Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if im infected ~


  • Please log in to reply
6 replies to this topic

#1 Sam86

Sam86

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 June 2009 - 04:36 AM

Few days ago, i open or launch an application (im not sure what was it but it appears like a flash). Then my Trend Micro Internet Security 2008 pop up saying that spyware (i think was CRCK KEYGEN) detected/found. So, quickly deleted the file that i open just now. And perform scan using Trend Micro Internet Security but it didnt show up anything (no virus or spyware was found). i also use Malwarebytes' Anti-Malware and also didnt show any virus or spyware.

Im kinda worried if my laptop (window Vista) have been infected or not.

note: i havent got any problem yet with my laptop after the spyware warning.

Update: i check my quarantine in my Trend Micro (spyware quarantine). there are 4 CRCK KEYGEN. so, i delete it.
Is my Laptop safe from spyware now?

Edited by Sam86, 23 June 2009 - 05:16 AM.


BC AdBot (Login to Remove)

 


#2 wj32

wj32

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 June 2009 - 05:19 AM

Few days ago, i open or launch an application (im not sure what was it but it appears like a flash). Then my Trend Micro Internet Security 2008 pop up saying that spyware (i think was CRCK KEYGEN) detected/found. So, quickly deleted the file that i open just now. And perform scan using Trend Micro Internet Security but it didnt show up anything (no virus or spyware was found). i also use Malwarebytes' Anti-Malware and also didnt show any virus or spyware.

Im kinda worried if my laptop (window Vista) have been infected or not.

note: i havent got any problem yet with my laptop after the spyware warning.


Hi Sam86,

Several things AVs consistently detect as malware are cracks and keygens. These are almost guaranteed to be false positives. If your laptop doesn't have any other symptoms, it generally means it's not infected.

You may want to do a few more of those scans with other software if you're paranoid, though...
MCTS: Windows Internals.
Stupid bureaucracy.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:46 PM

Posted 23 June 2009 - 06:42 AM

When an anti-virus or security program quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be malicious, you can delete it at any time.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Just to be safe, I recommend performing a couple more scans.

Please download Malwarebytes Anti-Malware (v1.38) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

** If Malwarebytes Anti-Malware results in any error messages, please refer to Fixes for common problems and Error Codes.

Please download Rooter.exe and save to your desktop.
  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • A DOS window will appear and show the scan progress.
  • If you receive a Windows - No Disk error message, click Continue.
  • Once the scan is complete, a notepad file (Rooter.txt) containing the report will open and Rooter will automatically close.
  • A log will also be saved at %systemdrive%\Rooter.txt (where %systemdrive% is usually C: or the drive that you have Windows installed).
  • Copy and paste the contents of Rooter.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Sam86

Sam86
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 June 2009 - 07:46 AM

Thanks for replaying. And also thanks for the warning. Im still newbie when comes to computer & etc. Ill avoid those illegal activities.

Here's the Malwarebytes Anti-Malware result:
[codebox]Malwarebytes' Anti-Malware 1.38
Database version: 2324
Windows 6.0.6001 Service Pack 1

6/23/2009 8:31:09 PM
mbam-log-2009-06-23 (20-31-09).txt

Scan type: Quick Scan
Objects scanned: 79114
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
[/codebox]



