Corrupt.PE@-1

:-[

After installing Freemake Video Converter, my computer has been acting weird such as freezing and other odd things random crashing etc. Then bam I found this:
Antivirus Events

Date Created
2011-04-16 14:21:05
Records count
Date Location Malware Name Action Status
2011-04-16 10:01:05 C:\System Volume Information_restore{7DC0BD25-810A-4646-9B02-25E7BB3740C2}\RP38\A0014125.exe Heur.Corrupt.PE@-1 Detect Success

I can’t open the System Volume Information Folder to see what virustotal.com thinks it is, but this just happened after installing FreeMake Video Converter.

I’m not sure if that software is safe or not, but I need some help. Come somebody please help me?

Can you please PM me a link to where you downloaded the software from so I can check it out?

Thanks.

I’ve ran a combofix and did something to make the blueScreens stop, I downloaded it from that FileHippo.com site. I dunno if FreeMake did it or not. Something was doing something, I dunno I’ve sent the file to you guys like 40 times.

But I’ve also Been getting update errors with your software, it would pop up saying theirs an update then say there was a error then the program its self says its 100% up-to-date.

I really don’t have any idea whats going on, could be just my OS is messed up.

I found this:

4/17/2011 3:52:53 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
4/17/2011 3:19:57 AM, error: System Error [1003] - Error code 000000ca, parameter1 00000004, parameter2 894ae408, parameter3 00000000, parameter4 00000000.

Then

C:\Documents and Settings\Zombie\Desktop\Heur.Corrupt.PE[at]-1 UserItem Quarantine Success

Then

C:\WINDOWS[b]ALCXMNTR.EXE[/b] UserItem Quarantine Success

Then I found out this.

ALCXMNTR.EXE belongs to RealTek and is installed alongside hardware drivers for the Realtek AC97 audio device. I think Comodo is being a bit aggressive here. For many years now, it has not been considered malicious spyware, but there are claims that it is used by Realtek to monitor one’s actions and to gather data about customers.
I really hate being spied on no matter the case I ended my friend ship with RealTek.

This one may very well be another FP. Several threads over at Comodo about this.

The items in System Volume Information, are likely those 2 that it has been cleaning repeatedly. You don’t want to delete those specific entries from that location, nor allow any tool to ever clean that area. Anytime a tool, or you, removes entries from system volume information (system restore cache) it renders system restore points useless. Think of System Restore as a long chain. If you pull select links out of the chain, it is then broken. If you were to try to go to a previous restore point, System Restore would go through all the motions, then at the end, you’d wind up seeing a message similar to ‘System Restore could not complete…’.

The proper way to clear infected points in System Restore, is to flush the restore points like this:

Click Start >> Run - type SYSDM.CPL & press Enter

  • Select the System Restore Tab
  • Tick on the checkbox - “Turn off System Restore on all drives”
    Click Apply This will flush out previous restore points (which contain the infections) and create a new restore point.
  • Then untick the same checkbox & click OK. Windows will then automatically create a new restore point.

Then more of this.

ComboFix removed these.

c:\documents and settings\Zombie\Application Data\inst.exe
c:\documents and settings\Zombie\Application Data\pcouffin.sys

And

Now

I’m

Back

Here
.

Oh yeah, thats it.

What is inst.exe doing on my computer?

inst.exe is a process which is registered as a trojan.

This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. It is a security risk and should be removed from your system.

Inst.exe is a trojan.

why did u use combofix?my dear friend i would like to inform u that combofix should be only used under supervision of experts…we have simpe tools:

i say u better do this:

Download Malwarebytes’ Anti-Malware (aka MBAM): Malwarebytes Free: Free Antivirus 2024 | 100% Free & Easy Install to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.

  • At the end, be sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

  • If an update is found, it will download and installthe latest version.

  • Once the program has loaded, select Perform quick scan, then click Scan.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Be sure that everything is checked, and click Remove Selected.

  • When completed, a log will open in Notepad.

  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes’ Anti-Malware\Logs[b]log-date.txt[/b]

*Download and scan with SUPERAntiSpyware Free for Home Users.download link:

*Double-click SUPERAntiSpyware.exe and use the default settings for installation.

*An icon will be created on your desktop. Double-click that icon to launch the program.

*If asked to update the program definitions, click “Yes”. If not, update the definitions before scanning by selecting “Check for Updates”. (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)

*In the Main Menu, click the Preferences… button.

*Click the Scanning Control tab.

*Under Scanner Options make sure the following are checked (leave all others checked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

*Click the “Home” button to leave the control center screen.

*Back on the main screen, under “Select Scan Type” click Complete Scan.

*On the left, make sure you check [b]C:[/b].

*Click Start Complete Scan > Please be patient while it scans your computer.

*After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click “OK”.

*Make sure everything has a checkmark next to it and click “Next”.

*A notification will appear that “Quarantine and Removal is Complete”. Click “OK” and then click the “Finish” button to return to the main menu.

*If asked if you want to reboot, click “Yes”.

*To retrieve the removal information after reboot, launch SUPERAntispyware again.

*Click Preferences, then click the Statistics/Logs tab.

*Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

*If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

*Please copy and paste the Scan Log results in your next reply.

*Click Close to exit the program.

If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
Download link: