Hearing an occasional click in the background...

Discussion in 'Malware Help (A Specialist Will Reply)' started by pjubber, Oct 7, 2012.

  1. pjubber

    pjubber Private E-2

    For the past few days, I've been hearing an occasional click in the background. I began noticing this after Firefox suddenly began loading with defaults, rather than my preferred settings. I've done the Read and Run Me -- not sure why I have 3 TDS logs (I just picked one to upload.) and I was unable to find the MBAM log while adding attachments, so I have used cut and paste (see below.) Thank you.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.07.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421

    10/7/2012 7:49:41 PM
    mbam-log-2012-10-07 (19-49-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 180207
    Time elapsed: 4 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
    pjubber, Oct 7, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the requested logs.
     
    TimW, Oct 8, 2012
    #2
  3. pjubber

    pjubber Private E-2

    Yikes, I must have neglected to hit the Upload button! Thanks for not yelling at me. :-o
     

    Attached Files:

    pjubber, Oct 8, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding much in the way of malware in your logs. Let's just do this:

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button

    Now click the Registry tab and locate these detections:

    • [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
      [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
      [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
      [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
      [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
      [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
      [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)

    Now re-scan with RogueKiller and attach both logs. Tell me what issues remain.
     
    TimW, Oct 9, 2012
    #4
  5. pjubber

    pjubber Private E-2

    Thank you, TimW. I'm attaching the two logs. (I assume you meant #3 and #4, since #2 is just a repeat of #1 as it was the second scan. Correct me if I'm wrong.) I just heard the click sound again -- it is a singular click.
     

    Attached Files:

    pjubber, Oct 9, 2012
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You might as well re-run RogueKiller and fix these items:

    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

    I am not sure what is causing the clicking sound, but we may have to send you to the software forum for further assistance.
     
    TimW, Oct 10, 2012
    #6
  7. pjubber

    pjubber Private E-2

    Okay, I ran RK as requested. I haven't heard the "click" this evening, but if it continues I will post on the Software section. Thanks again. -ps
     

    Attached Files:

    pjubber, Oct 10, 2012
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know. Let me know if it returns. ;)
     
    TimW, Oct 11, 2012
    #8
  9. pjubber

    pjubber Private E-2

    I just heard it when I entered my email address in your Newsletter subscription line. Oh well. Shall I go ahead and do the final steps and forget about the click?
     
    pjubber, Oct 11, 2012
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sounds to me as if you have your system set to give you alerts. Post in the software forum for further assistance. And yes, do the final cleanup. ;)
     
    TimW, Oct 12, 2012
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds