• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Malware problem

I'm having a message pop up that says that my computer may be at risk and a trojan has been detected. This message is definitely not from a legitimate source.

Attached is a HJT log... please help!

-Chris

File Attachment: 

Replies

Kudos0

Re: Malware problem

I'm having a message pop up that says that my computer may be at risk and a trojan has been detected. This message is definitely not from a legitimate source.

Attached is a HJT log... please help!

-Chris

Kudos0

Re: Malware problem

cmanzi:

What exactly did the popup say, and what was the name of the originator of the popup?  Also, what Norton product are you using, Internet Security or Antivirus?  Do you have any other antivirus programs running on your machine?

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Malware problem

cmanzi:

You may have an issue with Winupdate86, which is frequently identified as a trojan.  You can download Malwarebytes free version, install, update and run a full scan.

http://www.filehippo.com/download_malwarebytes_anti_malware/

You are also aparently running a corporate version of Symantec protection.  If MBAM is unsuccessful, we will need to send you to the corporate forums for assistance.

www.symantec.com/connect

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Malware problem

Since you are using Symantec AntiVirus (Corporate edition), you may have to post the same in Symantec Enterprise forum (http://forums.symantec.com) for getting more information on errors related to Enterprise product- Symantec AntiVirus. This forum is for Symantec Consumer Products only.

The following entries in Hijackthis seems to malicious:

C:\WINDOWS\system32\winupdate86.exe
R3 - URLSearchHook: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspe0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspe0.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspe0.dll
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

Kudos1 Stats

Re: Malware problem

Hi

 C:\WINDOWS\system32\winupdate86.exe

Is the entry just listed in the log as a running process You won't be able to select it, place a tick beside it, don't worry about this one in Hijackthis, You select the O4  entry for it.

You can use Hijackthis more tools, in another area, but just tick the O4 entry that shows. when you restart the PC the file won't load. 

An up to date, Malwarebytes will detect "winupdate86.exe"  as "C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert)"  at least database version 3217

Quads 

Message Edited by Quads on 11-25-2009 05:27 AM
Kudos0

Re: Malware problem

Great to see you doing the good work again & again, Quads.
Windows 7 Ultimate x64 SP1 -- NIS 21
Kudos0

Re: Malware problem

I suggest to put the file in quarantine, as you can figure out then, if possible.
Kudos0

Re: Malware problem

No, I'm Just stating again a bit of info so when the user runs Hijackthis they don't scratch their head trying to find the first stated entry, When the first entry is the R0 (homepage) settings.

A few times now I have pulled had to state don't remove this entry or that etc. as they are legit and so on.

Quads 

Kudos0

Re: Malware problem


HPTouchsmart wrote:
I suggest to put the file in quarantine, as you can figure out then, if possible.
Malwarebytes will Detect the file and remove it.
 
Quads 
Kudos0

Re: Malware problem

Okay, I've downloaded the program, and I'm running it now.. what files am I looking for? Where do I go from here?
Kudos0

Re: Malware problem

Hi cmanzi

After you finish running the scan, please post the log here using the add attachments under the orange button.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.
Kudos0

Re: Malware problem

Okay, i've attached the log file.
Kudos0

Re: Malware problem

Hi

Your Malwarebytes log shows " -> No action taken." beside each detection

You need to have Malwarebytes remove them, Malwarebytes may have to restart your PC.

Quads 

Kudos0

Re: Malware problem

What about now? Can I delete the windows 86 file? it says my computer needs to restart but prior posts were misleading...
Kudos0

Re: Malware problem

Yes let Malwarebytes Restart your PC

Quads 

Kudos0

Re: Malware problem

cmanzi:

You will see in your log that MBAM requires a reboot to complete the removal process.  Please do so.

Hi Quads.

Message Edited by delphinium on 11-24-2009 07:37 PM
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain

This thread is closed from further comment. Please visit the forum to start a new thread.