Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware.trace


  • Please log in to reply
11 replies to this topic

#1 Alakinender

Alakinender

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 06 December 2014 - 05:47 PM

So, I searched the forum and didn't find any topic related to this. If I missed it, I'm sorry.
Mostly it's said that Malware.Trace is a rogue anti-sypware or anti-malware. But I now that AVG, MBAM(Malwerbytes Anti-Malware) and SAS(SUPERAntispyware) are not rouge, and I checked the list of programs and no rouge is sitting in my pc. So, what is this Malware.Trace? Only SAS reports him in my pc. It's a registry key that is found everytime I scan with SAS. I did the update, Safe Mode stuff, etc. So, I came to find answer here with you.
 
So, I will give you my SAS log.
 
This is my first post, and I can say that i have had a lot of experience with cleaning Trojans, Ad-ware, all those annoying toolbars and rouge software on other people's computers. My pc is always clean, i don't remember when I had a trojan or something like that, mostly it would be tracking cookie here and there but SAS shows them who is the boss in my pc :D
I always ended victorious when fighting malware. Once i managed to clean one guys pc that was surely easier to reinstall than clean, and i'm still proud of that cleaning :P
 
All I wantred to say is, that i now how to keep pc clean, optimized, but this little thing is going on my nerve, because it's first thing that doesn't remove after several cleaning attempts. Even Trojans and win32/sality family were easier than this.
 
Here is the log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2014 at 10:53 PM

Application Version : 6.0.1164
Database Version : 11645

Scan type       : Complete Scan
Total Scan Time : 00:34:39

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 629
Memory threats detected   : 0
Registry items scanned    : 54670
Registry threats detected : 1
File items scanned        : 27404
File threats detected     : 0

Malware.Trace
    (x86) HKU\S-1-5-21-4007106930-1875098270-3945276227-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

============
 End of Log
============
 
sorry about my english, i'm from croatia :)

Edited by Budapest, 06 December 2014 - 06:06 PM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2014 - 06:11 PM

Hello there    :welcome:

 

Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
 

:step1: Download MiniToolBox

  1. Click here to download MiniToolBox to your desktop.
  2. Double click MiniToolBox.
  3. Select the following and then press go.
  4. Post the log in your next reply.

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

List Installed Programs

List Restore Points

 

:step2: Install and run a scan with Malwarebytes Anti-Malware
  1. Click here to download Malwarebytes to your desktop.
  2. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  3. On the dashboard, click update now.
  4. After that, click scan now - the scan will now begin.
  5. When the scan's completed, select apply actions - make sure the action is quarantine.
  6. Restart your computer.

How to get the log.

  1. On the dashboard, select the history tab and click application logs.
  2. Select the log which has the time and date of when you did the scan.
  3. Click copy to clipboard and paste it into your reply.

:step3: Download Security Check

  1. Click here to download Security Check to your desktop.
  2. Double click SecurityCheck and follow the on-screen instructions.
  3. A log should open, called checkup.txt.
  4. Please post the contents of it in your next reply.

Thanks and good luck!



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 06 December 2014 - 07:32 PM

FYI: Per the Emsisoft Malware Library...Trace malware detections generally indicate remnants of an associated file, folder, or registry key that remains on a system after cleaning a previous malware infection. Traces are typically useless and not dangerous since the primary malicious payload has been removed. A Malware.Trace detection is just another name for trace malware.

Some malware infections and Potentially Unwanted Program (PUP) are difficult to remove completely. They insert themselves (components) into various areas throughout a computer's operation system to include browsers, hidden folders, windows registry, etc and may leave so many remnants behind that security tools cannot find them all. After a security vendor updates their program version or definition databases, it is not uncommon for subsequent scans to find traces of malware related folders, files, registry entries or even certain cookies which had previously gone undetected by prior scans long after the initial infection was removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 PM

Posted 06 December 2014 - 08:09 PM

EDITED BY ME ............

Thank You


Edited by noknojon, 07 December 2014 - 05:27 PM.


#5 Alakinender

Alakinender
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 AM

Posted 07 December 2014 - 03:10 AM

Hello there again! :D

I think it's a good guess but I found out that it is actually my fault for having this Malware.Trace.

