Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trace.Known Threat Sources


  • Please log in to reply
57 replies to this topic

#1 Dennis H

Dennis H

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 12 April 2009 - 01:40 PM

Howdy,

I ran SuperAntiSpyware and the report said that I was infected with Trace.KnownThreatSources.

I used the removal feature and re-booted and ran SAS again. The same infection was detected again.

I ran Malwarebytes but it did not detect it.

I ran Windows Defender and it does not detect it.

Has anyone heard of Trace.KnownThreat sources ?


Thank You for your time.


Dennis :thumbsup:

BC AdBot (Login to Remove)

 


#2 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 05:13 AM

Anyone ? :thumbsup:

#3 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:12:28 PM

Posted 13 April 2009 - 05:32 AM

i had the same thing with sas.dont know why it came back tho.mine didnt

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:28 AM

Posted 13 April 2009 - 06:25 AM

Post the SAS log, it's under preferences
Chewy

No. Try not. Do... or do not. There is no try.

#5 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 06:56 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/12/2009 at 12:23 PM

Application Version : 4.26.1000

Core Rules Database Version : 3839
Trace Rules Database Version: 1795

Scan type : Complete Scan
Total Scan Time : 00:30:36

Memory items scanned : 432
Memory threats detected : 0
Registry items scanned : 4712
Registry threats detected : 0
File items scanned : 18250
File threats detected : 65

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@tracking.foxnews[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediamatters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.lucidmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@vpmc.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dc.tremormedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@scanner.rapid-antivir-2009[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eb.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.belointeractive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Irene\Cookies\irene@adrevolver[2].txt
C:\Documents and Settings\Irene\Cookies\irene@media.adrevolver[1].txt
C:\Documents and Settings\Irene\Cookies\irene@invitemedia[2].txt
C:\Documents and Settings\Irene\Cookies\irene@advertising[1].txt
C:\Documents and Settings\Irene\Cookies\irene@specificclick[1].txt
C:\Documents and Settings\Irene\Cookies\irene@ad.yieldmanager[2].txt
C:\Documents and Settings\Irene\Cookies\irene@data.coremetrics[1].txt
C:\Documents and Settings\Irene\Cookies\irene@atdmt[2].txt
C:\Documents and Settings\Irene\Cookies\irene@doubleclick[2].txt
C:\Documents and Settings\Irene\Cookies\irene@hitbox[2].txt
C:\Documents and Settings\Irene\Cookies\irene@media6degrees[1].txt
C:\Documents and Settings\Irene\Cookies\irene@ehg-talbots.hitbox[2].txt

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NH4BGYU3\virusremover2009[1].jpg

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:28 AM

Posted 13 April 2009 - 07:04 AM

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".


Then update MBAM and run a full scan of all drives but cd/dvd
Chewy

No. Try not. Do... or do not. There is no try.

#7 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 08:11 AM

Ok. I will give it a try.

Thanks

#8 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 08:23 AM

Ok. I ran ATF.

I updated Malwarebytes but I do not see a setting where I can exclude the cd/dvd drives.
When I click full scan I see C,D,E drives. Is E the cd/dvd drives ?

I have run Malwarebytes 3 times before ATF and it did not detect anything. Seems like SAS is the only one picking it up.



(Then update MBAM and run a full scan of all drives but cd/dvd)


Thanks,

Dennis :thumbsup:

Edited by Dennis H, 13 April 2009 - 08:24 AM.


#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:28 AM

Posted 13 April 2009 - 10:02 AM

When I get the drive selection window with MBAM it shows a picture/icon of a cd/dvd drive next to my E and F drives

Run the full scan and post the complete log please
Chewy

No. Try not. Do... or do not. There is no try.

#10 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 05:11 PM

Howdy DaChew,

I saw the icons also but I could not recognize which one was the cd/dvd driver icon. I can post a screen shot if you think it nessessary though.

I ran a full scan using Malwarebytes, here is the log.


Malwarebytes' Anti-Malware 1.36
Database version: 1978
Windows 5.1.2600 Service Pack 3

4/13/2009 6:05:44 PM
mbam-log-2009-04-13 (18-05-44).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 97888
Time elapsed: 31 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am now running a full scan using SAS. I will post the log in case it is helpfull to you while trying to solve my problem.

Thanks

Edited by Dennis H, 13 April 2009 - 05:25 PM.


#11 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 05:53 PM

Here is my most recent log of SAS after running ATF, MalwareBytes.

According to this log I have 9 infections. Yikes ! :thumbsup:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2009 at 06:35 PM

Application Version : 4.26.1000

Core Rules Database Version : 3839
Trace Rules Database Version: 1795

Scan type : Complete Scan
Total Scan Time : 00:21:49

Memory items scanned : 429
Memory threats detected : 0
Registry items scanned : 5081
Registry threats detected : 0
File items scanned : 17825
File threats detected : 28

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adstats.cdfreaks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@invitemedia[2].txt

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NH4BGYU3\virusremover2009[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NH4BGYU3\virusremover_2009[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M0NA59S6\virusremover2009[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1FY4KX31\PCAO336IECAQV3XYECA6FTWFACAR2AD1WCASVTTXHCACY4OJSCAA43N4ACA3QXHFUCAA44JXECASXI5BQCA27AMTSCABF5CGKCAWR0ZWUCAYI2JDBCA3RVWPJCAN8MDC0CAW4YF2KCA0K68MICA6GBIN5CA2LU9RJ
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YDOO364N\search[10]
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y5O2HCXS\virusremover-2009[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JQCDZNX4\search[10]
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y5O2HCXS\t[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y5O2HCXS\virusremover2009[1].jpg

#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:28 AM

Posted 13 April 2009 - 07:01 PM

Please download and run Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here
Chewy

No. Try not. Do... or do not. There is no try.

#13 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 07:38 PM

Ok ,I am running it now.

I am sure you are aware of this malware but I thought I would post some information that I found on Google.

Apparently my computer has picked up the same crap that was going around in 2008 and bothering other people. ???





"Antivirus2009 or Antivirus 2009, is the latest rogue antispyware program. Antivirus2009 is a clone of the famous rogue antispyware Antivirus 2008 (Antivirus2008). Usually Antivirus2009 can come into user's computer after fake video codec installation that comes with malware, Trojan or even a virus. Antivirus2009 will generate fake system warning popup messages to trick users into punching a "full" version of Antivirus2009.
It is very important to remove all the components of Antivirus2009 and all the malware and Trojans that it might have come with (such as Trojan Zlob, Trojan Vundo). Users should not trust Antivirus2009 and they should remove it as soon as possible from their computer system!"


Dennis :thumbsup:

Edited by Dennis H, 13 April 2009 - 07:39 PM.


#14 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 April 2009 - 07:51 PM

Just found this. What do you think ??

http://www.bleepingcomputer.com/malware-removal/

I found it on Google.

I Don't trust anything I read online until I hear from people like you that know what the heck they are doing.


So I will stand by.


Dennis :thumbsup:

#15 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:28 AM

Posted 13 April 2009 - 07:57 PM

I have already googled this and done a little research at the MBAM rogue forum section?

There were some new variants that hit april the 1st

That log from process explorer?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users