Possible Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by Strangebrew, Mar 29, 2013.

  1. Strangebrew

    Strangebrew Private E-2

    Hi Geeks :)

    Today, I found an email in my work email box from my personal email account advertising some kind of crap - I didn't bother to read it because I knew I didn't send it. My email password is complex enough that it wouldn't be easily guessed (alphanumeric with special characters mixed in), and although I'm very cautious about what I click or download, I have to wonder if there is some kind of malware/trojan on my computer. I Googled a few things about malware until I found the Malware Removal/Cleaning procedure, and I followed it. I've been through a similar procedure twice before a few years ago, so I knew I'd find one if I looked long enough. So, as instructed, I am attaching the logs, but I want to point out that Malwarebytes didn't give me an option to check any boxes or remove anything because it did not find anything, so the log won't show any action taken - I'm not just ignoring the instructions. If this means there is nothing to be found, great - but the other programs did seem to find things, as I assume the logs will show. I have left the CD emulators disabled and the UAC settings off, pending a response from here.

    Thank you,

    ~ K
     

    Attached Files:

    Strangebrew, Mar 29, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:


    • [TASK][SUSP PATH] Updater21804.exe : C:\Users\Lord Byron\AppData\Local\Updater21804\Updater21804.exe /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj [-] -> FOUND
      [STARTUP][RESIDUE] PDB_Tray.exe @Lord Byron : C:\Users\Lord Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PDB_Tray.exe [7] -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)

    Reboot and rescan with RogueKiller and attach that log as well.

    Be sure to tell me how things are running.
     
    TimW, Mar 30, 2013
    #2
  3. Strangebrew

    Strangebrew Private E-2

    Did as you instructed, and the logs are attached. I haven't noticed a change in performance at all, everything seems to be running as normal. Is it too soon to ask: was it a trojan or malware that compromised my email pw?
     

    Attached Files:

    Strangebrew, Mar 30, 2013
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I wasn't finding any malware. Might be best to be on the safe side and use a different computer to change your password for your email. Let me know if it happens again.
     
    TimW, Mar 30, 2013
    #4
  5. Strangebrew

    Strangebrew Private E-2

    Will do, thanks for your help, it's an awesome thing to give your time free of charge for this. I'll at the very least give a shout out on facebook!

    Thanks again!

    ~K
     
    Strangebrew, Mar 30, 2013
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Let me know how things go or if you have any more issues.
     
    TimW, Mar 31, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds