two questions -- infostealer

Hi, I have two questions. On my Window 7 desktop whenever I turn it on, once I get to the desktop it takes a long time to load and websites take a while to load as well --this doesn't happen every time I turn it on but enough so that I noticed it. I ran Malwarebytes and it came up okay. Just wondering if this might be a virus (this tends to happen with most often with chrome, not as much with Firefox).

My second question is about a flash drive. I put the drive on my Mac laptop that I have Symantec on. Once I put the flash drive in it did a quick scan and came up saying that I had the infostealer virus on the flash drive. It wasn't able to delete it but it did quarantine it. Is my laptop infected or has it been quarantined? That flash drive has a lot of important information on it but now I'm worried about plugging it in anywhere else. Is there a way to get it off for good?

Thanks!

OK, let me try and answer your Qs.

1. It's probable that it's not really a virus and just some unnecessary apps on startup slowing it down. Download the portable version of CCleaner from here, start it up and go to Tools > Startup > Save to File... and upload that file as an attachment here. I'll guide you on what to disable.

2. If your flash drive was properly scanned and cleaned you have nothing to worry about. Other than that, Windows viruses can't harm a Mac - so even if the virus is still there, it just won't run on a Mac, so no, it won't damage your Mac Laptop. And Symantec's own website clearly states that Macs are not affected by the Infostealer virus. Nothing to worry about. You can scan it again though(if you can, using your Mac's Symantec), just to make sure it's gone and it won't affect your Windows 7 desktop - although even if it is, indeed present, it won't affect your Mac in any way.

Hope that helps.
And sorry for the late reply.

Hi! Thanks for responding. For the infostealer question, I know it won't effect my mac, I'm just worried about my PC. My virus scan wasn't able to delete it. Just a quarantine, I still see the file on the flash drive when I plug it in.

For the other question, I downloaded the portable version of CCleaner but I don't see an attachment tab in the reply box. Here's what the file says:
Yes HKCU:Run ALconnect Koninklijke Philips Electronics N.V. C:\Users\dunstan\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
Yes HKCU:Run Google Update Google Inc. "C:\Users\dunstan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run googletalk Google C:\Users\dunstan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
Yes HKCU:Run HPAdvisorDock Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
Yes HKCU:Run MobileDocuments C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware.com C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run HP Remote Solution Hewlett-Packard %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run hpsysdrv Hewlett-Packard c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Microsoft Works Portfolio Microsoft® Corporation C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
Yes HKLM:Run Microsoft Works Update Detection Microsoft® Corporation C:\Program Files (x86)\Microsoft Works\WkDetect.exe
Yes HKLM:Run NortonOnlineBackupReminder Symantec Corporation "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SmartMenu Hewlett-Packard Company C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
Yes Startup Common Microsoft Works Calendar Reminders.lnk Microsoft® Corporation C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\dunstan\AppData\Roaming\Dropbox\bin\Dropbox.exe

Hi! Thanks for responding. For the infostealer question, I know it won't effect my mac, I'm just worried about my PC. My virus scan wasn't able to delete it. Just a quarantine, I still see the file on the flash drive when I plug it in.

If it quarantined the virus properly, then there's nothing to worry about. And what file do you see on the flash drive when you plug it in? If the infected file was cleaned(or quarantined), then there's nothing to worry about.

I think that Norton might have detected it and removed it. Did you try running the scan once again on the flash drive? If it comes out clean on the second scan, then the flash drive is safe.

For the other question, I downloaded the portable version of CCleaner but I don't see an attachment tab in the reply box. Here's what the file says:

Yes	HKCU:Run	ALconnect	Koninklijke Philips Electronics N.V.	C:\Users\dunstan\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
Yes	HKCU:Run	Google Update	Google Inc.	"C:\Users\dunstan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes	HKCU:Run	googletalk	Google	C:\Users\dunstan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
Yes	HKCU:Run	HPAdvisorDock	Hewlett-Packard Company	C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
Yes	HKCU:Run	MobileDocuments		C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
Yes	HKCU:Run	Skype	Skype Technologies S.A.	"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes	HKCU:Run	SUPERAntiSpyware	SUPERAntiSpyware.com	C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes	HKLM:Run	APSDaemon	Apple Inc.	"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes	HKLM:Run	BCSSync	Microsoft Corporation	"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes	HKLM:Run	HP Remote Solution	Hewlett-Packard	%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
Yes	HKLM:Run	HP Software Update	Hewlett-Packard	C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes	HKLM:Run	hpsysdrv	Hewlett-Packard	c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes	HKLM:Run	iTunesHelper	Apple Inc.	"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes	HKLM:Run	Microsoft Works Portfolio	Microsoft® Corporation	C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
Yes	HKLM:Run	Microsoft Works Update Detection	Microsoft® Corporation	C:\Program Files (x86)\Microsoft Works\WkDetect.exe
Yes	HKLM:Run	NortonOnlineBackupReminder	Symantec Corporation	"C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes	HKLM:Run	NvCplDaemon	Microsoft Corporation	RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes	HKLM:Run	QuickTime Task	Apple Inc.	"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes	HKLM:Run	SmartMenu	Hewlett-Packard Company	C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
Yes	Startup Common	McAfee Security Scan Plus.lnk	McAfee, Inc.	C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
Yes	Startup Common	Microsoft Works Calendar Reminders.lnk	Microsoft® Corporation	C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Yes	Startup User	Dropbox.lnk	Dropbox, Inc.	C:\Users\dunstan\AppData\Roaming\Dropbox\bin\Dropbox.exe

Do you want Google Talk to run at startup each time? If not, disable this Startup entry using CCleaner.
You can start it up later when you want to.

Yes	HKCU:Run	googletalk	Google	C:\Users\dunstan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

And I don't think you'll need HPAdvisor running at startup. So disable this entry too.

Yes	HKCU:Run	googletalk	Google	C:\Users\dunstan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

Do you want Skype at startup each time? If not, disable it too.

Yes	HKCU:Run	Skype	Skype Technologies S.A.	"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

Disable this entry.

Yes	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Do you use iCloud? If no, disable this.

Yes	HKLM:Run	APSDaemon	Apple Inc.	"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

Disable these...

Yes	HKLM:Run	hpsysdrv	Hewlett-Packard	c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes	HKLM:Run	HP Software Update	Hewlett-Packard	C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes	HKLM:Run	Microsoft Works Update Detection	Microsoft® Corporation	C:\Program Files (x86)\Microsoft Works\WkDetect.exe
Yes	HKLM:Run	NortonOnlineBackupReminder	Symantec Corporation	"C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes	HKLM:Run	QuickTime Task	Apple Inc.	"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes	HKLM:Run	SmartMenu	Hewlett-Packard Company	C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

Try disabling this, but re-enable it if disabling it causes you problems..

Yes	HKLM:Run	BCSSync	Microsoft Corporation	"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

Restart your PC and see if there's any improvement.

Thanks, it's running much better! I re scanned that flash drive. Doesn't seem to be on there anymore-or at least it doesn't come up in the scan. There's this file called "RECYCLER" that I thought might have been it since I didn't recognize it but I just deleted it off the drive. Thanks for your help

A folder or a file called RECYCLER? RECYCLER is just folder created by Windows' recycle bin to store deleted files - it's created on every drive on your PC. Some viruses may get in, but since Symantec scanned it clean, I'm not very sure if there was indeed a virus. Happy to know stuff is better for you now.

It definitely came up with a virus on the fist scan but I guess it deleted it that first time. I've never used Symantec before so I wasn't sure how it worked. I had this horrible virus on my work computer earlier this year so I guess I'm just extra cautious now haha. Either way, thanks for your help! All the best