Nmap

Let's dig deeper...

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual update Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only RogueKiller and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run the rest of the READ & RUN ME FIRST instructions on the infected account.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

Nmap and WinPcap are legit programs to aid in packet capturing. They can be used by legit programs like Wireshark ( you don't have this installed ) or by same gaming programs. Yes they could also be used by malware but this is rare.

 

Possibly by the program on your PC that is using them. Since your logs are basically clean, it is not likely to be a malware issue. Why do you ask? Did you try uninstalling them and they did not uninstall?

See the below which also list some programs that make use of WinPcap

http://en.wikipedia.org/wiki/Pcap

 

Well I'm not sure why that would happen unless something else you use requires then.

Try this. Uninstall Nmap and then reboot. If it asks you if you want to uninstall WinPcap when you uninstall Nmap, make sure you say yes.

If you did not uninstall WinPcap during the Nmap uninstall then uninstall Winpcap now.


Are you sure that you did not install Nmap to begin with. See >> http://filehippo.com/download_nmap

 

You're welcome.

 

Thanks for letting us know what was using it. But by the way, I don't consider iYogi a security program. iYogi is the provider of on-demand remote tech support services which thus is likely why they wanted to sniff packets on your PC. Not a company or service I would recommend. Too many bad reviews about them being a scammer. But then again perhaps some people have found it helpful.

 

Uninstall iYogi and then uninstall Nmap and WinPcap and then see if they stay uninstalled.

 

To disable Remote Access see the below link for enabling and then just uncheck where you enabled it.

http://technet.microsoft.com/en-us/magazine/ff404238.aspx

 

You're welcome.

Well use the power of the internet to shout about it. If you use Twitter or Facebook, make use of them. And have your friends repost, and their friends....etc.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You'e welcome. Surf safely!