Author Topic: CCE finds some threats  (Read 1443 times)

Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
CCE finds some threats
« on: October 10, 2015, 01:22:15 PM »
Hi there, I would require a bit help if I may. I just tried to scan with Comodo Cleaning Essentials and it found something in recycle bin which is located on the partition OS isn't installed:



 I can't open \secure\ folder, it says it refers to a location that is unavailable...The second entry-"asfdata" belongs to program Anvide Seal Folder (this program also creates ads which if deleted breaks nothing). The first entry which contains numbers I don't know from what it is. Also I checked \secure\ folder's properties and it says it's shared.

My question is: should be Recycle Bin also located on a secondary partition by default and is there a way to open \secure\ folder?

thanks

« Last Edit: October 10, 2015, 07:20:35 PM by white31 »

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: CCE finds some threats
« Reply #1 on: October 11, 2015, 05:35:41 AM »
Hello,

let's try following :

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.

Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.

Both logs attach in your reply.


Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
Re: CCE finds some threats
« Reply #2 on: October 11, 2015, 10:27:50 AM »
At startup it asked that registry values "applinit_dlls" found but I haven't allowed to remove them, feared that it might break something. Here's the screenshot of that registry path and if you see anything suspicious in it please tell me (I used Prio a while and then uninstalled it).



[attachment deleted by admin]

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: CCE finds some threats
« Reply #3 on: October 11, 2015, 11:05:12 AM »
Log seems fine,nothing was found malicious.

Let's make sure that your PC is clean :

Scan with Malwarebytes AntiMalware

Download Malwarebytes Antimalware and install it on your system (Run setup as Administrator).

At the end of installation, uncheck "Enable free trial of Malwarebytes Premium", then click Finish.

Make sure you have latest definitions by clicking on Update Now,then under Scan choose Threat Scan.

After scanning is done, click on Remove if malware is found,tool will ask for restart , allow it to do so.

Attach MBAM log here (you can find it in History > Application Logs).


After that do following :

Scan with Norton Power Eraser

CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !

Download NPE by Symantec and save it to your desktop.

Run the tool as Administrator,accept license agreement,and click  Scan button.

Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.

After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !

If malware is detected,make sure that Create restore point option is checked,then click Fix button. After that,click on Restart now to complete removal.



Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it, if tool asks for restart, allow it .
 
If no malware is found , just exit program.
 
NOTE: Leave actions at default.

Attach log here.


Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.

Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
Re: CCE finds some threats
« Reply #4 on: October 11, 2015, 12:57:49 PM »
I'm attaching only malwarebytes logs. I often use NPE and used now but it finds many false positives or programs exe which I want to keep, so I'm not removing anything with it. As for Zemana Antimalware and TFC, this sounds rude but I won't use them, I have a reason not to trust them. TFC is temp folders cleaner, I regularly  clean temp and %temp% manually and my browsers delete everything on exit, so my temp is clean. I also did scan with superantispyware and also it's clean.

[attachment deleted by admin]

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: CCE finds some threats
« Reply #5 on: October 11, 2015, 01:09:39 PM »
How is your computer now ?

Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
Re: CCE finds some threats
« Reply #6 on: October 11, 2015, 01:24:17 PM »
Comp is fine, it didn't have any problems either but those entries only CCE found I'm still deciding delete them or not...Basically what I wanted to find out is that I described in my first post that if you or any other ppl also have recycle bin on a secondary partition and if I can open that shared folder...thanks.

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: CCE finds some threats
« Reply #7 on: October 11, 2015, 01:36:34 PM »
Mine is on C:\ . Which drive letter is the drive ?

Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
Re: CCE finds some threats
« Reply #8 on: October 11, 2015, 01:43:53 PM »
mine is on C:\ and E:\

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: CCE finds some threats
« Reply #9 on: October 11, 2015, 01:52:41 PM »
Try to delete it normally or with CMD :

Code: [Select]
E:
dir
del $RECYCLE.BIN

Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
Re: CCE finds some threats
« Reply #10 on: October 11, 2015, 01:59:26 PM »
I did

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: CCE finds some threats
« Reply #11 on: October 11, 2015, 02:00:48 PM »
Is folder still there ?

Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
Re: CCE finds some threats
« Reply #12 on: October 11, 2015, 02:03:45 PM »
I did cut entire  $RECYCLE.BIN folder with its content from E:\ and moved to another place but not sure if windows needs it. I backup it in case problems occurs.
« Last Edit: October 11, 2015, 02:07:25 PM by white31 »

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: CCE finds some threats
« Reply #13 on: October 11, 2015, 03:02:41 PM »
Make a copy and delete folder. If you notice something bad but i don't think so if anything bad will happen,restore copy .

Offline white31

  • Comodo Family Member
  • ***
  • Posts: 85
Re: CCE finds some threats
« Reply #14 on: October 11, 2015, 04:08:42 PM »
Well I did a small testing and it appears $RECYCLE.BIN on partition E:\ really belongs to OS because after I cut it and restarted pc it recreated itself. But the folder \secure\ is created as I already mentioned by Anvide Seal Folder. This program uses recycle bin to hide content I think and that's why it is shared. So CCE detection can be false positive I think mostly this way but if it's not and there is really something suspicious then the whole program should be investigated which I can't do.  BTW my previous post here https://forums.comodo.com/virusmalware-removal-assistance/wasf-registry-t112584.0.html;msg816354#msg816354  about mysterious wasf registry also is created by this program  :) I think there is nothing to worry about and bothered you for nothing but again thanks for advices.

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek