Jump to content
Sign in to follow this  
Damian

Detected Threats Not Being Removed

Recommended Posts

Hi,

I'm running Windows 7 and using Chrome exclusively.

 

For weeks now (sometimes several times a day) I've been running an SAS (free version) scan that reports I have 600+ threats including  a critical Trojan threat (Trojan.Agent/Gen-ThinkNice); unwanted programs (PUP.WordProser) and assorted other registry objects and adware cookies (have attached pdf screen grab).

 

I do the whole remove thing, reboot as directed and without going back on line to risk re-infection, re-run the scan only to get the same result. I just can't get rig of these buggers. I've gone into the registry to manually remove any obvious bad stuff but the scan results stay the same. I don't think they're false positives because I keep getting pop ups appearing (survey requests, discount coupons, etc) despite running Adblock and there are no weird extensions I can delete in settings. Last night it seemed like I was under constant attack from these damn things. Apart from the multiple pop ups, new menu bars were appearing at the top of my browser to tell me a new browser / media player / etc was available and I should download immediately (yeah sure). But SAS just isn't removing this junk anymore which is a huge shame because I've always loved it as my favorite spyware program. Can someone please help me as these things are driving me nuts!!!!!

 

Thanks,

Damian

  

SAS Screen grab.pdf

Share this post


Link to post
Share on other sites

Hi Damian,

 

Welcome to SAS forums.

 

Can you expand the "Trojan.Agent/Gen-ThinkNice" file so the path can be visible.

 

Can you expand the "PUP.WordProser" file so the path can be visible.

 

Many Thanks :)

Share this post


Link to post
Share on other sites

Hi Spark, thanks for replying. I downloaded AVG and that got rid of the Think Nice trojan and the WordProser but whilst that program says my PC is now clean, SAS tells me all those cookies (583 of them are still there). No matter how many scans and deletes I do with SAS, they just won't go. I notice there are multiple levels of "Application Data"  in my Users App Data. Could those folders have been created by a virus? I certainly didn't create them. Maybe that's why my PC seems so clunky these days and my Maxtor backup kept failing. Dunno, I'm that tech literate.  Unfortunately there doesn't appear to be an option to attach a screen shot to this reply and the ctrl/cmd + v option the form gives me doesn't work but I'll re-type below 3 of the lines detected:

 

.imrworldwide.com[C:\USERS\DAMIAN\APPDATA\LOCAL\APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\...\COOKIES

.serving-sys.com[C:\USERS\DAMIAN\APPDATA\LOCAL\APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\...\COOKIES

.ad.yieldmanager.com[C:\USERS\DAMIAN\APPDATA\LOCAL\APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\...\COOKIES

 

And this goes on for 583 lines!!! Hmm.

Share this post


Link to post
Share on other sites

Those are just tracking cookies you will get those everytime you go online, best to close the browser when you remove those to make sure they're gone.

But nothing to worry about :)

Share this post


Link to post
Share on other sites

Hi Spark, thanks for replying. I downloaded AVG and that got rid of the Think Nice trojan and the WordProser but whilst that program says my PC is now clean, SAS tells me all those cookies (583 of them are still there). No matter how many scans and deletes I do with SAS, they just won't go. I notice there are multiple levels of "Application Data"  in my Users App Data. Could those folders have been created by a virus? I certainly didn't create them. Maybe that's why my PC seems so clunky these days and my Maxtor backup kept failing. Dunno, I'm that tech literate.  Unfortunately there doesn't appear to be an option to attach a screen shot to this reply and the ctrl/cmd + v option the form gives me doesn't work but I'll re-type below 3 of the lines detected:

 

.imrworldwide.com[C:\USERS\DAMIAN\APPDATA\LOCAL\APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\...\COOKIES

.serving-sys.com[C:\USERS\DAMIAN\APPDATA\LOCAL\APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\...\COOKIES

.ad.yieldmanager.com[C:\USERS\DAMIAN\APPDATA\LOCAL\APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\ APPLICATION DATA\...\COOKIES

 

And this goes on for 583 lines!!! Hmm.

 

It seems that some piece of software has created those multiple levels of application data. Probably a bug. Many programs will crash when they encounter a path this long. I would look into how this happened and try to remedy the situation. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×