Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trusteer/Rapport in my AppData/Local folder, A concern?


  • Please log in to reply
14 replies to this topic

#1 johnsig

johnsig

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 January 2015 - 11:49 AM

Vista Home Premium (Not Basic)

This folder is full of log files, none newer than 10 months old. To my knowledge Rapport is not and has never been installed.  Any idea what this is and where it might have come from?



BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:38 PM

Posted 21 January 2015 - 11:51 AM

Hi john :)

Did you ever use the program IBM Security Trusteer Rapport, or any other program from IBM on your system?
3Al62Pm.pngList Installed Programs
  • Download MiniToolBox and move it to your Desktop;
  • Execute it by double-clicking on it;
  • Check the "List Installed Programs" checkbox;
    dE2KOUZ.png
  • Click on the Go button;
  • Once the scan is complete, a log will open.
    wRKHMXW.png
  • Copy/paste (select the Notepad, press Ctrl + A then Ctrl + C to copy, and Ctrl + V to paste) the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:03:08 AM

Posted 21 January 2015 - 12:12 PM

If its a work related machine, check with your sys/net admin there.
Just my 2c :)
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#4 johnsig

johnsig
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 January 2015 - 12:23 PM

This is my personal PC, thought this might have been left by some banking software

 

Don't see anything too scary, here is the log.

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by John (administrator) on 21-01-2015 at 12:19:08
Running from "C:\Users\John\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************


=========================== Installed Programs ============================
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Championship Spades All-Stars 7.50 (HKLM\...\ChampSpades) (Version: 7.50 - DreamQuest)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.02.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.02.02 - AlcorMicro) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Doom 3 (HKLM\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.3 - Activision)
Doom 3 (Version: 1.3 - Activision) Hidden
Download App (HKCU\...\Download App) (Version: 1.7.0 - CBS Interactive)
DS Clock (HKLM\...\DS Clock_is1) (Version: 2.4 - Duality Software)
EditPad Lite 7.3.1 (HKLM\...\EditPad Lite) (Version: 7.3.1 - Just Great Software)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version:  - )
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.009 - Gateway)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.429.0 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.6.429.0 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Links 2001 (HKLM\...\Links 2001 2.0) (Version:  - )
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 26.0.1656.60 (HKLM\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
PopMan 1.3.1 (HKLM\...\PopMan-CH-Software_is1) (Version:  - CH-Software)
SopCast 3.2.9 (HKLM\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Pool 3 DL (HKLM\...\{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}) (Version: 3.3.1.1 - Celeris)
Virtual Pool 4 (HKLM\...\{E801BD2A-AB6B-4B8F-9599-B164AC726EC8}) (Version: 4.1.3.6 - Celeris)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

**** End of log ****
 


Edited by johnsig, 21 January 2015 - 12:25 PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:38 PM

Posted 21 January 2015 - 12:26 PM

There's a few programs that should be updated and other uninstalled, but nothing related to IBM. Was that computer ever used in a company or on a company network? Where did you buy/get it from?

Edited by Aura., 21 January 2015 - 12:26 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 johnsig

johnsig
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 January 2015 - 12:29 PM

Purchased new from Best Buy, always used at home

 

What might I uninstall?



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:38 PM

Posted 21 January 2015 - 12:36 PM

Well, I would uninstall:
  • Adobe Reader 10.1.13 - Outdated. We are on version 11.0.10 right now;
  • GameSpy Arcade - I'm pretty sure that their service has been shutdown and discontinued?
  • Media Player Codec Pack - Uncommon codec pack, also you have VLC so you won't need a codec pack for WMP. If you want one, you can use K-Lite Codec Pack, one of the most popular;
  • SopCast 3.2.9 - P2P software, could be used for illegal activities or could open door to malware on your system;
Also, I found some interesting articles here:

http://www.mymoneyblog.com/what-is-trusteer-rapport-software-is-it-safe-legit.html
http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/

Did you ever happen to come across a such situation?

Edited by Aura., 21 January 2015 - 12:37 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 johnsig

johnsig
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 January 2015 - 12:50 PM

I was hoping you would mention some of that Microsoft Visual C++ stuff. I don't know what it is but I know Microsoft insists I download it and other programs use it but surely some of the older stuff is obsolete.

 

I actually came across both of those articles before posting but have never experienced any of those things. I was concerned that there was some mention of Rapport slowing down a system but It appears that I don't even have the program installed. I have had and do have several banking relationships that I use my computer for but the only software I remember installing is Microsoft Money, which I still use for bookkeeping. No idea where these logs could have come from. I have renamed the folder and will watch out for any new developments.

