Need Help with Possible Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by zechamp, Jan 28, 2007.

  1. zechamp

    zechamp Private E-2

    Hi,

    First, I just wanted to say that this is a wonderful service all of you provide. I have been having a problem with a laptop my teenagers primarily use. For some reason this past week it began to work very sluggishly and then the trend micro security suite we have on it won't update itself. I tried to restore the computer but that didn't work either. In looking at the anti-virus log, I see that there were three viruses that popped up that trend micro couldn't fix or quarantine. They were bkdr.sub722.p, troj_click, and peron.a. I immediately ran a virus scan but it turned up no viruses. Thinking that I might not have the latest definitions, I used trend micro's online scanner but that came up blank. I wen through the six step process you have outlined here but couldn't discern anything major found. Panda turned up a match for a low level spyware (I think) but nothing I'd think would have the effect it's currently having. I'm afraid that the previous three may have changed the registry somehow but not having any familiarity with that, I can't tell by looking at the logs from shownew or runkeys. I've attached the logs of the six step process. Any assistance is greatly appreciated. Thank you.
     

    Attached Files:

    zechamp, Jan 28, 2007
    #1
  2. zechamp

    zechamp Private E-2

    And here are the last three.
     

    Attached Files:

    zechamp, Jan 28, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    You are going to have to post a log from Trend Micro that shows exactly what and where it is finding problems because your logs show none of those problems.

    All I see is that you did not uninstall Viewpoint Media Player per the READ ME step 0 and you also did not let CounterSpy fix what if found (which included Viewpoint).


    And you are using a very old version of Sun Java which must be updated.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 3

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment



    Question: What is the below I saw running in you HJT process list?

    C:\Documents and Settings\Noobs.SASSY\Application Data\U3\0000060423117749\LaunchPad.exe

    Is this something for a USB device? Why was it running?



    Now Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    After clicking Fix, exit HJT. The O2 BHO line indicates something from Trend Micro has been disabled or removed. Trend Micro PC-cillin_Internet_Security Antifraud Toolbar.

    The O4 lines are just an unnecessary startups that waste system resources.

    You can uninstall CounterSpy now since it is only a trial and it will slow you PC down more.
     
    chaslang, Jan 28, 2007
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds