Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.Trace


  • This topic is locked This topic is locked
23 replies to this topic

#1 aland08

aland08

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 18 March 2009 - 11:21 PM

Hi,

MBAM Free Version picked this up tonight on my system...

C:\WINDOWS\system32\MSINET.oca (Rogue.Trace)

Anything to be concerned with?

Thanks.

Alan

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 19 March 2009 - 12:24 PM

The file is related to Generic MultiDropper.d!E6B7F3BC.

Some malware infections are difficult to remove completely and may leave so many remnants behind that security tools cannot find them. When vendors update their definition databases, subsequent scans may find more files (traces) which it failed to detect before. What version of MBAM are you using and what is the database? Are you experiencing any problems with your system or just this one detection?

Edited by quietman7, 19 March 2009 - 12:27 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 01:02 PM

Quietman,

I just updated the free version of MBAM before I scanned to "1868". And yes, I have been experiencing problems with my CA Security '09 update on 2 computers and perhaps some other issues, as I am not certain they are related. Problems with Apps shutting down & freezing on the system with the Rogue error & problems with the AV scanning whenever it wishes, on the other computer. There are also problems logging on to the CA site & customer support is horrific. I would love a recommendation for another security system other than Norton of McAfee, as I have had enough of CA. See http://www.bleepingcomputer.com/forums/t/212192/i-hear-that-windows-warning-thud/ for a detailed description of my other issues with the computer with the Rogue message.

I have countless hours lately into these machines and I would love to get to the bottom of them. The machine with the Rogue concern is my main computer & has been problem free for a long time. The other machine is older & was recently plugged back in. I had a variety of concerns with the older one that Chewy helped me through & other than the CA Antivirus scanning at unscheduled times, I think it's ok. I would very much appreciate your help with my main machine as we use it constantly & very much need it to function. Thank you!

Alan

#4 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 01:16 PM

-

Edited by aland08, 19 March 2009 - 01:16 PM.


#5 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 02:46 PM

Quiet,

Did I lose you?

Alan

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 19 March 2009 - 04:35 PM

Please be patient. Staff members are all volunteers, we are assisting other members as well as you and we do not sit behind our computers 24/7.

Perform a Quick scan in normal mode with MBAM and post the log results.

To retrieve the MBAM scan log information, launch MBAB.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format:
      mbam-log-2009-01-12(13-35-16).txt <- your dates will be different from this example
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Free Antivirus programs: (choose and install only one)
avast! 4 Home Edition (comes with built-in anti-rootkit and anti-spyware protection)
Avira AntiVir Personal - Free Antivirus (provides some rootkit detection and removal))
AVG Anti-Virus Free Edition 8.0
RISING Antivirus Free Edition
PC Tools AntiVirus Free Edition
ClamWin Free Antivirus
Note: ClamWin Free AV does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

Choosing an anti-virus is a matter of personal preference, your technical ability and experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use. Another factor to consider is whether you want to use a paid for product or free alternative. My personal choice is NOD32 Anti-Virus .

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 04:47 PM

Sorry Quiet...just afraid I lost you & didn't want to start over w/ someone else. I have countless hours into these latest issues and would like to finish more than I would like to breathe :thumbsup:

I practice your AV/safety suggestions as well. Wouldn't I typically receive better protection from a paid for program?

I have performed full scans w/ MBAM & I am clean. But here's the log just in case you need it...

Malwarebytes' Anti-Malware 1.34
Database version: 1871
Windows 5.1.2600 Service Pack 3

3/19/2009 5:46:10 PM
mbam-log-2009-03-19 (17-46-10).txt

Scan type: Quick Scan
Objects scanned: 23650
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks & I look forward to your reply. BTW, do you have an opinion on the issues I expressed in my other post which I linked in an earlier reply?

Alan

#8 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 05:13 PM

PS- here's the full scan log...

Malwarebytes' Anti-Malware 1.34
Database version: 1871
Windows 5.1.2600 Service Pack 3

3/19/2009 3:12:24 PM
mbam-log-2009-03-19 (15-12-24).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 111685
Time elapsed: 19 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 19 March 2009 - 08:46 PM

Lets do another scan to see if we find anything else that MBAM may have missed.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
alternate download link

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you cannot boot into safe mode, then perform your scans in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 09:24 PM

Quiet,

Sure...I have run SASW before & have recently removed it but I will download it again. I keep my system very clean & regularly deleted cookies & temps but I have ATF Cleaner already and use it regularly too. Stay tuned as I run the scan...

Also, since I removed & reinstalled CA yesterday, it has ceased hanging & freezing, at least for today, and I have not heard that dreaded Windows waring thud in the background either. See http://www.bleepingcomputer.com/forums/ind...p;#entry1183481

Alan

#11 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 10:25 PM

Quiet,

I cannot believe what's going on now. First of all, the Superanti scan was clean & when I came back to this forum using FF, through Yahoos home page, I notice the typical large rectangle ad on the right of the screen wouldn't load on Yahoo's home page then I came here & look what I find....
--------------------------------------------
BleepingComputer.com
Rules
Welcome Guide
RSS
Help
Search
Members
Blogs
Chat
More Search Options
[X]
My Assistant
Loading. Please Wait... Loading. Please Wait...
X Site Message
(Message will auto close in 2 seconds)

Logged in as: aland08 ( Log Out )

My Topics My Controls View New Posts My Assistant My Friends 0 New Messages


> BleepingComputer.com > Security > Am I infected? What do I do? > Rogue.Trace
>

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
--------------------------------------------------------

This is how the page is now displaying. It views normally in IE & was fine before I downloaded SASW. I am not saying that it's the fault of the download but I need to give you a time that the problem originated. There are no unusual circumstances in the Event Viewer. Please help! Thanks.

Alan

#12 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 10:39 PM

QUIET,

PS- I cleared my FF cache again & now all is well....what the !#@$% happened? I have never seen that before.

Alan

#13 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 19 March 2009 - 11:01 PM

There goes that double thud again....the Windows warning thud??? Nothing in the event viewer either...

The sound is the critical stop sound but 2 consecutive, at times.

Edited by aland08, 20 March 2009 - 12:27 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 20 March 2009 - 07:11 AM

I was going to advise you to clear the cache in FF as what you described is not uncommon. Happens to me every now and then at some forums and that always works for me.

There goes that double thud again...The sound is the critical stop sound

What are you doing when this occurs?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 aland08

aland08
  • Topic Starter

  • Members
  • 210 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 20 March 2009 - 09:40 AM

Good Morning Quiet,

Thank you for bringing up the critical stop sound as I am not having any luck in my thread. People are trying but to no avail. I could be doing any number of things when the critical stops occur. The last time I was in this forum. I can't think of anything in particular that I am doing. I'm not sure if it only happens when I am on line or not....I think it happens anytime.

Would very much appreciate your help. If you check out my thread about this, you'll see the posts from late last night between stang777 & me. Maybe you'll find something I said there to be helpful. http://www.bleepingcomputer.com/forums/t/212192/i-hear-that-windows-warning-thud/
Thanks, Alan

Edited by aland08, 20 March 2009 - 09:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users