"Systray.Exe Stub" Virus/Keylogger? Help

mattgk01 · Feb 14, 2012

Join Date: Feb 2012
Posts: 1
OS: Windows 7

"Systray.Exe Stub" Virus/Keylogger? Help
If he explains it any clearer than me, this is the exact same problem - HELP, Do I have a trojan or keylogger - Computer Technical Help - Software and Hardware Forum

Have noticed this problem since this morning when I opened Firefox and it would just continually load, no errors or anything. Checked task manager and a strange process was running, "38z78FF.exe" with the description "Systray .exe stub". Whenever this was running I could not use the internet.

Have done multiple virus scans and only one found anything which "nt010.info" and "DE34.080" ( viruses.png)

Now when the process is terminated I manually have to end the Firefox process, it doesn't do it itself now, then restart it to be able to use the internet. Then within minutes I get the Windows UAC pop up asking me if i want to run the executable (random file name similar to others) and will not go away unless I click yes.

Weird things I've noticed:

"Startup" folder is gone from start menu
Browser wont load pages

When the process is ended, it clears whatever i had copied to the clipboard (ctrl+c)
Have to manually end firefox process

If I run any virus programs now they will not find any issues, even with this odd process running. Please help.

OTL results attached.

mattgk01 · Feb 14, 2012

Link to resolved problem - http://forumserver.twoplustwo.com/48/computer-technical-help/help-do-i-have-trojan-keylogger-1045710/

TimW · Feb 15, 2012

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code
Code:
:files
C:\ProgramData\~42983176r
C:\ProgramData\~42983176
C:\ProgramData\~45473544r
C:\ProgramData\~45473544
C:\Users\Matt\AppData\Local\1670194319
C:\ProgramData\1670194319
C:\ProgramData\~X36OjAF1hYRyL
C:\ProgramData\~X36OjAF1hYRyLr
C:\ProgramData\~SqJdboGJVS2o
C:\ProgramData\~SqJdboGJVS2or
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
Then click the Run Fix button at the top.

Click the OK button.

OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

Now please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide

mattgk01 · Feb 15, 2012

Followed your instructions, rebooted my machine and before I could save the notepad file with its results, the UAC popped up again with the random process name again and notepad crashed. I did however see that it said all the files had been removed.

I run it a second time for what good it will do and here is the results:

(Bearing in mind I had already done this.)

However the process is still in my task manager and nothing seems to have changed at all.

mattgk01 · Feb 15, 2012

New OTL file:

thisisu · Feb 15, 2012

mattgk01, Please read the following: HOW TO: Attach Items To Your Post

TimW · Feb 16, 2012

TimW said: ↑

Now please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide
Click to expand...

Please do this so I can see your logs.

Log in or Sign up

"Systray.Exe Stub" Virus/Keylogger? Help

mattgk01 Private E-2

Attached Files:

viruses.png

OTL.Txt

Extras.Txt

mattgk01 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mattgk01 Private E-2

Attached Files:

otlfix.txt

mattgk01 Private E-2

Attached Files:

OTL.txt

thisisu Malware Consultant

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member