New
#111
previous programs only found jzip and qq, and then some registry entries. this time I ignored jzip and qq, as I know qq is not an issue, but often recognized as a PUP, and jzip is also recognized as a PUP. researched the registry entries as being tied to some software that I did not download, so figured it might have been entered through the browser somehow, so I let the software remove it. Malware Bytes also so far has only found something that was identified as a PUP (ironically I don't think any adware scanner or avast ever said it was before).. yet not really the true reason for any of this. it is either virus not identified (or gone already) or permissions or update to windows 10 I think.
previous issue occurred following during the time I updated to windows anniversary edition and changed permissions on a system folder. I had used the tweak program to try to restore permissions, but though it has restored the original ownership, it still also allows administrator access, So still not sure if it had been due to some infection or not.
Third hard drive has 20 GB free. The one that I saved the image to has about 128 GB free. But again, some number was assigned as the owner to both external drives for some reason. It seems weird given that at least one external drive did not find any virus through Malware Bytes. I think that before those drives had a different owner. nothing that looks like some system number.
It was like that. what does that mean? or why would it do that? i had afterwards changed the owner of one external drive to me, while the other to Administrators. At this point, i don't know which one it was. Also, malwarebytes cleared up a trojan and some other file that was together with winrar that monitors key strokes, but i think that it was neither of those. i think the trojan was downloaded after this, and the other thing was not the one that caused the problem. also, i don't know why winrar had something like "Hawk" something bundled with it. so the next step is in-place upgrade? i did all of the steps, including the junkware removal tool, which all it did was remove registry keys and qq.....
but what about if this is not from a previously removed virus, but simply editing permissions, or updating windows? except it is not from too small of space on the hard drive.. you mention those things also above.. what can cause the drive's ownership to change? it was only the external drives, while the main hard drive was changed to read only.. external drives changed ownership, and one probably had more read only folders, and one started to. Nothing so far as viruses currently seen explains that. Do I need to turn of Mcaffee, turn on windows firewall, and turn on avast? how do i know if this is from a virus, or an issue with windows?
No way to know now especially since you really didn't document stuff you found /saw in McAffee/etc to report here to give Others a clue as to what happened , though you apparently have numerous Malware and Trojans , so I'd be thinking about a Clean Install and put it down to a Lesson Learned.
It could be either or a Combo of virus's and playing with permissions since it sounds like you have been playing with permissions which can cause as many issues as it fixes ( don't ask how i know :) )
A Inplace Upgrade should clean up Windows Permisssions Errors but I am not certain it will have any effect on your External Drives , that is something to look at if needed once you have Fixed Windows. If an Inplace does not work then you will need to do a Clean install deleting all partitions in the Process to ensure you don't have a RootKit or similar.
KB.
Last edited by Kbird; 09 Oct 2016 at 12:54.
well, like I said, malware bytes specifically only found one recent Trojan, which I believe was installed after, as well as something else that for some reason was packaged with WinRAR that monitors keystrokes. I don't think it was the culprit. not sure about any of the things that malware bytes or anything changed registry. Wasn't one of those programs one that checked for rootkit viruses?
Mcaffee kind of sucks at logging previous viruses found (at least the version that I have) since it pretty much just shows a log on the internet as if something had been there at one time or something like that. It seems like it was hard to understand. Most of what those other scans found were "potentially" unwanted programs, and most of which were harmless. i knew i edited permissions, and downloaded the windows 10 update at the same time, mcaffee showed some report online like something had been there, and some map of where viruses come from.. but no definite answer of anything. i read that there are onedrive issues with the anniversary update. it bothers me that there is no clear answer to what this really is. i would like to know for certain so i don't take the wrong measures or extreme measures. This is even a brand new system. The previous system i had had hard drive failure, but i was able to use it a long time before the system actually failed.
I can't say or tell you what to do but if I found Trojan's and a Keystroke Logger I would be changing ALL my passwords (especially banking) and LLF my HDD and reinstalling Win10.
Unfortunately I have a friend who appears to be the World's No# 1 Virus/Malware/Trojan Attracter , I seem to have to reinstall for him every 2-3 months and he claims he doesn't go anywhere "dodgy" on the 'Net, but Last month he had "something" which was never determined , after running all the Tests Simrick mentioned as well as Eset and anything else I could think of, even a Inplace did not work , after a day Malwarebytes etc started finding stuff again etc , even though the Laptop was not on the Net just sitting here for testing Running. Even a clean install (without a LL Format) did not work which really surprised me , but doing a Secure Erase of the SSD and reinstalling Windows did. I made him get a Passport too, so I could Image his Fresh Install to it with Macrium , so from now on it will be an easy 20 min refresh to a Clean system instead of hours and days of diagnosis ...by me...
Oh 1 other thought ..... If you find some files as Read Only on the Passport , they are maybe from the WD SmartWare Backup Software so perhaps the External is not effected by this if that is what you are seeing ? Or if you have used Win10's File History to the Passport , if those are marked Read Only ? it is likely for security so Virus's can't Change them....when the Files are Restored to the PC the Read Only attribute would be Removed again, which you can test, by restoring a file.
KB.
I have to agree with you there, and they would have been changed the minute I found the keylogger, from a known clean computer, and that hard drive would have been wiped squeaky clean for a fresh install.
Oh! LOL Sorry, but I have to laugh - I so know the feeling!
I think also you may find this, if the permissions are for another user from a different computer; files copied over with their permissions/attributes to an external, then plugged into another computer?