Possible Malware in Windows 8

Discussion in 'Malware Help (A Specialist Will Reply)' started by micnike1, Apr 24, 2013.

  1. micnike1

    micnike1 Private E-2

    Hi everyone. I've been on MajorGeeks before to look up different things for my computer, but this is my first time posting. I upgraded to Windows 8 a few months ago. Recently, I've started to have major problems. The computer will come to a complete standstill. After getting task manager to open (after a few minutes of waiting), the system is marked as using all on my disk. The details show different processes being the culprit. Searching Google, some of these seem to be possible malware agents. I'm worried that my computer has been infected at some point, but my virus scanner (Symantec Endpoint) and Spybot both show nothing. Hopefully if something is wrong, you can help me figure it out. I just finished the cleaning procedure and attached the logs. Thanks for any help with this!
     

    Attached Files:

    micnike1, Apr 24, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I believe you meant to say "using all of your CPU". ;)

    Do you know what the below programs are?
     
    chaslang, Apr 24, 2013
    #2
  3. micnike1

    micnike1 Private E-2

    Hi chaslang, thanks for the response.
    Yeah, you're right--not the most computer literate.

    From Google, Wunderlist looks like some sort of to-do list program... If it was something I tried at one time, I must have uninstalled it because it isn't in my start menu or anywhere else, but I can't remember 100%.

    Tresorit is a similar program to Dropbox for online backups. Do either one of these seem like the problem? Thanks.
     
    micnike1, Apr 25, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I just questioned them because of the names and because of where they are running from. Wunderlist is still in your startups and so is Tresorit.exe

    Neither of them are known as malware by why are you running them at startup as shown by the below?

    O4 - HKCU\..\Run: [Wunderlist] "C:\Users\Michael\AppData\Local\Apps\2.0\3KGLQDGJ.CKE\83D6R4DC.J65\wund..tion_45ec1bcecca77a53_0002.0000_7e062b7016706def\Wunderlist.exe /silent"
    O4 - HKCU\..\Run: [Tresorit] "C:\Users\Michael\AppData\Roaming\Tresorit\v0.5\Tresorit.exe" /tray

    I'm not saying they are causing your problems but you do not appear to be having malware problems so it much be something you are running.

    Also note that a Windows Service ( WmiPrvSE.exe ) appears to be taking a lot of CPU time.

    None of the above however are malware problems. You could try removing the Wunderlist.exe and Tresorit.exe startup to see what happens. Also see if your problems happen in safe boot mode. You can work non-malware problems in the Software Forum.
     
    chaslang, Apr 27, 2013
    #4
  5. micnike1

    micnike1 Private E-2

    I'm not sure. I think they automatically install that way. I used CCleaner to delete those startup registry entries.

    Oh, interesting... I did a Google search for this problem in Windows 8. It seems that there was a hotfix released for it. So, if the problem seems to linger around, I may give that a shot.

    Thanks a lot for taking a look through the logs and confirming that it isn't a malware problem.
     
    micnike1, Apr 27, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Apr 29, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds