Hello, I downloaded Core Temp (from the manufacturer's site) and even though I said no to all the extra "advertising" crap, I was given two nice little malwares (Trojan Downloaders). How gracious of them.
The first thing I noticed before I knew I was infected was when I went to do a search online, another window opened up to give me the nice opportunity to search via that window. I x'd out of it immediately.
Next, I ran MALWAREBYTES and that is what told me I had those two Trojan Downloaders. One of them was a registry key for AlaPerformance, and the other one was a file located in windows\system32\drivers\svchost.exe. I had them removed.
I then went into my programs via control center and I uninstalled the Core Temp program.
The next "odd" behaviour I noted was when I restarted my computer after running malwarebytes and removing Core Temp, I logged onto my daily user account and I got a Windows pop-up message asking if I wanted to allow a file to make changes to my computer. I have never seen this message about this file before. I clicked NO. This behaviour does not happen when I log onto my Admin account, but then again, I downloaded the Core Temp from my daily user account.
The file it showed me that wanted to make changs to my computer is KVN398~1.exe. The details said it was from an unknown publisher and was on my hard drive in the system32/drivers folder. Later when looking at my System32 > Drivers folder I found KVN398nryw.exe but not the one that showed in the pop-up message. I do not know if this is the same file and/or if it is associated with the two Trojan Downloaders.
Next I did a FULL SYSTEM SCAN with Microsoft Security Essentials - No Threats Found.
Next I did a ADWcleaner scan and I did not see the same two files that I had removed with malwarebytes but it did show a few things that I am uncertain if I wanted to remove or not, so I did nothing.
Next I ran TDSSkiller - No Threats Found.
Next I ran Spybot and it found one malware with a red high-risk notation + a bunch of other tracking stuff with low-risk notations. The high-risk malware showed as: Smitfraud-C.gp located in Windows\System32\Drivers\svchost.exe. I had spybot "fix" it and the report says it was quarantined and successfully cleaned.
I restarted my computer.
Next I went into my computer's Program files and looked in my System32 drivers folder and there are still 7 files (3 files and 4 applications) from the same time and date that I had downloaded that Core Temp program, one of which is the KVN398nrw.exe application file. Not sure if you want me to list all 7 of those files here...let me know.
And the problem is still persisting where I am getting that Windows message asking if I want to allow that file to make changes to my computer.
Computer Specs: Windows 7 32-bit
Let me know if you need any further info...thanks!