Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Malware Infection

  • Please log in to reply
No replies to this topic

#1 Katrex


  • Members
  • 44 posts
  • Local time:06:06 PM

Posted 09 February 2009 - 08:00 PM

I am quite frustrated/stressed at the moment, so if something is unclear them I apologize - Mention it and I will try to better explain it.

Before I begin, I am using an Acer Aspire 5735-4401 Laptop running 64-bit Windows Vista Home Premium. A clear 'button' near my arrow keys reads "Aspire 5735Z." I purchased this PC only a week ago, brand new, and installed AVG8 Free (over the MacAfee it came with), and Ad-Aware Free Anniversary Edition prior to ever connecting it to the internet. The moment I did, I updated AVG/Ad-Aware and installed all the latest Windows Updates.)

I was having trouble with one of my games the other day, and yesterday I set about trying to determine what this problem is. I stumbled across a few forums which said this problem may be related to a virus, so I figured what the heck - and did some scanning. I have since resolved the problem with the game, but I discovered something else while virus scanning which is what this is about.

All the scans I did (AVG8 Free, Windows Defender, Ad-Aware Free Anniversary Edition) prior to this came up with nothing more than a handful of tracking cookies.

I did a HiJackThis and pasted the logfile in HiJackThis.de, and had two unknown entries. These entries were located as follows:


I decided to search them up on google, and came across numerous posts saying that these two files were -viruses.- I scanned them BOTH using VirusTotal and Jotti Online Malware Scan, and they both only received one hit on virus total. As I saw how most websites were using Malwarebytes Anti-Malware, I downloaded and ran this program and it identified both these objects as Trojan.BHO - I took no action.

I posted in a forum I frequent which has a Technology & Computers section, and was recommended to follow a guide for removing Malware infections as it seemed to them (by my HiJackThis log, and Malwarebytes log) that I had an infection.. This is where things start going wrong and making me think I may have an infection.

I restarted in safe mode with networking as the guide said, disabled third-party browser extensions for Internet Explorer, but was unable to turn off safe mode. I PM'd the creator, and he told me to skip it - so I did.

I moved on to the next steps, and scanned with Malwarebytes Anti-Malware, I cleaned all infections (those two files and I assume what was some related registry keys) and restarted back into safe mode with networking again.

I attempted to the next step (scan with AVG8 Free), however... It came up with an error, which you can see here: Imageshack Image

I figured I needed to repair it, so I headed on over to the AVG website and started downloading the install file again - I assumed this was what I was needed. I was still in Safe Mode with Networking. This is the first thing I found odd, as I went to the folder I told it to save in after it downloaded and it wasn't there. I tried to download it again and saved it to the same place, and watched as the moment it finished - the file disappeared again! I thought this in itself pointed out an infection, but I am not familiar with Wndows Vista so it may just be a quirk of the OS...

I restarted in normal mode, went back to AVG's website and downloaded the file without any problems. AVG was working in normal mode just fine.

I restarted again, into Safe Mode with Networking. AVG still was not working in safe mode, so I ran the installer... I told it to Repair/Fix, and half-way through the process it stopped and said that there was an error, which you can find here: Imageshack Image

I restarted back into normal mode - In the event I had to download more files. I went back to that website, and posted a new topic about AVG not working... and was recommended to do some advanced infection cleaning, as it sounded like I had one! I was told to download, then run ComboFix in safe mode as well as scan with another AntiVirus. I downloaded ComboFix and posted some questions, then while waiting for a reply I browsed to my C:... to notice I was missing HDD space. Now AVG's install file was only 50 MB, and ComboFix is pretty small. However, last night I had 92.6 GB or so left.. when I checked it here, I had 90.4 GB.

I memorized the ComboFix guide (I have no printer), and restarted into Safe Mode with Networking (as the people on the site told me to do prior to running it) - Then made sure everything was closed, and attempted to run it... It didn't work. I restarted back into normal mode, and attempted to run it again after ensuring my Anti-Virus/Firewalls/etc...were all disabled and all programs were closed, it didn't work and I screenshotted the error as seen here: Imageshack Image

I asked what to do on the site again, and the person was at a loss for what to suggest next as they admitted to not being familiar with Vista nor having any 64-bit OSes installed... so I decided to come here. While I was waiting for a reply, I noticed my HDD was now down to 89.4 GB...

I believe without putting up Malwarebyte or HiJackThis logs, this is as detailed as I can be. To sum it up;

I am paranoid/stressed about having a potential infection due to files disappearing after being downloaded in Safe Mode, my HDD having decreased in space by ~3 GB between last night and when I post this topic, and being told to clean an Advanced Infection but having none of the programs recommended to try work thus not cleaning any advanced infection that some believe is there!

I am a very paranoid person at heart, so I greatly thank anyone that can help me figure out if I am infected or these problems are just due to my OS or whatever and thereby relieving that paranoia and stress. I am also not the smartest person, so some patience is also requested.. ^^"

Edited by Katrex, 09 February 2009 - 08:02 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users