Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm/malware downloaded from email?


  • Please log in to reply
1 reply to this topic

#1 RyanB

RyanB

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 01 October 2010 - 12:06 AM

I think i may have received a worm or other malware from an email. When reading an unfamiliar email my Trend Micro virus protection and firewall turned off and a windows notification popped up asking if i wanted to run something said to be published by trend micro located in: (cannot remember where). I pressed ok and TM virus protection and firewall turned back on.

A TM full system scan, malwarebytes full system scan, and window malware removal tool showed nothing.
(Im not sure if this happens during a full scan) but during the beginning of the quick scan the tsc.exe process runs, taking up about 50% of my CPU, but after it has finished scanning for trojans (about the first 10% of scan progress), the process disappears from my task manager.

Because of this i decided to search tsc in my c drive.
Two applications named tsc are showed:
The first is located in c:\program files\trend micro\internet security
size 413kb, date modified 1/04/2010 7:11am
When i double click this a black box (run?) opens and lots ofvarious (comands?) scroll down the box.
All of these (comands?) are: Executing (then: worm_yaha.t or troj_lemir or hundreds of other things that also start with worm or troj or various others) pattern...

While this is happening, tsc.exe is running in the task manager under the same cpu usage as during the scan.

The other tsc application showed after the c drive search is located in c:-program files-trend micro-internet security-component-engine-0x21080000
this app has the same size and date modified as the other.
However when i double click this a similar box as in the previous flashes open for a second.

Could you please tell me if these observations are normal? and should i delete one or both of these apps/processes?
Thanks Ryan.

BC AdBot (Login to Remove)

 


#2 RyanB

RyanB
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 01 October 2010 - 12:15 AM

While running Windows Malicious software removal tool, there are two mrt.exe processes in the task manager.
Is this normal, or is one of them malware?

Also, the mrt scan says it has finished and that there where no problems detected before the green progress bar has reached the end (it gets to about 2/3 the way).
Note: the last items scanned before it ends are msiexec.exe (the m and first e change from lowere to uppercase many times)
Again is this the doing of malware?

Thanks, Ryan

Edited by Orange Blossom, 01 October 2010 - 10:07 AM.
Merged topics and moved to AII for initial assistance. ~ OB





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users