I keep getting the message “A suspicious hidden object (rootkit) has been detected on your system. This may be a sign of a malware infection. It is recommended to remove the object immediately.”
I attached a Jpg of the message.
I have done the suggested action several time and after rebooting and running a full system scan at start up, the message comes back after a few minutes.
Hello,
18:51:51.903 [b]Service scanning[/b] 18:51:56.505 Service [b]jswpsapi[/b] C:\Program Files (x86)\[b]D-Link\DWA-556 revA[/b]\jswpsapi.exe **INFECTED** [b]Win32:Evo-gen[/b] [Susp]
This is generic detection and it is a false. The file is legit.
Related to Jumpstart_Wifi from Atheros Comms. WLAN for Home, Office and Metro Wi-Fi. Note: Located in \%Program Files%\D-Link\RangeBooster G WUA-2340\JSWUtil\
You should report that to avast! team using the link below, “Report a Virus” sections:
http://www.avast.com/contacts
The posted logs shows some trace of ex adware removal attempt. We shall use Zoek tool to trace & target the leftovers.
Please download Zoek tool by Smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
EmptyFoldersCheck;Delete
C:\Windows\System32\Tasks\GoforFilesUpdate;fs
C:\Program Files (x86)\GoforFiles;fs
StartupAll;
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2];r
netsh advfirewall reset;b
bitsadmin /reset /allusers;b
EmptyCLSID;
kbfeokldigaboihnpiojpahhiplnamdj;chr
C:\Users\Steve\AppData\Local\CRE\kbfeokldigaboihnpiojpahhiplnamdj.crx;f
AutoClean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Can’t download the Zoek tool. I’m getting infection report from Avast.
I attached a jpg of the error message.
Disable AntiVirus as instruction tells.
As you noted above, I notified Avast about the file and sent them a copy as they requested. I am awaiting a reply from them. I also ran the Zoek tool as you suggested. I had to disable the Web Shield to download the file and then I had to disable the File System Shield in order to run Zoek.
Everything went well and seems to have completed successfully. I thank you for assistance and I appreciate it greatly in helping me to resolve my problem.
Everything went well and seems to have completed successfully. I thank you for assistance and I appreciate it greatly in helping me to resolve my problem.but you forgot something ??? the log as instructed
Save notepad to your Desktop and attach here zoek-results.log Note: It will also create a log in the C:\ directory named "zoek-results.log"
Yes, I shall require zoek-results.log.
I have attached the log as requested.
Again, Thanks for you help.
By not counting the ‘jswpsapi’ problem with services (because we concluded that it is FP detection) how is your computer running now?
Sorry about the delay in responding.
I am no longer getting the pop up message from Avast and everything seems to be running fine.
Glad I could help. Posted logs appear cleans and show no signs of active infection. You should be good to go …
We’re gonna remove my used tools now as well as carry out some further cleaning and security settings. To learn more about how to protect yourself I’ll give you a few tips for reading.
• The following will implement some post-cleanup procedures:
http://www.mcshield.net/pg/images/arrow.png
Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Tip: Do not use security tools such as ComboFix, FRST, Zoek and the like. These are advanced security tool, should not be used without supervision.
• Learn how to protect yourself:
=> In order to stay protected it is very important that you regularly update all of your software and Windows Operating System.
It is important that you visit Windows Update regularly.
How to configure and use Automatic Updates in Windows
It’s vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Keeping Java and Adobe update is priority.
Download and install latest version of Java
Download and install latest version of Adobe Reader
=> I recommend that you use one of the fantastic opportunities provided by
http://www.mcshield.net/pg/images/avast5.png
avast! AntiVirus.
For security protection, an active AntiVirus is required. If you want to reinforce your security setup I recommended additional security software and utilities:
Download and install Malwarebytes’ Anti-Malware and perform ‘Threat Scan’ from time to time. Malwarebytes will detect and remove all traces of known malware.
Download and install MCShield Anti-Malware Tool to prevent infections transmitted via removable drives.
Download and install Unchecky to keeps your checkboxes clear by preventing installing additional adware and other PUP bad software.
Download and install AdBlock for safe web browser surfing without annoying and malicious advertising ads.
• Extra text for reading:
Please visit and review PC Safety and Security - What Do I Need? for some helpful information.
Please visit FAQ - Answers to common security questions - Best Practices to read tips how to protect yourself against malware infection.
You may also visit and read What to do if your Computer is running slowly? if you like to read some basic geek stuff.
• The specific type of infection:
Meet CryptoPrevent. Security app that shall attempt to prevent dangerous malware that encrypts certain types of files stored on your disk, like CryptoWall, CryptoLocker and simular clones.
More information about this family of malicious software: CryptoLocker Ransomware Information Guide and FAQ ;
Cryptolocker Ransomware: What You Need To Know and CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
Stay safe.
Best Regards,
magna86