Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Malware.Trace infection

28 Dec 2010   #1

Windows Pro 7 64-bit
 
 
Malware.Trace infection

Good Morning. I woke this morning to see that my normal nightly full system scan by SUPERAntiSpyware found a registry malware called Malware.Trace with this information:

HKUS\S-1-5-21-2418211180-2028737814-1402298196-1003\SOFTWARE\MICROSOFT\WINDOWS NT\Current Version\WinLogOn\ (SHELL -C:\Windows\eHome\McrMgr.exe)

Right now SAS has it quarantined but I am concerned about root kits and keyloggers as I work from this computer from home and security is a must. I am looking for a way to find out if this I remove this file from my system from the SAS quarantine will I be done with it?

Microsoft Security Essentials: did not find the infection
MBam: did not find the infection
AdAware: did not find the infection
Norton 360: did not find the infection

Here is my log file from SAS:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 12/28/2010 at 06:30 AM

Application Version : 4.47.1000

Core Rules Database Version : 6081
Trace Rules Database Version: 3893

Scan type : Complete Scan
Total Scan Time : 00:30:40

Memory items scanned : 786
Memory threats detected : 0
Registry items scanned : 15154
Registry threats detected : 1
File items scanned : 53845
File threats detected : 12

Adware.Tracking Cookie
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@cdn.at.atwola[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@tacoda.at.atwola[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@atwola[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@ar.atwola[3].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@click.tigeronline[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@doubleclick[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@at.atwola[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@ar.atwola[1].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ar.atwola[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@at.atwola[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@atwola[2].txt
C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ar.atwola[1].txt

Malware.Trace
(x86) HKU\S-1-5-21-2418211180-2028737814-1402298196-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL


Any help would be greatly appreciated, also as soon as possible due to work issues, need clean machine to work.
Thank you in advance; let me know if you need more information.

Oh, running Windows 7 Professional.

My System SpecsSystem Spec
.

28 Dec 2010   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

It looks like you're running all the right software. If something is in quarantine, that's just to keep it there for either submission or in case you accidentally took out a file that is, in fact, needed.

Tracking cookies are becoming a all-to-common thing unfortunately. Most of the time though, they are easy enough to remove.

Just keep an eye on your system for strange behavior (system slowness, pop ups, etc).

MSE checks for rootkits, but if you would like another option, you can d/l Norton Power Eraser, which now has rootkit detection (you'll have to reboot for this option to run, as it checks the system before windows initilizes)

http://security.symantec.com/nbrt/npe.asp?lcid=1033

As with any program, be cautious using this as it can inadvertently hose your system.

If you have any doubts, Norton offers an online scan which will d/l a AV engine into your system, it runs in a sandbox, then scans your entire drive.

http://security.symantec.com/sscv6/h...&auth_status=0
My System SpecsSystem Spec
28 Dec 2010   #3

Windows Pro 7 64-bit
 
 

Hi Borg Thank you for the fast reply. One question MSE? are you referring to Microsoft Security Essentials??

The tracking cookies are not my concern; I get those every time I scan with pretty much all my scanners; it's the Malware.Trace at the bottom that I am super concerned with. So if the file is in quarantine it cannot effect my system??
My System SpecsSystem Spec
.


28 Dec 2010   #4

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Yepperz....MSE (Microsoft Security Essentials)

Depending on the level you want to check things out, Process Explorer will show you what's running on your system.

http://technet.microsoft.com/en-us/s...rnals/bb896653
My System SpecsSystem Spec
28 Dec 2010   #5

Windows Pro 7 64-bit
 
 

Wasn't sure if you saw this part of the post as it was an edit.....
The tracking cookies are not my concern; I get those every time I scan with pretty much all my scanners; it's the Malware.Trace at the bottom that I am super concerned with. So if the file is in quarantine it cannot effect my system??
My System SpecsSystem Spec
28 Dec 2010   #6

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Nope...once it's in quarantine, it's been removed from the system use and placed in a safe folder.

Now, if you delete that from quarantine and it shows up again, that's an indication that there is something in the system & it keeps getting put back in.
My System SpecsSystem Spec
28 Dec 2010   #7

Windows Pro 7 64-bit
 
 

Ok, thank you for your help; glad it was an easy one for you.
My System SpecsSystem Spec
28 Dec 2010   #8

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Well, it looks that way. Like I said, keep an eye on your system. Malware nowadays is pretty tricky and even after apparent removal it's sometimes sitting in the background, it just changed it's spots. Glad I could help, but keep doing regular scans which is a good practice.
My System SpecsSystem Spec
28 Dec 2010   #9

Winbdows 7 ultimate x64 | Ubuntu 12.04 x64 LTS
 
 

As far as tracking cookies, you can avoid tracking cookies by using sandboxie and browsing in a sandboxed browser. This way as soon as you delete the sandbox, everything that was saved on your disk while browsing will be gone. However, it has a 'con' that the bookmarks you made in sandboxed browser will also be gone. But atleast, it'll save you from any malicious dloads which doesn't require user's consent.
My System SpecsSystem Spec
28 Dec 2010   #10

Winbdows 7 ultimate x64 | Ubuntu 12.04 x64 LTS
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Well, it looks that way. Like I said, keep an eye on your system. Malware nowadays is pretty tricky and even after apparent removal it's sometimes sitting in the background, it just changed it's spots. Glad I could help, but keep doing regular scans which is a good practice.
This and also keep an eye on your start-up items.SysInternals Autoruns is a great program for it.
Autoruns for Windows
My System SpecsSystem Spec
Reply

 Malware.Trace infection





Thread Tools



Similar help and support threads for2: Malware.Trace infection
Thread Forum
Malware infection. System Security
Possible malware infection System Security
Malware or Rootkit infection? System Security
Malware/Viruses. What is the most common way of getting infection? System Security
Malware.Trace detected System Security
Malware Infection System Security
Malware Infection? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:26 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33