Jump to content

Threats Detected. Do I Have a Virus?


Recommended Posts

Guest FileCorrupt
Posted

While following directions on U Tube Video on using “Pareto_DR_Setup_RW”, a data recovery program, I got an alert of a Severe Threat from my Computer and chose to “allow” it. Bad mistake, I believe.

I was using Security Essentials, Windows 7 Firewall, and Webroot AV at that time.

I am not sure if I have the “Exploit:JS/ShellCode.N” or "Trojan:Win32/Daiboo.A" malware, or not now.

MS Security Essentials stated I allowed “Exploit:JS/Shell Code.N” on 12/27/11 at 10 am.

However, I do remember when I allowed this “Severe Threat.” That was when I downloaded Pareto_DR. However, that was at a later time. That time was on 12/30/11 at 1:45pm.

I was on Wi-Fi hot spot at a Starbucks. I had been watching a You Tube Video on how to recover data using Pareto Doctor software. While downloading I was asked to enter my email address. I did. Supposedly to get registered. Later, I got offers to buy Pareto Doctor on E-mail and I did not.

Later, I find a save to my downloads of that program entitled, “Pareto_DR_Setup_RW.”

I installed Pareto_DR. and commanded it to scan my Hard Drive to do data recovery for a corrupted .docx file. While doing so, the program displayed a beetle icon that turned on and off. Later, program died, I think, and did not completely scan disk. I stopped it at least twice, after running it more than once. Each time the program displayed the beetle icon and stopped during scan. I commanded it to recover a particular .TMP file it found to my D:\ Drive. I opened that TMP file and it was binary data, I believe. Not text.

Later, MS Essentials reported that exact file on my D:\ Drive as the one containing “Exploit:JS/Shell.N”. I tried to get MS Essentials to delete file. "Exploit:..." displayed with a preceding “X,” but only on “All History”. If I changed Security Essentials to “Quarantine Items” or “Allowed Items,” I had no entries displayed. If I clicked on “X” and “Exploit…” line, Essentials did not give me the option to remove it.

Sometime later, I went to D:\ Drive and deleted that TMP file. Later, I read not to manually try to remove “Exploit:JS/...

However, that was much later. Those instructions were too late.

Also, I got an item my computer that stated I should not use two Anti-Virus Programs at the same time. So now, I am only using one program.

Later, I had got reports of another threat from Security Essentials.

That report was for "Trojan:Win32/Daiboo.A" around 1-3-2012. Maybe I had a Root Kit?

Essentials continued to report over and over that “Trojan:.. was identified. That is Security Essentials reported it, but this time I did not allow it. It was sometimes displayed as removed, but it reported multiple times and was usually reported as quarantined.

However, If I changed to “Quarantine Items” or “Allowed Items” “Trojan:…” was never listed. It was only listed on “All History”.

I saw unusual behavior afterwards.

I saw the icons on desktop jiggling at random times. When I duplicated a Drive that had Word Data on it with some Mac documents, Word had opened a “Resource Fork” file on it automatically. Also, it said that if I destroyed a copy file of the Drive that I would be destroying “System Files” and I thought I only had data files on it.

So, I did an “HP Recovery”, which reinstalls the Windows 7 OS. I restored files from a Backup, also.

Sometimes I see unusual things, even still.

As an intrusion check, I recently typed “Bank Account Nr: 678” on a MS Word 2010 document and it seemed as though the computer automatically selected that quote and cut it out. I don’t think I hit keys by accident, but that is possible.

I have scanned my drives with Security Essentials, Webroot AV, and Microsoft Safety Scanner, all with no infected files found.

Do I have a virus or not? Should I do anything more? Any comments or suggestions?

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...