Results 1 to 2 of 2

Thread: Is this normal?

  1. #1
    Join Date
    Oct 2013
    Posts
    4

    Default Is this normal?

    First of all, my computer is windows 8 and running ZA security suite. I got a call today from someone claiming to be from some company in partnership with Microsoft saying they have been monitoring my computer and I had a trojan.

    Like a fool, I followed their instructions to download a RC program and let him go to the event logs where he showed me all the errors I had gotten. He claimed these were due to a trojan on all my computers hooked up to the Internet.


    i told him the errors I was seeing were not necessarily caused by a virus or trojan and I was confident in my anti virus protection. I didn't wait for him to hit me with HIS solution. I hung up on him.

    After deleting the RC program, I was left with the event logs. There are many errors and a few warnings. I'm sure I don't have a virus or trojan but my computer IS running slow and I'm wondering what I can do about the events. Here's a sample:

    Log Name: System
    Source: Tcpip
    Date: 9/10/2013 3:22:31 AM
    Event ID: 4291
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: N/A
    Computer: Asus2
    Description:
    The network adapter with hardware address B8-76-3F-20-D5-A5 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Tcpip" />
    <EventID Qualifiers="32768">4291</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-09-10T07:22:31.475693700Z" />
    <EventRecordID>1872</EventRecordID>
    <Channel>System</Channel>
    <Computer>Asus2</Computer>
    <Security />
    </System>
    <EventData>
    <Data>
    </Data>
    <Data>B8-76-3F-20-D5-A5</Data>
    <Data>IPv4</Data>
    <Data>0x00000000</Data>
    <Binary>000000000400300000000000C31000800000000000 00000000000000000000000000000000000000</Binary>
    </EventData>
    </Event>



