Renesas Electronics virus found by MCShield last night on my desktop computer.

I thought I had removed all instances of it, but today the computer won’t stay on the internet, anything i try to do is “timed out”, basically, nothing working right…I ran an Avast smart scan, but it didn’t pick up anything…think I’ll run a boot scan, and check back with you tomorrow, as I have guests coming for dinner before long. It is scanning for network issues, but hasn’t picked up on anything thus far. The name for the above named virus is now showing in the startup list (via msconfig) as NUSB3MON but it seems to be gone from the path of HKLM/Software/Wow6432Node\Microsoft\Windows\current version\Run (i have this on my laptop computer, which i am using now). So is this a virus, or do I need to start looking for something else on the desktop? Nothing is working right, and no virus definitions will update, because the internet keeps going out, or it times out…I can’t even get to Avast or MBAM websites, so I think someone is tracking my keys, possibly?

Renesas Electronics virus found by MCShield
may we see the log?

follow instructions here https://forum.avast.com/index.php?topic=53253.0
we need Malwarebytes and Farbar Recovery Scan Tool logs, attach the logs, 3 logs total

see below the box you write in … Attachments and other options

I can’t get this computer to do anything…I recently put in a brand new hard drive because of a similar infection…Had to go to safe mode to get the browser to open…sending you logs from an older version of FRST64, which I hope updated…internet disconnects every time I get to a place where I can download anything. When I tried to get to bleeping computer all I was get “about blank” in my browser tab…I don’t know how helpful these logs will be…MC Shield log disappeared last night when the computer restarted. Don’t know how to retrieve it, as it hadn’t been saved.

OK first off I will reset the network connections. How do you connect to the net, is it via USB or Ethernet ? Or is there a built in card

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Thank you! at least it didn’t take my browser 2 min. to open, but while updating MBAM, after the fixlist, I did go off-line again.
I connect with a Linksys USB network adapter…I don’t think it’s the problem, it seems to be working fine, and I re-installed the driver recently, just in case. I did notice that while trouble-shooting connectivity, that the selection in network properties/security to “allow other users to control network settings” (or whatever) was checked, and I have never in my life, checked that box to allow anyone other than myself to control my network…I have all “Remote” access disabled, because of bad experiences. I finally was able to update MBAM to scan, so attaching that, too…didn’t find anything. …Just discovered Program Data file was hidden…here are your logs…Much Thanks

NUSB3MON is a driver for your USB ports, and if you are using a USB connector deletion may be the cause of your problems http://www.bleepingcomputer.com/startups/nusb3mon.exe-26516.html

Oh, I wonder! would running “nusb3mon.exe” install the driver? If so, I can do that and see. Is there any way you can send me a link to download the driver I removed?? I can’t get anything to work on the computer in question…I can download and transfer the driver via zip drive, if I can find a reliable place to download it from. Thanks, I do hope this is the only problem…

https://downloadcenter.intel.com/download/19880/USB-3-0-Renesas-Electronics-USB-3-0-Driver here this is from intel

Much thanks…Hiccup, I think…this desktop has an AMD processor…probably shouldn’t put an intel driver in there? I’m afraid there is more on this computer bogging it down…as I mentioned before we just rebuilt it before Christmas, 1T WD hard drive…8Rams memory…I tried to open the program to scan a document I need in digital format, and nothing happens…the Canon program won’t open, Firefox timing out. I’m calling my computer man to help me when he is able. Running Avast scan now…(didn’t finish)…stalled. Backup failed…be back tomorrow. I need a drink!

As you have all of that new hardware when you installed windows was it the retail version that you used ?

Here is the label on the disc used to install the OS. Hope you can read it from the photo…let me know if you can’t.

I did do a dns flush last night, haven’t been on that computer yet today. But last night it was as slow as ever, and not maintaining an internet connection…I finally was able to update and run MBAR, no issues found.

Have you much data to backup on your current install… As it may require a in-place upgrade to reset the system http://www.sevenforums.com/tutorials/3413-repair-install.html

Ok, I’m having fun with taxes today and must take a patient to Charleston, SC tomorrow for an appt at the MUSC. So it will be a few days before I can try that…I’ve used this computer so little, there is only about 81GB on the hard drive. and most of the data on it, I have on my laptops…so it shouldn’t be too bad, I hope. Mainly, I would have to re-install programs, printers, etc. Thanks for the link.

Let me know what you decide as we could continue to troubleshoot but that will take time

OK, tomorrow’s trip to MUSC will be an all day thing…I’ve sorted taxes all day today…maybe tomorrow will be a good breather…I’ll make a decision when I’m back. It’s fortunate there is much on the hard drive. I can take the program downloads off one of my other computers, to make sure everything is clean that goes back in. I think it is probably the only way to get this computer running again…

I am surprised that MCShield marked that file as infected as it should have a valid signature etc…