Uhm, virus? Help?

[tails]

Those programs are fine, Although there is mention on the internet of pricegong being adware.


Using ComboFix is a good idea.

Theres a fake version on google, Don't use that.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

[Ad Bot]

[Blocklandian¹]

Did you happen to install the pricegong shopping tool?

[Evar678]

Did you happen to install the pricegong shopping tool?

Not as far as I know.

Edit:
Wait, stuff.

PriceGong
Installed on 1/31/13
Thats exactly when this started happening.

Uninstalling.
I didn't install this but maybe this is the problem?

[Greek2me]

Strange, it says that you're missing some important windows files, like lsass.exe (or they could have been modified by a virus)

Try starting command prompt as Administrator and then type this:

Code: [Select]

sfc /scannow

[Blockzillahead]

Possibly. Uninstall and let us know afterwards.

[Evar678]

Possibly. Uninstall and let us know afterwards.

It's uninstalled but I can't tell weather it worked or not, I don't know when it happens, and I have no way of triggering it or anything that I know of.

Try starting command prompt as Administrator and then type this:

Code: [Select]

sfc /scannow

Doing that

[Blockzillahead]

Strange, it says that you're missing some important windows files, like lsass.exe (or they could have been modified by a virus)

Try starting command prompt as Administrator and then type this:

Code: [Select]

sfc /scannow

Oh stuff.

Code: [Select]

Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm!
HOLY stuff THIS IS IT! THIS ALLOWS PEOPLE TO ACCESS YOUR PC FROM A REMOTE LOCATION!

Wait I panicked. I'm confused at the moment. I did a search and some say that lsass.exe is a trojan that can allow users to remote access your PC while others say it's not.

http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/

[Trymos]

Oh stuff.

Code: [Select]

Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm!
HOLY stuff THIS IS IT! THIS ALLOWS PEOPLE TO ACCESS YOUR PC FROM A REMOTE LOCATION!

it's not a loving rat.

it's a loving dropper.

they're both two different things.

[Greek2me]

Doing that

Let us know if it says it repaired anything.

[tails]

At no point does it say anything about lsass being in a different place.

[Evar678]

24% complete as of now.
This may take a bit.

At no point does it say anything about lsass being in a different place.

lsass.exe exists in my System32 folder, I just checked.

[Blockzillahead]

24% complete as of now.
This may take a bit.
lsass.exe exists in my System32 folder, I just checked.

Ok good.

[Greek2me]

At no point does it say anything about lsass being in a different place.

I never said it was. It's just a good thing to try doing that.

Strange, it says that you're missing some important windows files, like lsass.exe (or they could have been modified by a virus)

[Blocklandian¹]

Now now, Let's just try to stay calm and use cooperation to figure out what is wrong with the computer to make this cleanup process go as nicely as possible.

[Blockzillahead]

I never said it was. It's just a good thing to try doing that.

So wait I could be right. If there is a backdoor in lsass.exe it could allow for remote accessing of your PC.

I think that HijackThis sees it as missing and unknown owner because it's been edited.