    And



    Log Name: System
    Source: Microsoft-Windows-Resource-Exhaustion-Detector
    Date: 9/21/2013 7:58:50 AM
    Event ID: 2004
    Task Category: Resource Exhaustion Diagnosis Events
    Level: Warning
    Keywords: Events related to exhaustion of system commit limit (virtual memory).
    User: SYSTEM
    Computer: Asus2
    Description:
    Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: FBAgent.exe (1472) consumed 2771828736 bytes, MuralPix.scr (464) consumed 1113948160 bytes, and svchost.exe (976) consumed 704131072 bytes.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Resource-Exhaustion-Detector" Guid="{9988748E-C2E8-4054-85F6-0C3E1CAD2470}" />
    <EventID>2004</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>3</Task>
    <Opcode>33</Opcode>
    <Keywords>0x8000000020000000</Keywords>
    <TimeCreated SystemTime="2013-09-21T11:58:50.501905800Z" />
    <EventRecordID>3040</EventRecordID>
    <Correlation ActivityID="{A37AE15B-5802-4178-92E4-2BDC69437F8F}" />
    <Execution ProcessID="504" ThreadID="488" />
    <Channel>System</Channel>
    <Computer>Asus2</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <UserData>
    <MemoryExhaustionInfo xmlns="http://www.microsoft.com/Windows/Resource/Exhaustion/Detector/Events">
    <SystemInfo>
    <SystemCommitLimit>7072833536</SystemCommitLimit>
    <SystemCommitCharge>6818471936</SystemCommitCharge>
    <ProcessCommitCharge>6215860224</ProcessCommitCharge>
    <PagedPoolUsage>165969920</PagedPoolUsage>
    <PhysicalMemorySize>1704124416</PhysicalMemorySize>
    <PhysicalMemoryUsage>1591721984</PhysicalMemoryUsage>
    <NonPagedPoolUsage>101048320</NonPagedPoolUsage>
    <Processes>83</Processes>
    </SystemInfo>
    <ProcessInfo>
    <Process_1>
    <Name>FBAgent.exe</Name>
    <ID>1472</ID>
    <CreationTime>2013-09-18T20:24:26.550143500Z</CreationTime>
    <CommitCharge>2771828736</CommitCharge>
    <HandleCount>119604</HandleCount>
    <Version>2.0.0.0</Version>
    <TypeInfo>1089</TypeInfo>
    </Process_1>
    <Process_2>
    <Name>MuralPix.scr</Name>
    <ID>464</ID>
    <CreationTime>2013-09-21T09:41:49.840595100Z</CreationTime>
    <CommitCharge>1113948160</CommitCharge>
    <HandleCount>204</HandleCount>
    <Version>1.7.0.0</Version>
    <TypeInfo>202</TypeInfo>
    </Process_2>
    <Process_3>
    <Name>svchost.exe</Name>
    <ID>976</ID>
    <CreationTime>2013-09-18T20:24:07.454681700Z</CreationTime>
    <CommitCharge>704131072</CommitCharge>
    <HandleCount>1991</HandleCount>
    <Version>6.2.9200.16420</Version>
    <TypeInfo>1091</TypeInfo>
    </Process_3>
    <Process_4>
    <Name>firefox.exe</Name>
    <ID>3812</ID>
    <CreationTime>2013-09-18T20:53:51.440710700Z</CreationTime>
    <CommitCharge>472502272</CommitCharge>
    <HandleCount>1201</HandleCount>
    <Version>24.0.0.5001</Version>
    <TypeInfo>144</TypeInfo>
    </Process_4>
    <Process_5>
    <Name>explorer.exe</Name>
    <ID>2212</ID>
    <CreationTime>2013-09-18T20:53:29.569030100Z</CreationTime>
    <CommitCharge>105263104</CommitCharge>
    <HandleCount>2990</HandleCount>
    <Version>6.2.9200.16384</Version>
    <TypeInfo>152</TypeInfo>
    </Process_5>
    <Process_6>
    <Name>
    </Name>
    <ID>0</ID>
    <CreationTime>1601-01-01T00:00:00.000000000Z</CreationTime>
    <CommitCharge>0</CommitCharge>
    <HandleCount>0</HandleCount>
    <Version>0.0.0.0</Version>
    <TypeInfo>0</TypeInfo>
    </Process_6>
    </ProcessInfo>
    <PagedPoolInfo>
    <Tag_1>
    <Name>CM31</Name>
    <PoolUsed>78442496</PoolUsed>
    </Tag_1>
    <Tag_2>
    <Name>CM25</Name>
    <PoolUsed>10858496</PoolUsed>
    </Tag_2>
    <Tag_3>
    <Name>MmSt</Name>
    <PoolUsed>7497584</PoolUsed>
    </Tag_3>
    </PagedPoolInfo>
    <NonPagedPoolInfo>
    <Tag_1>
    <Name>Muta</Name>
    <PoolUsed>19024704</PoolUsed>
    </Tag_1>
    <Tag_2>
    <Name>KLAR</Name>
    <PoolUsed>7651408</PoolUsed>
    </Tag_2>
    <Tag_3>
    <Name>Cont</Name>
    <PoolUsed>7444496</PoolUsed>
    </Tag_3>
    </NonPagedPoolInfo>
    <ExhaustionEventInfo>
    <Time>2013-09-21T11:58:49.224078600Z</Time>
    </ExhaustionEventInfo>
    </MemoryExhaustionInfo>
    </UserData>
    </Event>


    I don't even know what these are or how to get rid of them but I want to be assured I'm not infected. Help?



  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Is this normal?

    Sorry this is outside the scope of this forum, those errors seems not necessarily linked to the manipulation of the scammers. The best is to get your system logs reviewed by malware specialist. For example you could post your logs at Bleepingcomputer, explain what has happen and ask for review.

    Otherwise, a nice format and reinstall clean of the system is the most secure route. Once you have saved all of your important data.

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. just a normal update
    By uweprevot in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 1
    Last Post: May 4th, 2009, 04:35 PM
  2. Is this normal
    By pride in forum General - Questions that don't fit any other category
    Replies: 1
    Last Post: January 2nd, 2009, 02:03 PM
  3. Is this normal??
    By ihatesym in forum ZoneAlarm Installation
    Replies: 2
    Last Post: November 25th, 2007, 06:33 AM
  4. Is this normal?
    By roark in forum Security Issues
    Replies: 3
    Last Post: December 22nd, 2006, 11:33 AM
  5. Normal Startup
    By egillow in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 2
    Last Post: January 12th, 2006, 12:04 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •