I was recently browsing a website and was presented with what appeared to be a virus scan saying I was infected. I know that this was not my scanner so I brought up task manager and disabled what appeared to be out of place. This removed the “scanner” from my screen and I thought that I was safe. I rebooted the system and was presented with the scanner again on bootup so tried to end task on it again but was prevented from opening up the task manager. Rebooted again into safe mode to find and remove the files and was successful.
Now for my question. During all of this, the bogus scanner changed my setting for internet to use proxy which I don’t have or use and every time I change back to no proxy I can access the internet but when I reboot the settings aren’t saved and I have to change them again. What do I need to do to get the proxy settings to be saved? I am logged in as admin and all, running windows 7 64bit and I browse the internet using firefox exclusively. I would post the name of the file that was involved, but unfortunately I didn’t write it down and don’t remember it. It was found in the temp folder.
Here is the log file. I looked through it and saw that a proxy was set in the hkcu section and removed the info on that part, but if you would look at the rest I would appreciate it. Thanks.
AxAutoMntSrv.exe may be a virus. but also might not.
iWinGamesInstaller.exe is a worm would recommend getting rid of this one
F2 - REG:system.ini: UserInit=userinit.exe possible problem.
Malwarebytes Anti-Malware 1.50 http://filehippo.com/download_malwarebytes_anti_malware/
always update before you start scanning so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here
Just finished doing some searching on the web about iwingamesinstaller.exe and found that this is likely a normal file that is associated with a program on my system, though it appears it is a target for malicious software that modifies it. As of right now, my copy of iwingamesinstaller.exe is clean and not infected.
what about AxAutoMntSrv.exe i did some checking and it might also be one. other than that. the proxy and the reg i would get rid of. btw are you able to use windows update?
AxAutoMntSrv.exe belongs to Alcohol virtual drive software which I use. This file shows clean and thus is not infected by anything harmful at this time. As far as using windows update, yes I am able to use it and as far as I know, I am up to date on any patches that have come out recently.
I had already done that earlier manually, but thank you guys for looking at the files to be sure there was nothing else. I will presume this issue is resolved unless it shows back up after reboot.
Just for the fun of it, I checked out what was running when you did the HJT log. This has to be the shortest list of running tasks that I have come across on this forum. That is good.
Overview of running tasks :
ISUSPM.exe
Backgroundtask
InstallShield Update Service Scheduler.
LCDMedia.exe
Backgroundtask
Logitech G-series Media Display
wmplayer.exe
Application
Microsoft Windows Media Player
firefox.exe
Application
Mozilla Firefox
HijackThis.exe
Application
Merijn Hijackthis
By the way, there are way too many “missing file” entries showing in your HJT log. You should run HJT again and fix only the entries with (file missing) at the end of the entry. A few of those is not so bad but there are too many useless registry entries in your HJT log.
Please be sure you only check mark the box of those entries with (file missing) at the end of the entry.
Hehe, I appreciate you checking that out I have been working on computers for quite some time, since before the release of the 486 processor, and have a decent idea what is needed and what is not for running tasks in the background. I typically make sure I have as little as possible running so that if I am infected by anything I can see it readily in the list of running processes, as well as to keep this machine up to snuff for gaming.
Btw, it turns out that the issue is definitely resolved as I had no issues this morning getting onto the internet. Thanks again for those that offered the advice.
