AVG finds malware/virus upon pc starting. playing games turns off PC

Lets' see if we can streamline things.

Please do this.

===================================================

Process Monitor Boot Log

--------------------

• If necessary, download Process Monitor and save it to your Desktop
• Download Dustin77.pmc and save it to your Desktop
• Right click on Procmon and select Run as administrator
• Agree to any permission requests
• Hit Ctrl + E to stop capturing events
• Hit Ctrl + X at the same time to clear the display
• Click File, then Import Configuration...
• Double click on the Dustin77.pmc file
• Click Options then Enable Boot Logging
• Place a check mark in Generate thread profiling events and select Every second
• Click OK
• Close Process Monitor
• Close any open programs and shut down your computer
• Start your computer and allow the boot up process to complete, including logging in if you use a password
• Wait 15 minutes before doing anything further
• Right click on Process Monitor and select Run as administrator
• Click Yes on the next window that appears and save the boot-time activity log onto your desktop using the default name
• Please zip and upload the file to GoFile or the file hosting site of your choice and send me a Personal Message with download link

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Uploaded zip file

Is the detected file always the same name or is it random?

Open AVG and review the Quarantine folder. Let me know if there are still some files located in the folder with a .js file extension similar to the screen shot you provided me earlier.

here is two screenshots of the quarantine folder joined together. as a jpg saved as zip

 

https://gofile.io/d/sOQINb

 

they always start with execjs then random then .js always when computer starts and sometimes when running your process monitor or other scanners. but never finds the actual virus/malware.

Thank you for the screen shot, very helpful. Can you confirm there was an 8 day period of time from 4/8 through 4/16 where there were no detections?

I do not have AVG so I can't check the steps but please attempt this.

Follow the Restore files from Quarantine instructions to restore the top 2 detections listed on the screen shot. I want to get the one file detected on the 16th and one from the 8th. The instructions include an Extract step indicating you choose where to restore the files. If possible, restore them to your Desktop. Then zip and upload the files here

i restored the first two and lost them. so the next two i extracted to desktop. it detects them every day but only quarantines some and just blocks others.

I would like to run Process Monitor again. Please do this immediately after the computer boots.

===================================================

Process Monitor Utilizing Customized Import Configuration File

--------------------

• If necessary, download Process Monitor and save it to your Desktop
• Download execjs.pmc and save it to your Desktop
• Right click on ProcMon and select Run as administrator
• In the Process Monitor Filter window click Reset, then OK
• If the Process Monitor Filter window does not appear click Filter, then Reset Filter
• Hit the Ctrl + E keys at the same time to stop capturing events
• Hit the Ctrl + X keys at the same time to clear the display
• Click File, then Import Configuration...
• Double click on the execjs.pmc file
• On the bottom left hand corner of the Process Monitor screen confirm it says No events (capture disabled)
• Hit the Ctrl + E keys at the same time to start capturing events (capture disabled should disappear)
• Allow Process Monitor to continue running until a execjs****.js entry appears
• When an event occurs click File, Save, and save the file onto your Desktop using the default file name
• Please zip and upload the file here
• If it is necessary to shut down the computer prior to an event taking place restart the monitoring when the computer is active by doing the following
• Right click on Process Monitor and select Run as administrator
• The Process Monitor Filter window should appear and should show the previous settings
• Click OK and capturing should resume automatically

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Uploaded zip file

it didn't find anything so i checked your filters and changed the /local to /local/temp and it found it. file uploaded.

Thank you for making the adjustment.

Yes, this file is related to Plex. It confirms what I have been suspecting, a False Positive detection. My observations and thoughts.

Randomly named temp files are common. In fact, FRST.exe does the same thing behind the scenes. The created file name starts off as random and then upon completion it is renamed to something more recognizable. In our case AVG interrupted the process, thereby stopping the file at its semi-random name. If the file had not been interrupted it most likely would be renamed something different and the random name would disappear.

You sent me copies of the detected .js files. I ran them through Virustotal and not surprisingly AVG/Avast (same company) were the only programs detecting it as "maliious." That type of situation immediately calls into question the validity of the detection. I then examined the contents of the Java Script file to look for evidence of malicious code. The one thing I did notice is that it seemed to have an Internet related component to it which piqued my interest a bit. Unless you can identify a legitimate reason for this type of capability the potential of a Backdoor Trojan should remain on our radar. Although I believed we were dealing with a false positive, because of the Internet component in the .js file I wanted to seek confirmation. Now that Process Monitor identified the original creating process as Plex the Internet related instructions makes perfect sense and confirms my suspicions. The files are harmless and the detections are in error.

Within the AVG Quarantine section you should be able to report the detections a False Positives.

I think we have resolved the issue. Is there anything else you are concerned about?

Edited by Oh My!, 18 April 2024 - 08:47 AM.

no that's it for now. thank you.

 

It does still reboot when playing games, but i think that is because of the age of the computer. 2015 build.

 

Muchly appreciated..

 

Dustin.

If you want to follow up on the reboot issue please describe which games you are playing and exactly what you see when it reboots.

It still comes up with virus found and i cant watch movies through plex on network. i'm not sure how to allow plex through avg. i sent file using send for analysis to avg but not heard anything back.

 

on the rebooting, its any game that i play through steam - origin - ea. as it starts at any point when the actual game goes past intro and sometimes after loading saved game, sometimes before it loads the save game it's just like someone has just come up and pressed the reboot button.

 

I have updated all relevant drivers for graphics / games / apps.

I have even reset the bios settings to factory default and tweaked them.

I uninstalled the gigabyte accellorator and the logitech game controller. as my old logitech works on the xbox controller driver.

Let's do this.

===================================================

Adding Executable File Exception in AVG

--------------------

• Click Start, type AVG then select Run as administrator
• Click Menu, Settings, then Exceptions
• Click ADD ADVANCED EXCEPTION
• Click Command
• Under Type in command type PlexScriptHost.exe
• Click ADD EXCEPTION
• Confirm the Exception was added then close AVG
• Test Plex

===================================================

Using VGA Driver in Normal Mode

--------------------

• Click the Windows key + R at the same time
• Type msconfig and hit Enter
• Click the Boot tab
• Place a check mark in Base video, then click OK
• Restart your computer - Note: your screen resolution will change, that is normal.
• Test your computer for automatic restart while playing games

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• AVG Exception result?
• Game performance in VGA mode

I uploaded a zip file of a video of the reboot after the antivirus add advanced exceptions to the submit malware page, it still detects virus. however Plex is running better on the tv in the lounge.

 

the VGA performance seems to not reboot the computer but only at low resolutions. does this mean my graphics card is on its way out? i scaled the resolution higher and it rebooted again. I did try the lower settings without the boot VGA option a few days ago and it didn't make any difference. i can go to max 1920x1080 any higher and it turns off then on again.

 

Dustin

We have 2 issues.

The first issue is the AVG detection. I think we need to uninstall AVG and reinstall it. Reason being is when I examine a copy of one of the detected files you previously provided it is not detected by my AVG as malicious, whether I scan the file individually or complete a full scan. That means something may be amiss with the program.

The second issue is your graphics card. I would like to gather some information about your computer.

Please do these things.

===================================================

Uninstalling Programs Using Revo Uninstaller

--------------------

I recommend uninstalling the below listed program(s) from your computer.

• Right click on Revo Uninstaller and select Run as administrator
• From the list of programs highlight the listed program(s), or anything similar, then select Uninstall

AVG AntiVirus Free

• If the program's uninstaller appears work through the steps to remove the program(s)
• Be sure the Advanced option is selected then click Scan
• For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
• Once done click Finish
• Reboot your computer

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------

• Right click on FRST and select Run as administrator
• Copy/paste the following in the Search: box

SearchAll: AVG;Avast

• Click Search Files button
• When completed click OK and a Search.txt document will open on your desktop
• Zip and upload the file here

===================================================

Computer Specifications Report Using Speecy Portable

--------------------

• Please download Speecy Portable and save it to your Desktop
• Unzip the folder onto your Desktop
• Right click on Speecy64.exe and select Run as administrator
• When the report is fully populated select File, Publish Snapshot... then select Yes on the warning screen
• Click Copy to Clipboard
• Send me a Personal Message with the web address. Do not include the link in your reply here.

===================================================

FullEventLogView by Nirsoft

--------------------

• Download FullEventLogView by Nirsoft and save it to your Desktop
• Right click on the folder, select Extract All... and extract the folder onto your Desktop
• Open the fulleventlogview-x64 folder, right click on FullEventLogView (Application), then select Run as administrator
• Monitor the lower left hand corner of the screen until the Loading... no longer appears and an item(s) total is listed
• Click Edit, then Select All
• Click File, then Save Selected Items
• Save the file onto your Desktop as NirsoftEV.txt
• Please zip and upload the file here

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• AVG uninstalled?
• Uploaded files

I have done the things you asked for. hopefully it is correct.