and Here's the Rooster Result :
[codebox]Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
32_bits - x86 Family 6 Model 15 Stepping 13, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:69 Go - Free:23 Go )
D:\ [Fixed-NTFS] .. ( Total:69 Go - Free:13 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
¨
Scan : 20:37.38
Path : C:\Users\Sam\Desktop\Rooter.exe
User : Sam ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (496)
______ C:\Windows\system32\csrss.exe (628)
______ C:\Windows\system32\wininit.exe (680)
______ C:\Windows\system32\csrss.exe (692)
______ C:\Windows\system32\services.exe (724)
______ C:\Windows\system32\winlogon.exe (752)
______ C:\Windows\system32\lsass.exe (784)
______ C:\Windows\system32\lsm.exe (792)
______ C:\Windows\system32\svchost.exe (940)
______ C:\Windows\system32\svchost.exe (1032)
______ C:\Windows\System32\svchost.exe (1072)
______ C:\Windows\system32\Ati2evxx.exe (1128)
______ C:\Windows\System32\svchost.exe (1148)
______ C:\Windows\System32\svchost.exe (1180)
______ C:\Windows\system32\svchost.exe (1192)
Locked audiodg.exe (1280)
______ C:\Windows\system32\svchost.exe (1300)
______ C:\Windows\system32\SLsvc.exe (1316)
______ C:\Windows\system32\svchost.exe (1392)
______ C:\Windows\system32\Ati2evxx.exe (1544)
______ C:\Windows\system32\svchost.exe (1600)
______ C:\Windows\System32\spoolsv.exe (124)
______ C:\Windows\system32\Dwm.exe (504)
______ C:\Windows\system32\svchost.exe (532)
______ C:\Windows\system32\taskeng.exe (676)
______ C:\Windows\system32\WLANExt.exe (848)
______ C:\Windows\Explorer.EXE (928)
______ C:\Windows\system32\taskeng.exe (2032)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2276)
______ C:\Program Files\Bonjour\mDNSResponder.exe (2316)
______ C:\Windows\system32\svchost.exe (2328)
______ C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (2352)
______ C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (2404)
______ C:\Acer\Empowering Technology\eNet\eNet Service.exe (2504)
______ C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2544)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (2588)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2640)
______ C:\Acer\Mobility Center\MobilityService.exe (2664)
______ C:\Windows\System32\svchost.exe (2740)
______ C:\Nexon\Mabinogi\npkcmsvc.exe (2764)
______ C:\Windows\System32\svchost.exe (2800)
______ C:\Windows\system32\svchost.exe (2812)
______ C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2832)
______ C:\Program Files\CyberLink\Shared Files\RichVideo.exe (2860)
______ C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (2892)
______ C:\Windows\system32\svchost.exe (2928)
______ C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (3080)
______ C:\Windows\System32\svchost.exe (3168)
______ C:\Windows\system32\SearchIndexer.exe (3200)
______ C:\Windows\system32\DRIVERS\xaudio.exe (3260)
______ C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (3284)
______ C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (3348)
______ C:\Program Files\Trend Micro\BM\TMBMSRV.exe (3488)
______ C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (3512)
______ C:\Windows\system32\wbem\wmiprvse.exe (3676)
______ C:\Windows\system32\wbem\wmiprvse.exe (3736)
______ C:\Windows\system32\wbem\unsecapp.exe (3928)
______ C:\Program Files\Windows Defender\MSASCui.exe (3432)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3468)
______ C:\Windows\RtHDVCpl.exe (2152)
______ C:\Acer\Empowering Technology\eAudio\eAudio.exe (3092)
______ C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (964)
______ C:\Program Files\Launch Manager\LManager.exe (1356)
______ C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe (2212)
______ C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (3732)
______ C:\Program Files\Apoint2K\Apoint.exe (2228)
______ C:\Program Files\iTunes\iTunesHelper.exe (4200)
______ C:\Program Files\Java\jre6\bin\jusched.exe (4216)
______ C:\Program Files\Windows Sidebar\sidebar.exe (4224)
______ C:\Windows\ehome\ehtray.exe (4240)
______ C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (4248)
______ C:\Program Files\DAEMON Tools Lite\daemon.exe (4264)
______ C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (4284)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (4308)
______ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (4456)
______ C:\Users\Sam~1\AppData\Local\Temp\RtkBtMnt.exe (4500)
______ C:\Program Files\Apoint2K\ApMsgFwd.exe (4588)
______ C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE (5004)
______ C:\Windows\ehome\ehmsas.exe (5036)
______ C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE (5092)
______ C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE (5132)
______ C:\Program Files\Apoint2K\Apntex.exe (5176)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (5800)
______ C:\Program Files\iPod\bin\iPodService.exe (4112)
______ C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (4612)
______ C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (1620)
______ C:\Windows\system32\conime.exe (3060)
______ C:\Program Files\Mozilla Firefox\firefox.exe (5308)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (5888)
______ C:\Windows\system32\NOTEPAD.EXE (3644)
______ C:\Windows\system32\NOTEPAD.EXE (4420)
______ C:\Users\Sam\Desktop\Rooter.exe (3604)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:10478974464)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:10479468544 | Length:74918658048)
\Device\Harddisk0\Partition3 (Start_Offset:85398126592 | Length:74641833984)
¨
----------------------\\ Scheduled Tasks
¨
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\SDMsgUpdate (SD).job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 20:38.00
¨
C:\Rooter$\Rooter_3.txt - (23/06/2009 | 20:38.00)
[/codebox]

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:46 PM

Posted 23 June 2009 - 07:56 AM

Looks like you are ok then.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Sam86

Sam86
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 June 2009 - 08:02 AM

Thanks a lot! - you make me a happy person ^^ and will avoid those nasty activities.
Thanks again!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:46 PM

Posted 23 June 2009 - 08:06 AM

You're welcome.

Tips to protect yourself against malware and reduce the potential for infection:Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users