Stránka 1 z 2
idp.alexa.51
Napsal: 01 lis 2019 09:00
od lu2cz
Dobrý den.
Avast mi zahlásil hrozbu idp.alexa.51, zablokoval proces a spouštěcí soubor aplikace firemního CRM přesunul do truhly. Můžete mi, prosím, pomoci zkontrolovat stav PC? Dlouhodobě se mi zdá příliš pomalý.
Děkuji
Re: idp.alexa.51
Napsal: 01 lis 2019 10:16
od Rudy
Zdravím!
Viry.cz je služba pro home usery. Pro zákazníky s firemními PC se poptejte zde:
https://neslape.cz/?utm_campaign=neslap ... ium=banner . Viz pravidla:
https://forum.viry.cz/viewtopic.php?f=12&t=5601 (bod 6).
Re: idp.alexa.51
Napsal: 01 lis 2019 11:19
od lu2cz
Ahoj, Rudy.
Podmínky jsem četl. Jedná se o můj osobní NB, který využívám i k občasnému poskytování služby jednomu zákazníkovi. Rád Vám za pomoc pošlu nějakou "dotaci".
Re: idp.alexa.51
Napsal: 01 lis 2019 15:08
od Rudy
Re: idp.alexa.51
Napsal: 03 lis 2019 19:39
od lu2cz
Díky! Logy posílám v příloze.
Re: idp.alexa.51
Napsal: 03 lis 2019 20:05
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1446296462-3222029091-3408824568-1000\...\MountPoints2: {c6b23928-c820-11e6-955a-806e6f6e6963} - G:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {063BE669-8A56-4638-9A9E-AAD4F28CF848} - System32\Tasks\{392CD9E1-2BB9-4F2A-8FCD-4819AD2B2EDA} => C:\Windows\system32\pcalua.exe -a C:\Users\ludvik\Downloads\FreeRapid-0.9u4\frd.exe -d C:\Users\ludvik\Downloads\FreeRapid-0.9u4
Task: {2787BEBB-C186-4881-88AC-3BED771676BA} - System32\Tasks\{75D3763B-927D-45F9-A3FA-B98050F72250} => C:\Windows\system32\pcalua.exe -a C:\Users\ludvik\AppData\Local\Temp\jre-8u201-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {6FCCE5BE-4C4A-4505-9645-21578AB8F251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-12] (Google Inc -> Google Inc.)
Task: {A08D31F9-9E4F-4EEC-B843-767D71D25A62} - System32\Tasks\{DFD6E600-14BC-4553-84DA-E4A1EC324C3A} => C:\Windows\system32\pcalua.exe -a C:\Users\ludvik\Downloads\win64_15.33.47.5059.exe -d C:\Users\ludvik\Downloads
Task: {A4567727-A1ED-4851-8840-D91F13B1ABDB} - System32\Tasks\{F2F45FCA-AC32-418D-B222-3DE6C6E04ADF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\JRF\JRF podnikatel.exe" -d "C:\Program Files (x86)\JRF\"
Task: {B4840375-CBA4-4DC1-BAD3-03EB37BDAF89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-12] (Google Inc -> Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\system32\Tasks\{392CD9E1-2BB9-4F2A-8FCD-4819AD2B2EDA}
C:\Windows\system32\Tasks\{F2F45FCA-AC32-418D-B222-3DE6C6E04ADF}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\ludvik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\ludvik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\ludvik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
EmptyTemp:
Hosts:
End
Uložte do C:\Users\ludvik\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Re: idp.alexa.51
Napsal: 04 lis 2019 15:20
od lu2cz
Tady je:
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by ludvik (04-11-2019 14:22:46) Run:1
Running from C:\Users\ludvik\Downloads
Loaded Profiles: ludvik & servis (Available Profiles: ludvik & servis)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1446296462-3222029091-3408824568-1000\...\MountPoints2: {c6b23928-c820-11e6-955a-806e6f6e6963} - G:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {063BE669-8A56-4638-9A9E-AAD4F28CF848} - System32\Tasks\{392CD9E1-2BB9-4F2A-8FCD-4819AD2B2EDA} => C:\Windows\system32\pcalua.exe -a C:\Users\ludvik\Downloads\FreeRapid-0.9u4\frd.exe -d C:\Users\ludvik\Downloads\FreeRapid-0.9u4
Task: {2787BEBB-C186-4881-88AC-3BED771676BA} - System32\Tasks\{75D3763B-927D-45F9-A3FA-B98050F72250} => C:\Windows\system32\pcalua.exe -a C:\Users\ludvik\AppData\Local\Temp\jre-8u201-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {6FCCE5BE-4C4A-4505-9645-21578AB8F251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-12] (Google Inc -> Google Inc.)
Task: {A08D31F9-9E4F-4EEC-B843-767D71D25A62} - System32\Tasks\{DFD6E600-14BC-4553-84DA-E4A1EC324C3A} => C:\Windows\system32\pcalua.exe -a C:\Users\ludvik\Downloads\win64_15.33.47.5059.exe -d C:\Users\ludvik\Downloads
Task: {A4567727-A1ED-4851-8840-D91F13B1ABDB} - System32\Tasks\{F2F45FCA-AC32-418D-B222-3DE6C6E04ADF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\JRF\JRF podnikatel.exe" -d "C:\Program Files (x86)\JRF\"
Task: {B4840375-CBA4-4DC1-BAD3-03EB37BDAF89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-12] (Google Inc -> Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\system32\Tasks\{392CD9E1-2BB9-4F2A-8FCD-4819AD2B2EDA}
C:\Windows\system32\Tasks\{F2F45FCA-AC32-418D-B222-3DE6C6E04ADF}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\ludvik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\ludvik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\ludvik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-1446296462-3222029091-3408824568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6b23928-c820-11e6-955a-806e6f6e6963} => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{063BE669-8A56-4638-9A9E-AAD4F28CF848}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{063BE669-8A56-4638-9A9E-AAD4F28CF848}" => removed successfully
C:\Windows\System32\Tasks\{392CD9E1-2BB9-4F2A-8FCD-4819AD2B2EDA} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{392CD9E1-2BB9-4F2A-8FCD-4819AD2B2EDA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2787BEBB-C186-4881-88AC-3BED771676BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2787BEBB-C186-4881-88AC-3BED771676BA}" => removed successfully
C:\Windows\System32\Tasks\{75D3763B-927D-45F9-A3FA-B98050F72250} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75D3763B-927D-45F9-A3FA-B98050F72250}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6FCCE5BE-4C4A-4505-9645-21578AB8F251}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FCCE5BE-4C4A-4505-9645-21578AB8F251}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A08D31F9-9E4F-4EEC-B843-767D71D25A62}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08D31F9-9E4F-4EEC-B843-767D71D25A62}" => removed successfully
C:\Windows\System32\Tasks\{DFD6E600-14BC-4553-84DA-E4A1EC324C3A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DFD6E600-14BC-4553-84DA-E4A1EC324C3A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4567727-A1ED-4851-8840-D91F13B1ABDB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4567727-A1ED-4851-8840-D91F13B1ABDB}" => removed successfully
C:\Windows\System32\Tasks\{F2F45FCA-AC32-418D-B222-3DE6C6E04ADF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F2F45FCA-AC32-418D-B222-3DE6C6E04ADF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4840375-CBA4-4DC1-BAD3-03EB37BDAF89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4840375-CBA4-4DC1-BAD3-03EB37BDAF89}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"C:\Windows\system32\Tasks\{392CD9E1-2BB9-4F2A-8FCD-4819AD2B2EDA}" => not found
"C:\Windows\system32\Tasks\{F2F45FCA-AC32-418D-B222-3DE6C6E04ADF}" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1446296462-3222029091-3408824568-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP-NoScope" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 128702129 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 111881341 B
Edge => 0 B
Chrome => 647352310 B
Firefox => 62802376 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 10230 B
Public => 10230 B
ProgramData => 10230 B
systemprofile => 93795 B
systemprofile32 => 160583 B
LocalService => 226811 B
NetworkService => 226811 B
ludvik => 425267927 B
servis => 447253914 B
RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:25:21 ====
Re: idp.alexa.51
Napsal: 04 lis 2019 16:08
od Rudy
Smazáno. Nastala nějaká změna?
Re: idp.alexa.51
Napsal: 04 lis 2019 19:05
od lu2cz
Po restartu OS, naběhl Chrome za 5 sekund namísto 1 min
Co to bylo za "sráč"?
Děkuji moc, pošlu Vám "dar".
Re: idp.alexa.51
Napsal: 04 lis 2019 20:06
od Rudy
Samotný virus už tam nebyl, jen zbytky po něm, které byly smazány. Ty zřejmě zpomalovaly PC. Alexa je obecně troják. Nemáte zač a za příspěvek děkujeme!
Re: idp.alexa.51
Napsal: 05 lis 2019 08:16
od lu2cz
Radoval jsem se předčasně
. Dnes opět při práci s dříve zmíněnou aplikací Avast zahlásil "Hrozba zjištěna". Spouštěcí soubor aplikace byl přesunut do truhly. Je možné ho samostatně otestovat? Může se jednat o falešné hlášení Avastu?
Re: idp.alexa.51
Napsal: 05 lis 2019 10:25
od Rudy
Avast se obvykle nemýlí, i když možné je vše. Soubor je možné otestovat online na www. virustotal.com .
Re: idp.alexa.51
Napsal: 07 lis 2019 14:12
od lu2cz
Díky. Otestoval jsem soubor z truhly s následujícím výsledkem:
SecureAge APEX: Malicious
Cylance: Unsafe
Endgame: Malicious (high Confidence)
zbytek (včetně Avastu): Undetected
Je možné, že se jedná o falešné hlášení z důvodu specifického "chování" souboru v určitém momentě nebo je "Alexa" tak šikovná, že se umí schovat a je prakticky nedetekovatelná?
Re: idp.alexa.51
Napsal: 07 lis 2019 16:01
od Rudy
Spíš bych řekl, že Avasti o něm zatím nic neví, nebo je to nějaká varianta již dříve známého viru, kterou Avast nedetekuje. Virus (pokud nejde rootkit) se chová stále stejně. V truhle je neškodný, chcete-li, kledně je možné ho úplně smazat.
Re: idp.alexa.51
Napsal: 11 lis 2019 09:34
od lu2cz
Zkusím odinstalovat Avast a nainstalovat Kaspersky. Uvidím, jestli zareaguje.