Page 1 of 1 [ 2 posts ] 

Aspiegaming
Veteran
Veteran

User avatar

Joined: 11 Sep 2012
Age: 32
Gender: Male
Posts: 3,044
Location: Hagerstown, MD

01 Aug 2013, 9:37 pm

My latest scan detected at least 35 infected files.
30 of which were not removed.
I don't want to open them since I have no idea what is inside.
I can't delete them because someone or something else is using them.
I got nothing on how to deal with this.

They are mostly Directory Type Files with a low threat level.
Here are some common ones.

UsrClass.dat
UsrClass.dat.LOG
ntuser.dat.LOG
NTUSER.DAT

They infiltrated my computer's settings and application data and they're everywhere.

This one was listed twice for some reason.

C:\pagefile.sys

These were in my AVG files

quarantinedList.zip
quarantinedList.zip.bak
avg-8b763014-2cbe-407a-b567-9c4a8099d866.tmp

These were in my config folder.
SAM
SAM.LOG
SECURITY.LOG
SYSTEM
SOFTWARE
DEFAULT
SECURITY
default.LOG
software.LOG
system.LOG

These two were in a CatRoot2 folder
edb.log
tmp.edb

And lastly, this one.
ISWSHEX.swl

This might explain why I'm only getting one hour or less of activity per start-up and my computer speed going back and forth between 45 and 90Mbps.
If you have any solutions, I'd like to hear them.
Thank You.


_________________
I am sick, and in so being I am the healthy one.

If my darkness or eccentricness offends you, I don't really care.

I will not apologize for being me.


nopenope
Blue Jay
Blue Jay

User avatar

Joined: 10 Jun 2013
Age: 49
Gender: Male
Posts: 79

01 Aug 2013, 11:36 pm

I don't know what software you are scanning with nor even on what version of windows, but here we go:

Aspiegaming wrote:

UsrClass.dat
UsrClass.dat.LOG
ntuser.dat.LOG
NTUSER.DAT


the .dat are registry databases, or more likely files that are masquerading as registry files as the extentions are wrong. The .log files should be logs. A legitimate antivirus tool should never offer to delete these but instead clean them.


Aspiegaming wrote:

C:\pagefile.sys



This is your virtual memory. Either you have a virus currently running or you have a false positive. A legitimate antivirus tool should never offer to delete this as a simple reboot (not hibernate) will wipe this.

Aspiegaming wrote:


These were in my AVG files

quarantinedList.zip
quarantinedList.zip.bak
avg-8b763014-2cbe-407a-b567-9c4a8099d866.tmp


Previously quarantined files. I assume you are not using AVG as AVG will not alert on it's own quarantine.

Aspiegaming wrote:

These were in my config folder.
SAM
SAM.LOG
SECURITY.LOG
SYSTEM
SOFTWARE
DEFAULT
SECURITY
default.LOG
software.LOG
system.LOG

These two were in a CatRoot2 folder
edb.log
tmp.edb

And lastly, this one.
ISWSHEX.swl


These are all normal files and legitimate antivirus will not offer to delete them, only clean.

Aspiegaming wrote:

This might explain why I'm only getting one hour or less of activity per start-up and my computer speed going back and forth between 45 and 90Mbps.
If you have any solutions, I'd like to hear them.
Thank You.


You either have a very heavily virused system or a fraudulent antivirus program. The ONLY solution is to back up all of your data, Format the drive, reinstall windows, turn on microsoft update, install ALL the updates including Microsoft Security Essentials (do not use any other AV), install Malwarebytes, plug in your backup disk and scan it for viruses with BOTH MSE and Malwarebytes, then copy the data back.