6 Replies Latest reply: Feb 7, 2013 12:52 AM by vinoo RSS

    So I ran GetSusp 3.0 - Now what?

    zaqlpxsw

      The header pretty much says it all - I'm having PC problems, I downloaded and ran GetSusp 3.0, it found suspicious activity and sent a message off into hyperspace; now what am I supposed to do?

        • 1. Re: So I ran GetSusp 3.0 - Now what?
          Peacekeeper

          Did you add your email addy to the preferences otherwise they will not know where to send any extra dat they make?

           

          While waiting run stinger and malwarebytes free...

          McAfee Communities: Anti-Spyware/Malware & Hijacker Tools

          • 2. Re: So I ran GetSusp 3.0 - Now what?
            zaqlpxsw

            Why, yes, I did - and got back the following (as yet) rather unhelpful reply:

             

            File Name                          Findings                            Detection                          Type                               

                    ---------                          --------                            ---------                          ----                               

                    dc59.ex_                            not_detected                        Unknown                           

                    drvnddm.sy_                        not_detected                        Unknown                           

                    ssrtln.sy_                          not_detected                        Unknown                           

                    recordnow.ex_                      not_detected                        Unknown                           

                    tfsnboio.sy_                        not_detected                        Unknown                           

                    sscdbhk5.sy_                        not_detected                        Unknown                           

                    tfsnudf.sy_                        not_detected                        Unknown                           

                    tfsndrct.sy_                        not_detected                        Unknown                           

                    tfsndres.sy_                        not_detected                        Unknown                           

                    tfsnudfa.sy_                        not_detected                        Unknown                           

                    tfsnopio.sy_                        not_detected                        Unknown                           

                    tfsncofs.sy_                        not_detected                        Unknown                           

                    tfsnpool.sy_                        not_detected                        Unknown                           

                    tfsnifs.sy_                        not_detected                        Unknown                           

                    wxardisk.sy_                        not_detected                        Unknown                           

                    winxar.ex_                          not_detected                        assumed_dirty               

             

             

            What does it mean when there are 16 files where "Findings" are "Not Detected", with 15 of them "Detection Unknown" and one of them "assumed_dirty"?

             

            Does it mean that for 15 of them, you don't know what they are but you also don't think they pose any risk; and that for the last one, you still don't know what it is but assume that it is a virus? Way to inspire confidence! Kind of like the doctor saying: "There is bad news, and worse news. You definitely might probably have something wrong, but we don't know what it might be, either."

             

            As for running Stinger, I have done so and that just opened another whole can of worms. It deleted a file out of an unopened, uninstalled Zip file, announcing that it was infected with the Artemis!265C3DD296CC virus. Sort of a pre-emptive strike. I'm going round in circles with Moderator Ex_Brit on that one. I've told him that I didn't actually extract the Zip file or install the software in question, so I do not claim to be infected with that particular virus. I just want confirmation that the file that Stinger deleted is, in fact, a virus, trojan or malware before I either complain to the download manager or go ahead and infect myself. Ex_Brit keeps telling me what to do if I am certain that it is malware or if I am certain it is a "false_positive". Frankly, I don't feel like playing the guinea pig here.

             

            So I am in something of a holding pattern with both Stinger and GetSusp 3.0

             

            I will follow the link provided, download and run Malwarebytes free edition.

             

            Shall I post the results back here?

             

            Thank you!

             

            (By the way, for those who haven't yet received their Secret Decoder Rings - what is "an Unrequested PM" that we are not supposed to post here???)

             

            on 2/5/13 6:12:23 PM CST

             

            on 2/5/13 6:13:12 PM CST
            • 3. Re: So I ran GetSusp 3.0 - Now what?
              Peacekeeper

              Yes post the resuts re Getsusp best you await vinoo's return he is the expert on it.

               

              I would with the zip file send it to Mcafee and ask when they reply to review it to see if it really is what it (stinger) says. Submit it as Peter would have mentioned ie a passworded zip file. Password is infected....

              • 4. Re: So I ran GetSusp 3.0 - Now what?
                vinoo

                Along with the email response, there would have been a WorkItem ID in the subject or body of the email. Can you post that to this thread? It will help me location your submission for review.

                • 5. Re: So I ran GetSusp 3.0 - Now what?
                  zaqlpxsw

                  WorkItem ID 811283

                   

                  Problems have escalated.

                  Double-click function to open folder/launch application no longer works.

                  Unable to install, update or run Malwarebytes as suggested in Safe Mode.

                  (Numerous "CoCreateInstance failed, Code 0x80040154 Class Not Registered" errors)

                  (Run-Time error '372' received; "failed to load control 'WebBrowser" from ieframe.dll [version may be outdated])

                   

                  Any assistance would be greatly appreciated.

                  • 6. Re: So I ran GetSusp 3.0 - Now what?
                    vinoo

                    Apart from the files flagged from Sonic Solutions and JimiSoft Inc (which are ok upon reviewing) - there is nothing else suspicious that stands out in the report.