Actually this is what i have a False Positive. I like to have customized desktop and I have changed start orb button. So after the change it reports when scannig that is found Malware.Trace. Then after reboot, start orb returns to normal. I don't know why I didn't notice this before and I am sorry for posting for nothing. :(

 

But those ideas you provided are very good, you still did a good job :D

It's very well explained, keep up the good work! :D

 

Once again, I am very very sorry that I took your time :((



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:40 AM

Posted 07 December 2014 - 08:00 AM

No problem. There are various tweaking programs and intentional user acts that alter certain registry keys which are often modified by malware as well. Security scanners may detect those modifications and report them to alert the user but they do not have the ability to determine who/what made those changes.

It's always best to check detections when not sure. BTW, you're not the only one. That particular registry key has been reported as a false positive several times before.
Malware.Trace
HKU\S-1-5-21-1499385294-1294109063-3957283044-100\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
Is this probably a false positive?
Registry item, "Malware Trace"

The detection in itself is not a threat, it is a sign or "trace" of malware, which in this case seemed to be a false positive as we were unable to find anything out of the ordinary in the diagnostic.

SAS Customer Service, Post #13
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Alakinender

Alakinender
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 07 December 2014 - 11:18 AM

You are probably right because many windows customization programs are third party programs that aren't digitaly signed, so av programs recogonize them as PUP or PUM.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:40 AM

Posted 07 December 2014 - 02:39 PM

Plus when a computer is infected with malware there most likely will be other obvious indications (signs of infection) that something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 PM

Posted 07 December 2014 - 05:25 PM

so av programs recogonize them as PUP or PUM.

Unfortunately if these are the main items, as quietman7 has said, we are not able to greatly help you unless it becomes a Major infection.

 

I do not see any reason for infection, and I would be very careful using these tools on customization type third party programs, as you can damage / remove them.

Still keep an Antivirus program (even a free one) and an Antimalware program (like Malwarebytes Anti-Malware installed)

 

Thank You -



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 07 December 2014 - 06:10 PM

Yes...Anti-virus programs generally scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.

Potentially Unwanted Programs (PUPs) (Adware), Potentially Unwanted Applications (PUAs) and Potentially Unsafe Applications (PUAs) are classified differently and do not fall into any of those categories...that is the primary reason some anti-virus programs do not detect or remove them.

However, many Anti-virus/Anti-Malware programs and security scanners have options to include or exclude the detection of PUPs because of how they are defined. If they are not finding any PUPs, then most likely the settings have been set to exclude or ignore those detections so they need to be enabled. If your tools are finding but not removing PUPs, then most likely the settings are set to detect but not take any action.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Alakinender

Alakinender
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 08 December 2014 - 04:48 PM

I always set the options first when installing anti-virus, anti-spyware and anti-malware. You need to know what protection you have and you need to know how will your computer react to each situation. And I trust SAS and MBAM that they will do a very good job with removing infections. Also, if someone wants a really good control over pc and every application i recommend Comodo firewall. With him you can set a custom rules for every application and grant different permissions for each part of the software. You can allow some program to create a folder but you can block his internet connection and such things.

 

Did you ever use comodo firewall and what can you say about it?

 

Also, when using third party programs, you can always google the program to see what are people saying about it, see if the comments are: "I got BSOD!!! What? How? Why? DON'T download!!! Trojan!!" and such comments. And of course you must know what are you doing when changing windows files. And the golden tip is always to have backup :D But even if you download something there is always VirusTotal service where you can easily check safety of the program. There is also sandbox option.

 

When you put it all together, if you are careful and know what are you doing, the chances to do damage to your pc are minimal :)

But even if you do damage, you will gain experience that you will remember :D

 

It was pleasure to exchange thoughts with experts like you.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:40 AM

Posted 08 December 2014 - 05:01 PM

Yes...backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas.

If you would like to discuss Firewalls and get opinions...then you should start a new topic in the Firewall Software and Hardware forum. This one is essentially for those who need assistance with malware removal.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users