NAPSTAT.exe virus

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

NAPSTAT.exe virus

Post by Anthony X2 on Wed 17 Dec 2014, 10:31 am

First topic message reminder :

Hello and Greetings! I am hoping you can help me repair my poor comuter which gets hit with CPU overload from malicions subroutines and possible hacking/downloading. The Processes that show up are crazy. Downloaders and weird utilities showing up and maxing the CPU usage. One of the processes that shows up is NAPSTAT.exe and googling that shows some virus warnings with my problems. Do you think you can help me?

Hello and Greetings! I am hoping you can help me repair my poor comuter which gets hit with CPU overload from malicions subroutines and possible hacking/downloading. The Processes that show up are crazy. Downloaders and weird utilities showing up and maxing the CPU usage. One of the processes that shows up is NAPSTAT.exe and googling that shows some virus warnings with my problems. Do you think you can help me?

I tried doing a System Restore to a few days ago before the problem showed up and I ran MBAM, ADW, and Security Check. I can't find the MBAM log but was told no malicious items were found. The other two logs are posted below. This temporarily cured the problem. That is until I opened up the Firefox Browser then it reinitialized itself. Now as soon as I turn on my machine the malware attacks. In other words, the System Restore seemed to help but there is something bad in the browser startup area.

Thanks for any help you can provide!

# AdwCleaner v4.105 - Report created 16/12/2014 at 13:44:20
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anthony X - ANTHONYX
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MRS

***** [ Scheduled Tasks ] *****

Task Deleted : BrowserSafeguard Update Task

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-7860DW LAN#2\Status Monitor.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-7860DW LAN\Status Monitor.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[You must be registered and logged in to see this link.]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [10194 octets] - [07/06/2014 08:13:39]
AdwCleaner[R1].txt - [915 octets] - [28/06/2014 22:15:52]
AdwCleaner[R2].txt - [1861 octets] - [16/12/2014 13:32:42]
AdwCleaner[S0].txt - [10392 octets] - [07/06/2014 08:32:45]
AdwCleaner[S1].txt - [975 octets] - [28/06/2014 22:24:06]
AdwCleaner[S2].txt - [2042 octets] - [16/12/2014 13:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2102 octets] ##########

>>


Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast setup instup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````





Anthony X2

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-12-24
Operating System : Windows Vista

View user profile

Back to top Go down


Re: NAPSTAT.exe virus

Post by Superdave on Mon 29 Dec 2014, 5:49 am

We do not take donations at this site. We only ask that you do something similar for someone else.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on Tue 30 Dec 2014, 8:14 pm

I did some research and believe I have the Poweliks virus.  Its quite interesting, you should check it out.  It doesn't download any files so that traditional virus searches can't see it.  It also uses non ASCII characters and encoding to hide itself.  It remains only in the registry key area and stays 'file less'.  There is an eset poweliks tool that seems to have fixed my issue.  For now.  I feel like its going to pop up at any moment again but for now all looks good.

Anthony X2

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-12-24
Operating System : Windows Vista

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on Wed 31 Dec 2014, 4:36 am

I seriously doubt that you have that trojan. MBAM didn't pick up anything. You can keep MBAM on your computer and run it as many times as you wish.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on Wed 31 Dec 2014, 8:16 am

maybe youre right.  i'm just saying that it fits the profile with symptoms and undetectability with virus scanning because of its non file creation nature.  when i ran eset powerlik scanner it confirmed the presence and cleaned it.  if i have any more virus now i am unaware of any symptoms.  i am afraid that since i have been compromised there may be back doors in to my computer for hackers if they already have all my system info.  not sure if i should just scrape this thing to be sure.

Anthony X2

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-12-24
Operating System : Windows Vista

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on Wed 31 Dec 2014, 10:17 am

There was no evidence of an backdoor activity. If you wish to be completely safe, you can reformat and re-install the OS.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on Wed 31 Dec 2014, 10:29 am

Thanks for your help with this stuff, SuperDave!

Anthony X2

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-12-24
Operating System : Windows Vista

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on Wed 31 Dec 2014, 10:38 am

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Sponsored content Today at 9:44 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum