 . . . . . : B1EFDB3134079EA842A23A0A5B0EF011577485EB0DB054B4B0F9643D0D8F7D06 Product . . . . . : Chrome PDF Viewer Description . . . : Chrome PDF Viewer Version . . . . . : 1.0.0.1 Copyright . . . . : Copyright (C) 2010 Fuzzy . . . . . . : 25.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\PepperFlash\pepflashplayer.dll Size . . . . . . . : 12,637,136 bytes Age . . . . . . . : 31.4 days (2013-03-08 08:49:45) Entropy . . . . . : 7.0 SHA-256 . . . . . : 80FB1DEF56C69933FA126476973B949E57ED85B8308C5B3D91F31CBABE999935 Fuzzy . . . . . . : 28.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\ppgooglenaclpluginchrome.dll Size . . . . . . . : 459,728 bytes Age . . . . . . . : 31.4 days (2013-03-08 08:49:46) Entropy . . . . . : 6.8 SHA-256 . . . . . : C86EF0DECA958C67536BE4E3C22396FB30EFFEF1DD65A7CC50941E58F224B434 Fuzzy . . . . . . : 26.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll Size . . . . . . . : 1,552,848 bytes Age . . . . . . . : 25.7 days (2013-03-14 00:28:03) Entropy . . . . . : 6.9 SHA-256 . . . . . : 79EA7920A3AEA4853B7385D58E2325C21A9ACE548F6CD4416710AFC9C7126E70 Fuzzy . . . . . . : 26.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll Size . . . . . . . : 4,050,896 bytes Age . . . . . . . : 25.7 days (2013-03-14 00:28:03) Entropy . . . . . : 7.1 SHA-256 . . . . . : 68F84D32563AC9E2DF1F82E159A037E33FA311C74C4CA935A15A53796B06DBFC Product . . . . . : Chrome PDF Viewer Description . . . : Chrome PDF Viewer Version . . . . . : 1.0.0.1 Copyright . . . . : Copyright (C) 2010 Fuzzy . . . . . . : 25.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll Size . . . . . . . : 12,662,224 bytes Age . . . . . . . : 25.7 days (2013-03-14 00:28:03) Entropy . . . . . : 7.0 SHA-256 . . . . . : C960FB4C1C650EE3AC917EB67750C8E8942D0D681F88E54B0CA1DE1F2D1E1CBC Fuzzy . . . . . . : 28.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll Size . . . . . . . : 459,728 bytes Age . . . . . . . : 25.7 days (2013-03-14 00:28:03) Entropy . . . . . : 6.8 SHA-256 . . . . . : 57DDF30598073E258719F089043740DE89586B8CD779608C8463249F25CD1C5E Fuzzy . . . . . . : 26.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\wow_helper.exe Size . . . . . . . : 72,688 bytes Age . . . . . . . : 341.5 days (2012-05-02 05:55:11) Entropy . . . . . : 6.2 SHA-256 . . . . . : F89E1F68C2D037A997F516AF922C1DB48D7551BAFA7AA0FDD8765AF49BB09376 Fuzzy . . . . . . : 26.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll Size . . . . . . . : 12,638,576 bytes Age . . . . . . . : 47.0 days (2013-02-20 18:22:41) Entropy . . . . . : 7.0 SHA-256 . . . . . : 070516225F725DC42553574ADA44725B1FD0150BE8C0CD7877BFC30544D92362 Fuzzy . . . . . . : 28.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateSetup.exe Size . . . . . . . : 774,424 bytes Age . . . . . . . : 47.0 days (2013-02-20 18:21:56) Entropy . . . . . : 7.9 SHA-256 . . . . . : 22C42F37CFAEB43244B0ABDA81754B527388F925BFD91705BBDE8E1D53D49276 Product . . . . . : Google Update Publisher . . . . : Google Inc. Description . . . : Google Update Setup Version . . . . . : 1.3.21.135 Copyright . . . . : Copyright 2007-2010 Google Inc. Fuzzy . . . . . . : 28.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.135\GoogleUpdateSetup.exe Size . . . . . . . : 774,424 bytes Age . . . . . . . : 47.0 days (2013-02-20 18:19:46) Entropy . . . . . : 7.9 SHA-256 . . . . . : 22C42F37CFAEB43244B0ABDA81754B527388F925BFD91705BBDE8E1D53D49276 Product . . . . . : Google Update Publisher . . . . : Google Inc. Description . . . : Google Update Setup Version . . . . . : 1.3.21.135 Copyright . . . . : Copyright 2007-2010 Google Inc. Fuzzy . . . . . . : 28.