Well I guess I haven’t been nearly as safe as I should be lately. Maybe a few of the sites I’ve visited lately aren’t so savory, although I also noticed various wikia sites have been infected with some fake adobe trojan that seems to be getting around, which normally wouldn’t be a problem but I use Steam’s browser to check things from time to time, so they don’t necessarily get blocked like in firefox. Even so, I’ve not specifically noticed anything wrong with my machine, but I’d still like a second opinion and if I should take any additional recautions.
I’ve got the boot log and file system shield logs here, not sure if thy are all relevant but they all seem somewhat recent:
- Started on: Wednesday, March 9, 2016 4:25:56 AM
3/10/2016 12:03:28 AM C:\Users\Victor\AppData\Local\Temp\qkopiNTV.exe.part [L] Win32:Adware-gen [Adw] (0)
3/10/2016 12:03:28 AM C:\Users\Victor\AppData\Local\Temp\qkopiNTV.exe.part [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest…
File was successfully moved to chest…
- Started on: Wednesday, May 4, 2016 6:14:57 PM
5/8/2016 10:37:27 PM C:\Users\Victor\AppData\Local\Temp\CB50.tmp [L] Win32:Trojan-gen (0)
File was successfully moved to chest…
5/10/2016 11:02:52 AM C:\Users\Victor\Documents\NBGI\DSCM-2016-05-06-01.exe [L] FileRepMalware (0) (TC Note: this file is actually safe to my knowledge and I use it regularly)
File was successfully moved to chest…
5/10/2016 11:16:17 AM C:$RECYCLE.BIN\S-1-5-21-1109383580-4101226291-3731906273-1001$RHOYIT3.exe [L] Win32:Malware-gen (0)
File was successfully moved to chest…
05/20/2016 00:23
Scan of all local drives
File C:\Users\Victor\AppData\Local\Temp\B17F.tmp is infected by Win32:Injector-CUL [Trj], Moved to chest
File C:\Users\Victor\AppData\Local\Temp\1461.tmp is infected by Win32:Injector-CUM [Trj], Moved to chest
File C:\Users\Victor\AppData\Local\Temp\2FE9.tmp is infected by Win32:Trojan-gen, Moved to chest
File D:\Nexus Mod Manager\DarkSouls\Mods\downloads\Ultimate Catarina Set - UHD - Tan-852-1.rar.partial|>dsfix\tex_override\37a7ff79.dds Error 42126 {RAR archive is corrupted.}
Number of searched folders: 64964
Number of tested files: 3303932
Number of infected files: 3
Avast also initially caught this before I just decided to halt the scan and switch to a boot scan:
C:\Users\Victor\AppData\Local\Temp\DBC8.tmp Win32:Injector-CUM [Trj], Moved to chest
I did submit that file to VirusTotal and the results are pretty clear across the board:
https://www.virustotal.com/en/file/d9437454318f2ba8fe9f96a9e46923347f8d91f1a9eaa64ac3bd52f754da4ef6/analysis/1463721655/
As Kovter seemed to show up in the detection of multiple AV programs I went ahead and followed these steps, but nothing was found:
http://www.bleepingcomputer.com/virus-removal/remove-kovter-trojan
I also noticed another tmp file with a similar naming scheme to the others, but it seems clean, so I guess names are nothing to go on:
https://www.virustotal.com/en/file/5232827cbde8d18adfc3f66191fe2a0ce75a85a1189beb646725214f3860cd81/analysis/1463741970/
Naturally I’ve also included all the required logs in the attachments as well. Thank you for your time.