Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Suspected Malware

09 Mar 2013   #1
Injust

Windows 7 64-bit
 
 
Suspected Malware

Hello,
Recently, I have been suspicious that there is some malware on my computer. Today, I ran TDSSKiller, a rootkit detections software, and it came up with this log (attached). There are 2 suspicious items, but they are part of programs that I normally use.
Is there anything that I should do?
Oh, just FYI, before, there was also a driver called "usbappl64.sys" that was detected as suspicious. The driver was listed as "Apple Mobile Application Support Driver". Because I didn't use QuickTime much anyway, I uninstalled it and manually deleted the driver.

EDIT: Just got a BSOD. If you want to help, please go to HERE.




Attached Files
File Type: txt TDSSKiller.2.8.16.0_09.03.2013_13.16.24_log.txt (139.6 KB, 11 views)
My System SpecsSystem Spec
.
09 Mar 2013   #2
cottonball

Windows 7 Home Premium
 
 

Injust,

Unsigned files are not necessarily indicative of malware...

You can go to VirusTotal, and search the MD5 for each file:

BB1FC298BE53AAB1E110F6E786BD8AC5
ABEFA4BD23329FD9BD47496BF2E58774

VirusTotal:
https://www.virustotal.com/en/#search

Enter the MD5 in the area where it says: Enter term


FYI:
MD5 = Message-Digest Algorithm, and is commonly used to check data integrity.
My System SpecsSystem Spec
09 Mar 2013   #3
Injust

Windows 7 64-bit
 
 

Thanks. The 2 files are perfectly fine, but just unsigned. VirusTotal scanned them and there were negative.

I now need BSOD help
My System SpecsSystem Spec
.

09 Mar 2013   #4
Injust

Windows 7 64-bit
 
 

Just did 3 scans in avast!: a rootkit scan, an autorun scan, and a memory scan. All 3 came back clean.
My System SpecsSystem Spec
09 Mar 2013   #5
cottonball

Windows 7 Home Premium
 
 

Injust,

Glad you figured out the VirusTotal search routine.

My bad!! Mixed up the MD5 search instructions with the file scan instructions. Geesh!
Was in a hurry, but, that is no excuse.

As you figured out, those files are OK; no need to kill them.

Saw where you posted in the BSOD forum. That is not my thing...

However, what leads you to believe you have malware problems ?

What problems are you having, besides BSODs?

Were you having problems before removing usbappl64.sys?
My System SpecsSystem Spec
09 Mar 2013   #6
Injust

Windows 7 64-bit
 
 

Sometimes, when I use any executable file (EXE or BAT), after running them and finishing with them, I will try to delete them. But sometimes, they won’t delete. When I use the normal delete, it tells me that I need admin privileges, which I have. When I use Shift+Delete (permanent delete, skipping recycle bin), it seems to delete successful, but when I refresh, it pops back. After a while, the file deletes itself. The process is NOT running, and I have tried the program Unlocker, which did not help.
My System SpecsSystem Spec
09 Mar 2013   #7
cottonball

Windows 7 Home Premium
 
 

Try the following to see if those executables will behave as expected...

Press the Windows key and the R key simultaneously.
At the Run prompt, type: services.msc
Press: OK

At the Services window, go to: Application Experience
Double-click to open.
Set Startup type to: Automatic
Service status set to: Start
Click: Apply, and then OK

Restart the computer.

See what happens with the executables you delete.

(This issue does not strike me as a malware problem.)



If no-go, then, try the following tools to see if you can find the culprit:

ShellExView:
http://www.nirsoft.net/utils/shexview.html
If explorer.exe has the executable open, check shell extensions, as one might be incorrectly closing files that it opened.

Process Explorer:
Process Explorer
use CTRL and F and type the name of the executable to identify what is keeping it open.

Process Monitor:
Process Monitor
Shows what I/O operations are happening.
My System SpecsSystem Spec
09 Mar 2013   #8
Injust

Windows 7 64-bit
 
 

Application Experience was disabled, so I set it to automatic.
Also, shell extensions play no part, as the only ones I have are 7-Zip, avast!, and Unlocker.
I've used Process Explorer, the executable I am trying to delete is NEVER opened :P
My System SpecsSystem Spec
10 Mar 2013   #9
cottonball

Windows 7 Home Premium
 
 

Quote:
Application Experience was disabled, so I set it to automatic.
I presume you also started the service...

Try using Process Monitor (PM).

PM should show the .exe file as "Delete Pending" (marked for deletion, but not deleted yet).
The probable reason for this pending situation is that a handle to the file still exists. If the "Application Experience" service is disabled, you cannot see a handle.

The .exe file should get deleted instantly with the AE service enabled.

Also, give Process Explorer a whirl now that the AE service is no longer disabled. You might be able to see the executable.
My System SpecsSystem Spec
10 Mar 2013   #10
Injust

Windows 7 64-bit
 
 

For now, I have had no problems with deleting files for now. I will report back if the problem arises again.
My System SpecsSystem Spec
Reply

 Suspected Malware




Thread Tools




Similar help and support threads
Thread Forum
Suspected Malware or Virus
I am running Windows Premium 7 Home Edition and have the paid version of Kapersky installed and running. I have been trying to install Super Anti Spy to get an independent scan of my computer as I am having problems. Every time I try to download, I get the screen as shown in the attached. Can...
System Security
Suspected Malware - started with BigSeekPro - can't access Google!
Hi A friend has asked me to take a look at her son's laptop. She had tried to do some things to fix it before she gave it to me so unsure what it's original state was. She believes it had something to do with Big Seek Pro - seems to be a common malware tool from what I can find. There was no...
System Security
Suspected Malware Causing BSOD
I'm posting this thread according to Arc's and cottonball's guide in my previous thread in BSOD section to provide reports from Farbar Recovery Scan Tool and Farbar service scanner. You can check the reports in the attached file.
System Security
Random BSOD, Malware Suspected
Hello, I just had a BSOD. Everything was working fine for a few hours, then *blam*. I suspect malicious software for some reason, so can anybody help me try to find the reason? Just did an SFC scan, it's clean. Thanks! P.S. Look at my recent post HERE
BSOD Help and Support
Suspected Malware from a divix download prompt through WMP
http://s29.photobucket.com/albums/c265/StinkyPink/?action=view&current=popup.jpg Ever since i went through with this download that i was prompted to do through Windows media player for DIVIX i get this extremely annoying popup that takes one of my displays and plays random videos from the web. ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:57.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App