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. C:\Users\VMadmin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.160_chrome_updater.exe Size . . . . . . . : 5,051,744 bytes Age . . . . . . . : 25.7 days (2013-03-14 00:27:52) Entropy . . . . . : 8.0 SHA-256 . . . . . : 7D279326949F5904605344DC38BE1E9D530214AE4B2819B3BFAB1112AEB282EE Product . . . . . : Google Chrome Publisher . . . . : Google Inc. Description . . . : Google Chrome Version . . . . . : 25.0.1364.172 Copyright . . . . : Copyright 2012 Google Inc. All rights reserved. Fuzzy . . . . . . : 23.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. 4. Jeg valgte å skaffe: CCleaner (crap-cleaner) free Kjørte den. Foretok en registeropprenskning. Det ga ingen forskjell på tredje skann med Hitman Pro i etterkant. 5. Så lot jeg CCleaner rydde alt den kunne rydde i systemet. Resultat av det ble at listen av suspekte i Hitman Pro skann bare vokste seg større. NÅ LURER JEG PÅ: Hvordan arbeider Hitman Pro? Hvorfor vokser listen? LURER OGSÅ PÅ: Hva jeg kan gjøre i Hitman Pro som gjør at den ikke finner disse suspekte filene igjen. For det må vel gå an å rydde det fra systemet slik at Hitman Pro ikke finner disse restene? For hvis ikke det går an å rydde det vekk, så vil jo Hitman Pro bare vokse og vokse i hva den måtte finne på systemet mitt! Det er jo heller ikke hyggelig. Er Hitman Pro et seriøst og ordentlig programvare? Hva kan jeg nå gjøre for å jobbe videre? Endret 8. april 2013 av G Lenke til kommentar
G Skrevet 8. april 2013 Forfatter Del Skrevet 8. april 2013 (endret) Det hører også til historien. AT JEG FORSØKTE bruke Hitman Pro sin innebyggede løsning for å fjerne disse suspekte filene. MEN, det klarte den ikke selv om den ba om å få foreta en reboot! Under reboot kom det # 13 først gang med "fail". Neste forsøk med reboot ga # 14 med "fail". for så å gå inn i Windows som normalt. Endret 8. april 2013 av G Lenke til kommentar
Dr.Geek Skrevet 8. april 2013 Del Skrevet 8. april 2013 Her har vi et typisk eksempel av en bruker som ikke har peiling og går amok med et antivirus-program. Kjære bruker: HitmanPro lister opp totalt legale filer fra GoogleChrome. Ingen grunn til panik, ingen grunn til å slette. Suspekt betyr absolut ikke malware. Lenke til kommentar
G Skrevet 8. april 2013 Forfatter Del Skrevet 8. april 2013 Men det er såkalte Remnants. Altså kunne jeg ønske å bli kvitt disse for framtidige søk. Ønskelig er: 1. Bli kvitt dem fra systemet 2. Reinstallere Google Chrome Og, ja det er sikkert bare varsler, og lite fare bak dem. Men, skal jeg fortsette å måtte bla i den listen for å finne framtidig ekte malware da? Det er idiotisk å ikke få til å rydde det vekk jo før jo heller, når det ikke er i bruk på systemet mitt. Og hva betyr det at du kaller meg: "en bruker som ikke har peiling og går amok med et antivirus-program" ? At jeg har mindre peiling enn andre har jo ingen som helst betydning her. For jeg spør etter hjelp. Og DU feiler med å hjelpe. Så enkelt er det! Lenke til kommentar
G Skrevet 8. april 2013 Forfatter Del Skrevet 8. april 2013 Screenshots av spesiellt Settings-delen av programmet: https://www.diskusjon.no/index.php?showtopic=1499823 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå