I don't understand

[i] I’m overall pretty intelligent… seems, except when it comes to the inner workings of how a pc operates ???. . . and some programs.

I have problems with my pc. I *know this. 88) browser flashing, script errors, the cursor disappearing when I’m typing, a file open which I never go NEAR (Configuring Routers and Firewalls in EA whitepapers) and no one else uses this pc. I have System Mechanic Professional v. 11 which tells me there’s a potential unwanted program but doesn’t reveal what it is. (I’m thinking it’s touching on the problem but can’t bring it forward… or something.) Anyway.

I found this program (CCE) as an Editor’s Choice in .cnet. :-TU I trust their reviews and the program description said it was deeper and more capable than others, so I downloaded it and ran it with MBR activated. It picked up[/i] [font=Verdana] Heur.Corrupt.PE@4294967295. [i] I do understand ‘Delete’ ‘Restore’ and ‘Clear All’.

:embarassed: What I don’t understand is how to upload this result to one of those 3 places that one post says to upload to. When I go to upload it the only file I can find is a text file which isn’t the virus, if it is a virus… as there seems to be debate on that front on the web. Sooo…

how can I upload this discovery to finalize what it is and what to do with it? :o Oh… there’s also a Modified Host file that comes up too.

After the scan I clicked on Apply for the actions of Clean and Repair… let it reboot to find those operations failed. I was in Quick Repair in Killswitch, and found the Modified Host thing listed there too as ‘Changed’, clicked Repair and it won’t repair there either. :frowning:

My sincere appreciation to any and all who can help. ;D [/i]

Can you please post a screenshot of the CCE results?
Also, it would be helpful if you could post a screenshot of what is in the folder where CCE says the malware is.

For a more in-depth look into this can you please follow the advice I give in my article about How to Know If Your Computer Is Infected and let me know what you find?

Thanks.

[i]Here’s what I think you’re saying… ((and there are 2 entries in that one screen cuz I tried a posted solution using the command prompt scf/ scannow possibility [I think that’s what it was| which only confirmed there are things in this pc that even it couldn’t fix :())[/i]

[attachment deleted by admin]

Can you drag the location column so I can see the file extension and post a screenshot of that? If so then it appears to be the same file. However, this may be a false positive.

Please report it as a false positive here. Comodo staff will analyze the file and get back to you as to whether it’s actually dangerous or not.

Thanks.

The result colums… dragged :slight_smile: (this one, right?) and. . . . report what? Do I send the .dat file? Which file?

[attachment deleted by admin]

Yes, upload the .dat file to this site as a false positive.

Also, did you follow my advice here yet:

It’s like… it *knows… No success in uploading the file, it’ll be like that (uploading…) for HOURS. I do understand ‘depending on file size’. This is wireless and how big can 73 kb be? I will continue with the other steps.

[attachment deleted by admin]

since you are having problems with the submission site you can upload the file to virustotal or valkyrie then create a new topic here with the results url.

As soon as I started the scan on VT… my IE10 stopped working. :o
So, I had to find it again and run it.

Here’s the results from the scan: 8)

(There are 7 out of *45 listings… the mfc45 number doesn’t correlate in any way, does it?? Am I to expect 38 more virus problems? Are all of these listings different names for the same thing… or 7 different things?)

Which specific thread, in that link???

VirusTotal

SHA256: fd2432803a16c6dad16f86b29d19c240841f7080daed48cc71487a81ea8d77d4
SHA1: 86aa7a516cd9c792f276101c52db2a0492a30815
MD5: 9e874fc02c234b3fb65134dc1f8dcf2c
File size: 73.0 KB ( 74703 bytes )
File name: mfc45.dat
File type: Win32 EXE
Detection ratio: 7 / 45
Analysis date: 2013-03-18 18:45:31 UTC ( 3 minutes ago )

Less details
Analysis

Additional information
Comments
Votes

Antivirus

Result

Update

Agnitum Suspicious!SA 20130318
AhnLab-V3 - 20130318
AntiVir - 20130318
Antiy-AVL - 20130317
Avast - 20130318
AVG - 20130318
BitDefender - 20130318
ByteHero - 20130318
CAT-QuickHeal - 20130318
ClamAV - 20130318
Commtouch - 20130318
Comodo Heur.Corrupt.PE 20130318
DrWeb - 20130318
Emsisoft - 20130318
eSafe - 20130313
ESET-NOD32 - 20130318
F-Prot W32/Damaged_File.gen!Eldorado 20130318
F-Secure - 20130318
Fortinet - 20130318
GData - 20130318
Ikarus - 20130318
Jiangmin - 20130318
K7AntiVirus - 20130318
Kaspersky - 20130318
Kingsoft - 20130318
Malwarebytes - 20130318
McAfee - 20130318
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C!83 20130318
Microsoft - 20130318
MicroWorld-eScan - 20130318
NANO-Antivirus - 20130318
Norman Suspicious_Gen4.CBYFH 20130317
nProtect - 20130318
Panda - 20130318
PCTools - 20130315
Sophos - 20130318
SUPERAntiSpyware - 20130318
Symantec - 20130318
TheHacker W32/Behav-Heuristic-CorruptFile-EP 20130318
TotalDefense - 20130318
TrendMicro - 20130318
TrendMicro-HouseCall - 20130318
VBA32 - 20130318
VIPRE Corrupted File (v) 20130318
ViRobot - 20130318

~

and the result of the Kaspersky TDSSKiller scan. I did it in Safe Mode and not just to see if there might be a difference.

*“There are no items to show” in Autoruns and Killswitch after following the 'Hide Safe - ’ direction in that article, in both.

What next??

[attachment deleted by admin]

i will report the file for you

EDIT: i reported it for you here

Please try putting the file in question in a zip file. Then make a new post here and attach the zip file to that post.

did that… waiting. :-\

I submitted it as a false positive through the online form. They sent me an email saying the false positive was fixed.

Is it fixed on your computer?

I don’t know… :embarassed: I’ve still been trying to get this unit to function, such as a system restore to 4 days ago. What does ‘fixing a false positive’ mean? If it’s not real, what is there to ‘fix’?

I don’t know what was in that file or if it’s even related but I’ve been having odd problems with EA files. Yesterday I couldn’t load a game I’ve been working on, come to find there was no saved games, like there were before. Now I have found the saved games, whether it be by the ‘fixed false positive’ or something else, the game launcher won’t load and comes up with an error… of which type has never happened before and I uninstalled/reinstalled it late last night. I know, you’re not EA and it’s not your problem. I’m just saying…

I don’t know if it’s ‘fixed’.

P.S. Thank all for the help. :slight_smile:

This means that Comodo was incorrectly flagging the file as dangerous. They have fixed this error and should no longer be detecting the file. This is a common problem with all detection based software.

Please try following the advice I give in this section of my article about How to Fix a Malware Infected Computer in order to use Windows Repair Kit to hopefully fix most of the issues you are having.

Also, if you haven’t already, please follow the advice I give in my article about How to Know If Your Computer Is Infected and let us know what you find.

Thanks.

:frowning: All but one. . of the many… .PACKAGE files in the Sims 3 game files are now GONE. (Kinda makes me wonder… why was that single file left?)

Whatever fixed whatever that was… ??? it fixed the game but good. [EDIT: I’ve been having nothing but *Trouble getting into it physically since ‘the fix’ as the system restore historically and by common sense wouldn’t have touched the majority of them as they’ve been on the system for at least a month, or longer in some cases.]

There are instances, still… when I go to type or paste something (not here tho’, yet) and it instantly vanishes.

Your last reply didn’t show up as new, up top, when I just logged in even though there was a ‘NEW’ box at the end of my thread title. Weird.

I’ll look through the posts you mention… :slight_smile:

[EDIT: I’m beginning to think I’ve been had… One of the articles says to un-reinstall the security protocols (so to speak). Is there no way to uninstall CCE?? There’s nothing in the program folder, nothing in the Windows uninstaller and nothing in the SMP11 native uninstaller. The only other option is to delete it piece by piece, but I know I won’t get everything doing that! CCE can be considered pc security.]

[EDIT: I already went through the second article and posted results in this thread (March 18 12:07 post)]

[EDIT: Please pardon my rant… just *Very frustrated at this… occurrence.]

What exactly are you observing? What is flashing under what conditions? What browser are you using? Does it happen on all sites or only specific ones or does it happen on pages with Flash objects? Etc.

Without a proper description we have no way of determining what could be happening. It could be a problem with a graphics driver for example.

script errors,
I assume you are referring to Javascript errors reported by your browser. All web pages have script errors; it seems that people who write web sites don't know how properly code. Anyway, javascript errors on what pages tells nothing about your system but only about the shoddy javascript coding by web pages.
the cursor disappearing when I'm typing,
In what program does this happen? Iirc in Microsofot Word you can disable or enable the cursor when typing.
a file open which I never go NEAR (Configuring Routers and Firewalls in EA whitepapers) and no one else uses this pc.
Does it open each time you start your pc or was this a one of occurrance.
I have System Mechanic Professional v. 11 which tells me there's a potential unwanted program but doesn't reveal what it is. (I'm thinking it's touching on the problem but can't bring it forward.. or something.) Anyway.
I am not familiar with System Mechanic Pro. Did you check their forums to see if other users witnessed this phenomenon and did they come up with an analysis of what it indicates? May be a glitch in SMP?
I found this program (CCE) as an Editor's Choice in .cnet. :-TU I trust their reviews and the program description said it was deeper and more capable than others, so I downloaded it and ran it with MBR activated. It picked up[/i] [font=Verdana] [b]Heur.Corrupt.PE[at]4294967295[/b]. [i] I do understand 'Delete' 'Restore' and 'Clear All'.

:embarassed: What I don’t understand is how to upload this result to one of those 3 places that one post says to upload to. When I go to upload it the only file I can find is a text file which isn’t the virus, if it is a virus… as there seems to be debate on that front on the web. Sooo…

how can I upload this discovery to finalize what it is and what to do with it? :o Oh… there’s also a Modified Host file that comes up too.

After the scan I clicked on Apply for the actions of Clean and Repair… let it reboot to find those operations failed. I was in Quick Repair in Killswitch, and found the Modified Host thing listed there too as ‘Changed’, clicked Repair and it won’t repair there either. :frowning:

My sincere appreciation to any and all who can help. ;D [/i]

A changed hosts file is not necessary alarming as it can be changed f.e. to block ads or other unwanted web pages. Spybot Search and Destroy f.e. can adapt hosts file to help blocking ads. It also can get changed by malware to prevent you from accessing certain sites.

Start with manually resetting your hosts file to a standard hosts file following this MS KB article.

To comment on the TDSS Killer scan. The first file is most likely a driver from a utility for a Belkin router. I assume you use a Belkin router.

Can you upload the file belonging to the second result (Forged File) to Virus Total and tell in what folder the file can be found?

Since it is not a problem anymore its best not to focus on it unless it reoccurs. This is to prevent us from diverting too much.

There are instances, still.. when I go to type or paste something (not here tho', yet) and it instantly vanishes.
Does this happen in specific programs or across programs?

Is System Mechanic running in the background? I am not familiar with what it does. What does it do? I once used a free version which could be used to clean registry and unneeded files. Does the Pro version clean such things in the background?

Has this problem been reported at the System Mechanic forums?

Your last reply didn't show up as new, up top, when I just logged in even though there was a 'NEW' box at the end of my thread title. Weird.
That would mean there were more recent replies to other topics you are participated in.
I'll look through the posts you mention.. :)

[EDIT: I’m beginning to think I’ve been had… One of the articles says to un-reinstall the security protocols (so to speak).

For now I advice not to try any solutions for problems that you think are happening. You may break things in the process; also we don’t know what you did making it impossible to help you further.

For now follow our leads and don’t stray from that.

Is there no way to uninstall CCE?? There's nothing in the program folder, nothing in the Windows uninstaller and nothing in the SMP11 native uninstaller. The only other option is to delete it piece by piece, but I know I won't get everything doing that! CCE can be considered pc security.]

[EDIT: I already went through the second article and posted results in this thread (March 18 12:07 post)]

[EDIT: Please pardon my rant… just *Very frustrated at this… occurrence.]

The standalone CCE does not get installed (I assume you are not using CIS v6). You unpack the zip archive to a folder of choice.

What security programs are running in the background on your computer? Also run clean up tools for security programs you have had installed in the past. A list with clean up tools can be found here: ESET Knowledgebase .

""Since it is not a problem anymore its best not to focus on it unless it reoccurs. This is to prevent us from diverting too much. “” ???

My game is my diversion… my mini salvation from what is and what was.

I have been diagnosed PTSD in addition to chronic depression and social anxiety. :o Sims 3 in my pc along with the expansion and stuff packs are what helps keep me SANE, on the level and able to deal . with what IS my so called life. The .PACKAGES (that’s the way it appears in the file) contribute to game play which again is much more than just a game to me. It’s near devastating to me to find my game files broken apart and thrown to the four winds in this computer as I am NOT anywhere near a techie or whatever one is called who can read and manipulate the inner workings of a computer just as easily as reading a 1st grade book! whew!.. Ok… sorry, on with business.

((Using the Search and Recover option in System Mechanic (I imagine it’s similar to Recuva) I have found my .PACKAGES and am able to restore most of them… I think. That theory has yet to be tested.))

(I apparently don’t know how to do the multiple quotes so there will be multiple edits as I reply to your queries.)

""What exactly are you observing? What is flashing under what conditions? What browser are you using? Does it happen on all sites or only specific ones or does it happen on pages with Flash objects? Etc.

Without a proper description we have no way of determining what could be happening. It could be a problem with a graphics driver for example.“”

It’ll be anywhere from a quick little white flash… to the whole browser window disappearing for oh… about 3 seconds, then come back.

““I assume you are referring to Javascript errors reported by your browser. All web pages have script errors; it seems that people who write web sites don’t know how properly code. Anyway, javascript errors on what pages tells nothing about your system but only about the shoddy javascript coding by web pages.””

Usually on facebook… just scrolling the wall posts, sometimes in those games. I don’t know if they’re JavaScript errors… it just says in IE 10 there’s a long running script, etc. In Cometbird, which it appears is Firefox there’s a message box that comes up and asks whether or not I want the running script to continue. I haven’t recorded them but there are at least a couple other sites that do that… I’ll start recording which ones that happens to.

““In what program does this happen? Iirc in Microsoft Word you can disable or enable the cursor when typing.””

I notice it most often typing either in fb chat or message boxes that will post. The same for the disappearing text too. But, the disappearing text also happens outside of the web such as in Wordpad or MS Word 2007.

I did the Host File auto fix. Thank You. :slight_smile:

““Does it open each time you start your pc or was this a one of occurrence.””

I can’t remember how I first discovered it but when I right click the Cometbird icon in the left of the task tray… there it is.

Where had they ended up?

Sorry, I did not mean to upset you nor did I mean to speak about diversion as a way of relaxing or unwinding. I meant that the problem did get solved and that I would like to leave that unless it returns as there are multiple angles running this topic at the same time. That makes it hard to keep focused on determining the exact nature of problems while keeping an open eye for various causes.

((Using the Search and Recover option in System Mechanic (I imagine it's similar to Recuva) I have found my .PACKAGES and am able to restore most of them.. I think. That theory has yet to be tested.))
(I apparently don't know how to do the multiple quotes so there will be multiple edits as I reply to your queries.)
You need to use the quote tag: http://wiki.simplemachines.org/smf/Quote .
""What exactly are you observing? What is flashing under what conditions? What browser are you using? Does it happen on all sites or only specific ones or does it happen on pages with Flash objects? Etc.

Without a proper description we have no way of determining what could be happening. It could be a problem with a graphics driver for example.“”

It’ll be anywhere from a quick little white flash… to the whole browser window disappearing for oh… about 3 seconds, then come back.

When the browser windows disappears what do you see? Do you see an empty screen or do you see the window of another program?

""I assume you are referring to Javascript errors reported by your browser. All web pages have script errors; it seems that people who write web sites don't know how properly code. Anyway, javascript errors on what pages tells nothing about your system but only about the shoddy javascript coding by web pages.""

Usually on facebook… just scrolling the wall posts, sometimes in those games. I don’t know if they’re JavaScript errors… it just says in IE 10 there’s a long running script, etc. In Cometbird, which it appears is Firefox there’s a message box that comes up and asks whether or not I want the running script to continue. I haven’t recorded them but there are at least a couple other sites that do that… I’ll start recording which ones that happens to.

It could be a problem with a javascript on Facebook. Anybody using Facebook with IE 10 or FF browsers recognising this probem? I don’t use either of them.

""In what program does this happen? Iirc in Microsoft Word you can disable or enable the cursor when typing.""

I notice it most often typing either in fb chat or message boxes that will post. The same for the disappearing text too. But, the disappearing text also happens outside of the web such as in Wordpad or MS Word 2007.

Disappearing cursor can be what is meant to happen. But disappearing texts is not something I can explain. Around what time did this start to happen? Did you install new programs around that time?

I did the Host File auto fix. Thank You. :)
Check the file again to make sure something is not changing it.
""Does it open each time you start your pc or was this a one of occurrence.""

I can’t remember how I first discovered it but when I right click the Cometbird icon in the left of the task tray… there it is.

Does it always launch that document when right clicking on the Cometbird icon? Is Cometbird set to open the pages that were open when you closed it. That could be a possible explanation.