Possible Malicious Program installed?
05-22-2011 10:08 AM
Ok, hello everyone. I'm new to the community.
But I have a bit of a problem.(Bear with me, I'm 14 so I may not be as computer savvy as a lot of you. However, I do know how to install hardware and installed my own RAM, GPU and CPU. So I'm not completely computer dumb :)
Anyways, a few days ago I was looking up an album by DMX(Flesh of my Flesh) just to see the review on it(I like reading album reviews sometimes). Well, I clicked the first link that popped up since it was relevant to my search.
Well, you know how Google searches things with the keyword in it? I clicked the first link but Google Chrome(the browser I use) bumped it down and I ended up accidentally clicking on a site called FleshBot. I knew this had to be some type of porn site so I backed out IMMEDIATELY. Now whenever that type of thing happens(it's inevitable with Google Chrome, unfortunately.) I immediately scan my computer, which is what I did.
Now, I am VERY paranoid when it comes to computers.....I know how easily they can be infected with keyloggers, trojans, backdoors and the like so I mainly visit a few safe sites.
Atlnightspots(for the Eye Candy section :D)
Nexon(I play a game called Combat Arms and have a high ranked account there, which is one of the main reasons I'm so paranoid.)
And sites that provide info about upcoming games(MW3 and BF3).
So, I checked my Task Manager for whatever reason, and my blood almost froze. I saw rundll32.exe(which I had never noticed before.) I looked it up online and saw that it was nothing to be fearful of, SO....... I calmed down. Now occassionally there are two instances of this running, and what's strange, whenever I mouse over one instance of it, it just disappears. Now that got me on high alert, so I installed this program;
http://dewasoft.com/privacy/kldetector.htm I run Vista, but it still seemed to work.
Followed the instructions(went into Word and typed random words) and it flashed red, saying that I may want to check NTUSER.DAT. Strangely enough, this file is "Last modified"' EVERY minute. Whether I type, click or do nothing, it's modified every minute.
Whenever I try to investigate it, it says it's in use by another program(which I looked up and it's Windows.)
This was all 2-3 days ago, and the NTUSER.DAT incident was yesterday.
Now, today I boot up my computer. It says Windows has failed to start and System Repair is starting. I say OK. It was something with the boot, so it restarted and started up. Now this made my blood run cold.
Norton Anti Virus had been turned off, as well as the Anti Spyware feature. And Admin Access needed had also been turned off(IIRC). Now, Norton started fixing itself, and apparently this being disabled was just a result of an error code.Either I'm dealing with the 1337est Malware in the world or I'm just overly paranoid. D:
Not to mention I've scanned with Malwarebytes, A Squared, Super Anti Spyware and Advanced System Care.. They've all found pretty much nothing.
Do you guys need a Hijack This Log to help me out, or.....
Re: Possible Malicious Program installed?
05-22-2011 04:10 PM
Literature and history are full of stories of paranoid rulers who destroyed their most loyal supporters and followers and ultimately their own reign.
Malwarebytes and hijackthis, as much as I've read from this forum, are compatible and can coexist with Norton products while acting as an on-demand scanner. The others might not be so and may cause conflicts with Nortonand with each other. These conflicts may lead to a system repair which leads to a crippled Norton.
Keep your true supporters informed (updated), and the 1337est Malware wouldn't be a trouble. Remain vigilant instead of paranoid.
As for rundll and ntuser, these are normal events.