Solved Sites getting redirected, computer froze, driving me nuts

[JD004]

Hi,

I followed all the instructions given in the "8-Step Preliminary instructions". To describe what is going on, basically whenever I go on the web via firefox, and click on links or type in an address I get redirected to a totally different website. It is occurring more and more as time goes by. On top of that, I have seen some websites have their language changed on parts of them (as in, I saw a link on a english website that appeared to be czech).

Also, my computer has frozen a couple of times recently. Freezing has has never occurred before to my knowledge with this current computer. I have ran avast, spybot, malwarebytes, and ccleaner before following the "8-step" thing and it did find things. However, this time around when following the "8 steps" I don't believe anything was found.

Anyways, I will post what was told of me to do and hopefully someone can help me figure out what is going on with my computer. It's driving me nuts.

The GMER log and malwarebytes log will be posted in this post. The DDS logs (DDS.txt and Attach.txt) will be attached:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 19:24:17
Windows 5.1.2600 Service Pack 3
Running: l8jm3ze9.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ugldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB5997C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB5997B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB59980EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5998014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB599770C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB5997C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB599764C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB59976B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB5997D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB59981B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB5997CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB5997E70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB59A4AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB59A48EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB59A4A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP DAB59980
PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP B59A4A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP B59A48EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP B59A0536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP B59A1EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP B59A4ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB92CA360, 0x32DEFD, 0xE8000020]
.rsrc C:\WINDOWS\System32\drivers\afd.sys entry point in ".rsrc" section [0xB5B5EC94]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[576] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 008F000C
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01C8000A
.text C:\WINDOWS\System32\svchost.exe[1304] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 01C7000A
.text C:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1752] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE[5456] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605335 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01092F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01092C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01092CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01092CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [055D2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [055D2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [055D2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [055D2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02942F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02942C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02942CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02942CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs fsh.SYS (File System Guard module/Jetico, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fsh.SYS (File System Guard module/Jetico, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 89983EE4

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\drivers\afd.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
---------------------------------------------------------------------------------------
(MBAM LOG)

Database version: 4107

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/16/2010 4:09:35 PM
mbam-log-2010-05-16 (16-09-35).txt

Scan type: Quick scan
Objects scanned: 141207
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

You're infected with a rootkit.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Please open Notepad
   • Click Start , then Run
   • Type notepad .exe in the Run Box.
5. Now copy/paste the entire content of the codebox below into the Notepad window:
   
   

   TDL::
   C:\WINDOWS\System32\drivers\afd.sys

6. Save the above as CFScript.txt
7. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
   
   
   
   
   
8. After reboot, (in case it asks to reboot), please post the following logs into your next reply:
   • Combofix.txt

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Download HijackThis:
http://free.antivirus.com/hijackthis/
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

 

[JD004]

I'm using XP, so vista issue didn't occur for me.

Anyways, here is the combofix log and the Hijack this log attached.

 

[Broni]

I see, you ran Combofix twice.
I need to see ComboFix2.txt file (located in C directory).
How is redirection?

 

[JD004]

Yeah, I first ran Combofix by clicking on it and let it do its thing, then it made a log. It said it fixed some things.

Then I ran it the second time like you said by putting:

TDL::
C:\WINDOWS\System32\drivers\afd.sys

into the icon and letting it run. It shot out another log named the same thing (guessing the one you have). So I think the first log is overwritten by the second log.

Sorry if I made a mistake. I thought that is what the directions told me to do. First run the program. Then run it a second time with the

TDL::
C:\WINDOWS\System32\drivers\afd.sys
-----------------------------------

Also, what do you mean by the redirection? If you mean the website links being redirected to other sites, I haven't notice them anymore.

Let me know if I need to do anything else or redo some things.

 

[Broni]

If you mean the website links being redirected to other sites, I haven't notice them anymore

Very well


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\windows\system\WININETICMP32.drv


Folder::

Driver::

Registry::

RegLockDel::

SecCenter::
{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

 

[JD004]

So, the log3.txt is the most recent Combofix.txt (changed the name so as it wouldn't get overwritten if I need to rerun it again).

hijackthis2.txt is also the most recent one done afer this post.

 

[Broni]

Looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.

=================================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

========================================================

Disable your antivirus program.
Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

 

[JD004]

I really appriciate your help with this so far. However is there any alternative to using the online scanner? I'm sort of wary of letting a site scan my computer (privacy issues). Is there an alternative program that could do the same thing?

 

[Broni]

I'm not sure what are your worries. Kaspersky scan is just an engine. It doesn't keep your logs.

 

[JD004]

Ok, I did it. My issue is that I'm sure they could keep a log if they wanted one (after all they just gave me one). Also, their certificate expired. Would that scanner be able to see anything personal?

(Again, thanks for the help and let me know whats next ).

 

[JD004]

Also, there website made claim to it as well stating: "The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. While you are waiting for the improved Online Scanner, why not try a free trial of Kaspersky Internet Security 2010, which has everything you need to keep your computer safe."

I'm kind of worried about it. If there claiming there scanner is down, that certificate expired, etc.

 

[Broni]

This happens pretty regularly, when they upgrade their scanner.
How did you run the scanner then?
We won't worry about WeatherBug findings anyway.

=========================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

=========================================================================

Other, that that...


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

 

[Jabela]

I have this same problem but it looks like alot of work so i think ima let it do what it does xD

 

[JD004]

So, I did all you said. The computer seems to be acting fine. I just had a couple of concerns that maybe you could help me with.

One, is any of the information I provided in this thread (in the previous posts, attachements, etc.) contain anything personal or private? Also, do these posts get deleted after a period of time (I think I read somewhere they do)?

Second, to answer your question on how I ran the scanner, there was a prompt that stated the certificate for the program had expired, but I chose to run it anyways. Do you think that is an issue (it was expired, but it was the site that you gave me a link to)? Could you possibly check to see if that was the valid site? Also, should I be concerned at all with that scanner knowing anything personal about my current computer/files?

Third, what is weatherbug?

Anyways, thank you so much for you're help . This site is really helpful and you definitely were a big help for me.

 

[Broni]

@Jabela
You need to start your own topic.

@JD004
I'm glad to hear good news

is any of the information I provided in this thread (in the previous posts, attachements, etc.) contain anything personal or private?

Not really.

do these posts get deleted after a period of time (I think I read somewhere they do)?

No.

Do you think that is an issue (it was expired, but it was the site that you gave me a link to)? Could you possibly check to see if that was the valid site?

It's definitely a valid site. Every person in malware forum goes through very same scan.
Certificates were expired, most likely, because they're updating database.

should I be concerned at all with that scanner knowing anything personal about my current computer/files?

No.

what is weatherbug?

It's a weather monitoring program, which is not even installed on your computer. Those files are simply sitting in "ready to install" section, which came with your computer, when you bought it.
Harmless.

 

[JD004]

Not really.

So, does that mean some things might be revealing? Sorry, I'm paranoid I guess .

Another quick question too. I have an external harddrive that I use to back up my important files. Its pretty much as big or larger than my computers drive and has a good amount of files on it.

I have used it before doing all these fixes to my computer. Also, it was not hooked up to the computer when these fixes were going on (although my thumb drive was). Would there be any chance that the external harddrive has a virus/trojan/rootkit/etc. in it as well? If so, what should I do to fix it?

 

[Broni]

does that mean some things might be revealing?

No, I don't see anything, which would violate your privacy.

As for an external drive, it won't hurt to scan it with your AV program.

 

[JD004]

Ok thanks .

 

[Broni]

Sure thing

 

[JD004]

This is sort of related to this. I recently downloaded a file for a game I play (wasn't illegal, its a mod for the game that the developers are fine with) from a torrent site. Reason I did it was because it was a lot faster than the other download options.

How can I verify that the file I download from the torrent doesn't have anything "extra" added to it (virus, trojan, rootkit)? Is there any way avast or any other program can check? Thanks for any information, as I really don't wan't to have to deal with the above again, lol.

 

[Broni]

Any file downloaded from a questionable source should be manually scanned, even if you have your AV program up and running.
Right click on a file in question and click "Scan (with Avast)".

 

[JD004]

Ok thanks. I give it a scan with avast and malwarebytes just to be sure .

 

[Broni]

You're welcome
If you want to be 200% sure, you can always upload any file here for security check:
http://www.virustotal.com/
or
http://virusscan.jotti.org/en-gb

 

[JD004]

Thanks for those websites, I'll definetly try them out on smaller files when I need to. Problem is, the files I have are 1.8gigs each (2 of them).

I scanned them with malware and avast, but both were password protected (either all or some of the files were). I downloaded it anyways, and when I did it required a password.

The torrent seems to be run by the site itself and was linked directly from the site itself.

I guess I'll just scan my computer tonight with avast to be sure.

Any thoughts?

PS: The file was http://www.realitymod.com/downloads.html

It was from the torrent link. I'm pretty sure I'm fine, but just figured I would get your input .