 

Thanks to everyone for the help. I will address your recommended actions.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:38 PM

Posted 21 January 2015 - 12:53 PM

Microsoft Visual Redistributable C++ programs are libraries used by programs and installers and they are vital to many programs, so I strongly advice you to leave them as they are haha :) Microsoft Money can have a relation with banks, so it wouldn't surprise me if Trusteer was to come from there. Did you take a look inside the logs to see what kind of information was listed in it? If it's not personal, maybe you can post a part of a log here so we can check what it was doing exactly on your system.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 johnsig

johnsig
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 January 2015 - 01:05 PM

Well, I opened a few of them and they are not text files.They just look like giberish.I'd be happy to post one if you like.

 

Here is a complete list of them. I oinly found them because I searched my system for "chrome" after uninstalling Google Chrome to see what was left behind.

 

Oops, temp.txt wascreated so I could post this.

 

02/12/2014  04:42 PM             8,622 backend-cfg.1.log
02/12/2014  04:43 PM             7,289 backend-cfg.log
03/01/2014  08:44 AM             1,169 backend-cmd.1.log
02/28/2014  10:58 AM             1,169 backend-cmd.2.log
02/28/2014  10:48 AM             1,169 backend-cmd.3.log
03/01/2014  09:04 AM             5,279 backend-cmd.log
03/01/2014  12:02 AM           142,482 backend.1.log
02/28/2014  10:53 AM            64,716 backend.2.log
02/28/2014  10:45 AM            66,017 backend.3.log
03/01/2014  09:04 AM            95,443 backend.log
03/01/2014  09:04 AM                85 CerberusBridge.1.log
02/28/2014  10:58 AM                 0 CerberusBridge.2.log
02/28/2014  10:48 AM                 0 CerberusBridge.3.log
03/01/2014  09:04 AM                85 CerberusBridge.log
02/28/2014  12:19 PM               729 events_history.1.log
02/25/2014  02:33 PM               207 events_history.10.log
02/25/2014  12:47 PM             2,064 events_history.11.log
02/24/2014  10:50 PM               207 events_history.12.log
02/24/2014  04:23 PM             1,386 events_history.13.log
02/24/2014  10:31 AM               729 events_history.14.log
02/23/2014  10:26 AM               729 events_history.15.log
02/22/2014  06:19 PM               207 events_history.16.log
02/28/2014  10:48 AM               207 events_history.2.log
02/28/2014  10:18 AM               207 events_history.3.log
02/28/2014  09:52 AM               207 events_history.4.log
02/27/2014  10:31 AM               729 events_history.5.log
02/27/2014  09:27 AM               207 events_history.6.log
02/26/2014  10:12 PM               332 events_history.7.log
02/26/2014  08:08 PM             2,187 events_history.8.log
02/25/2014  08:11 PM               207 events_history.9.log
03/01/2014  09:04 AM             2,294 events_history.log
02/28/2014  10:58 AM            35,386 gp-in-backend.1.log
02/28/2014  10:48 AM            35,386 gp-in-backend.2.log
02/28/2014  10:18 AM            35,386 gp-in-backend.3.log
03/01/2014  09:04 AM            43,040 gp-in-backend.log
02/28/2014  11:10 AM            28,024 gp_chrome.2668.log
02/28/2014  11:10 AM            28,024 gp_chrome.4968.log
02/28/2014  11:07 AM            28,286 gp_chrome.5096.log
02/28/2014  10:41 AM            28,286 gp_chrome.5796.log
02/28/2014  11:48 PM            28,115 gp_iexplore.2760.log
02/28/2014  11:16 PM            28,115 gp_iexplore.4216.log
02/28/2014  11:48 PM            28,115 gp_iexplore.4664.log
02/28/2014  10:46 PM            27,977 gp_iexplore.5668.log
02/28/2014  11:48 PM            43,388 koan.2760.log
02/28/2014  11:15 PM           389,615 koan.4216.1.log
02/28/2014  11:15 PM           389,551 koan.4216.2.log
02/28/2014  11:15 PM           238,663 koan.4216.3.log
02/28/2014  11:16 PM           104,842 koan.4216.log
02/28/2014  11:48 PM            14,588 koan.4664.log
02/28/2014  10:46 PM            24,804 koan.5668.log
02/28/2014  10:58 AM               887 koanlight-in-backend.1.log
02/28/2014  10:48 AM               887 koanlight-in-backend.2.log
02/28/2014  10:18 AM               887 koanlight-in-backend.3.log
03/01/2014  09:04 AM             1,036 koanlight-in-backend.log
02/28/2014  11:48 PM             2,537 koanlight.2760.log
02/28/2014  11:16 PM             2,537 koanlight.4216.log
02/28/2014  11:48 PM             4,514 koanlight.4664.log
02/28/2014  10:46 PM             4,514 koanlight.5668.log
02/28/2014  11:10 AM             8,915 nikko.2668.log
02/28/2014  11:10 AM             9,248 nikko.4968.log
02/28/2014  11:07 AM             9,244 nikko.5096.log
02/28/2014  10:41 AM             9,463 nikko.5796.log
02/12/2014  04:30 PM             2,151 rvb.4784.log
03/01/2014  09:04 AM             2,155 rvb.5176.log
03/01/2014  08:48 AM                85 sysinfo.1.log
03/01/2014  12:02 AM            82,165 sysinfo.2.log
02/28/2014  11:19 PM            76,019 sysinfo.3.log
02/28/2014  10:19 PM            76,017 sysinfo.4.log
02/28/2014  09:19 PM            76,012 sysinfo.5.log
03/01/2014  09:04 AM            72,941 sysinfo.log
02/14/2014  02:44 PM            20,725 tanzan26.1572.log
02/14/2014  09:10 AM            55,105 tanzan26.1632.log
02/14/2014  01:09 PM           142,863 tanzan26.2180.1.log
02/14/2014  12:54 PM           142,742 tanzan26.2180.2.log
02/14/2014  12:39 PM           143,643 tanzan26.2180.3.log
02/14/2014  01:10 PM            11,493 tanzan26.2180.log
02/13/2014  10:58 PM            37,904 tanzan26.3736.log
03/01/2014  08:48 AM            52,085 tanzan27.4880.log
02/28/2014  11:12 PM           143,242 tanzan27.5320.1.log
02/28/2014  11:06 PM           143,896 tanzan27.5320.2.log
02/28/2014  10:58 PM           141,041 tanzan27.5320.3.log
02/28/2014  11:14 PM            44,425 tanzan27.5320.log
03/01/2014  08:56 AM           151,477 tanzan27.5804.1.log
03/01/2014  09:01 AM            75,633 tanzan27.5804.log
02/28/2014  11:51 PM           145,196 tanzan27.5844.1.log
02/28/2014  11:39 PM           144,449 tanzan27.5844.2.log
02/28/2014  11:25 PM           150,366 tanzan27.5844.3.log
03/01/2014  12:02 AM           110,224 tanzan27.5844.log
02/28/2014  10:58 AM               911 tanzanlight-in-backend.1.log
02/28/2014  10:48 AM               911 tanzanlight-in-backend.2.log
02/28/2014  10:18 AM               911 tanzanlight-in-backend.3.log
03/01/2014  09:04 AM             1,066 tanzanlight-in-backend.log
03/01/2014  08:48 AM             1,806 tanzanlight.4880.log
02/28/2014  11:14 PM             1,806 tanzanlight.5320.log
03/01/2014  09:01 AM             1,806 tanzanlight.5804.log
03/01/2014  12:02 AM             1,806 tanzanlight.5844.log
01/21/2015  12:59 PM                 0 temp.txt
02/28/2014  10:58 AM               475 vb-in-backend.1.log
02/28/2014  10:48 AM               475 vb-in-backend.2.log
02/28/2014  10:18 AM               475 vb-in-backend.3.log
03/01/2014  09:04 AM               815 vb-in-backend.log
             101 File(s)      4,297,937 bytes
               2 Dir(s)  97,135,099,904 bytes free
 


Edited by johnsig, 21 January 2015 - 01:07 PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:38 PM

Posted 21 January 2015 - 01:09 PM

I found an interesting thread on PC HelpForums, where someone seems to have the same kind of issue as you, a "ghost" installation of Trusteer.

http://www.pc-helpforum.be/topic/39041-hijackthislog-2/

Do you have a C:\ProgramData\Trusteer folder? And if the logs are in "gibberish", it most likely means that the content is encrypted.

Edited by Aura., 21 January 2015 - 01:09 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 johnsig

johnsig
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 January 2015 - 01:36 PM

I embarassed to admit that I took a year of German about 50 years ago but that might as well be sanscrit. Maybe it's Belgian

 

I do have a ProgramData\Trusteer folder and it only contains similar logfiles, smaller number smaller sizes.  I did a search on "Trusteer" and only the AppData folder shows up, wonder why.

 

You think the Trusteer issue was his problem or did those files just show up in his logs?  I searched here for Trusteer and got a lot of hits but they seemed to be just items l included in posted logs.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:38 PM

Posted 21 January 2015 - 01:38 PM

I couldn't tell to be honest. My explanation would be that you dealt with one of the mentioned banks in the article and they somehow pushed Trusteer as an extension, plugin or small utility on your system so it can be used for their safety and yours. Or you used a program in the past that used Trusteer (came packaged with it).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 johnsig

johnsig
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 January 2015 - 01:40 PM

I'm satisfied as long as nothing happens I will delete them in a few days. Thanks again for your help.



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:38 PM

Posted 21 January 2015 - 01:41 PM

No problem, my pleasure :) Good luck!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users