Malware.Trace infection

Page 1 of 2 12 LastLast

  1. dorkpixie
    Posts : 34
    Windows Pro 7 64-bit
       New #1

    Malware.Trace infection


    Good Morning. I woke this morning to see that my normal nightly full system scan by SUPERAntiSpyware found a registry malware called Malware.Trace with this information:

    HKUS\S-1-5-21-2418211180-2028737814-1402298196-1003\SOFTWARE\MICROSOFT\WINDOWS NT\Current Version\WinLogOn\ (SHELL -C:\Windows\eHome\McrMgr.exe)

    Right now SAS has it quarantined but I am concerned about root kits and keyloggers as I work from this computer from home and security is a must. I am looking for a way to find out if this I remove this file from my system from the SAS quarantine will I be done with it?

    Microsoft Security Essentials: did not find the infection
    MBam: did not find the infection
    AdAware: did not find the infection
    Norton 360: did not find the infection

    Here is my log file from SAS:
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/28/2010 at 06:30 AM

    Application Version : 4.47.1000

    Core Rules Database Version : 6081
    Trace Rules Database Version: 3893

    Scan type : Complete Scan
    Total Scan Time : 00:30:40

    Memory items scanned : 786
    Memory threats detected : 0
    Registry items scanned : 15154
    Registry threats detected : 1
    File items scanned : 53845
    File threats detected : 12

    Adware.Tracking Cookie
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@cdn.at.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@tacoda.at.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@ar.atwola[3].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@click.tigeronline[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@doubleclick[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@at.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@ar.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ar.atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@at.atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ar.atwola[1].txt

    Malware.Trace
    (x86) HKU\S-1-5-21-2418211180-2028737814-1402298196-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL


    Any help would be greatly appreciated, also as soon as possible due to work issues, need clean machine to work.
    Thank you in advance; let me know if you need more information.

    Oh, running Windows 7 Professional.
      My Computer
    Quote Quote

  3. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #2

    It looks like you're running all the right software. If something is in quarantine, that's just to keep it there for either submission or in case you accidentally took out a file that is, in fact, needed.

    Tracking cookies are becoming a all-to-common thing unfortunately. Most of the time though, they are easy enough to remove.

    Just keep an eye on your system for strange behavior (system slowness, pop ups, etc).

    MSE checks for rootkits, but if you would like another option, you can d/l Norton Power Eraser, which now has rootkit detection (you'll have to reboot for this option to run, as it checks the system before windows initilizes)

    http://security.symantec.com/nbrt/npe.asp?lcid=1033

    As with any program, be cautious using this as it can inadvertently hose your system.

    If you have any doubts, Norton offers an online scan which will d/l a AV engine into your system, it runs in a sandbox, then scans your entire drive.

    http://security.symantec.com/sscv6/h...&auth_status=0
      My Computer
    Quote Quote

  4. dorkpixie
    Posts : 34
    Windows Pro 7 64-bit
    Thread Starter
       New #3

    Hi Borg Thank you for the fast reply. One question MSE? are you referring to Microsoft Security Essentials??

    The tracking cookies are not my concern; I get those every time I scan with pretty much all my scanners; it's the Malware.Trace at the bottom that I am super concerned with. So if the file is in quarantine it cannot effect my system??
      My Computer
    Quote Quote

  6. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #4

    Yepperz....MSE (Microsoft Security Essentials)

    Depending on the level you want to check things out, Process Explorer will show you what's running on your system.

    http://technet.microsoft.com/en-us/s...rnals/bb896653
      My Computer
    Quote Quote

  7. dorkpixie
    Posts : 34
    Windows Pro 7 64-bit
    Thread Starter
       New #5

    Wasn't sure if you saw this part of the post as it was an edit.....
    The tracking cookies are not my concern; I get those every time I scan with pretty much all my scanners; it's the Malware.Trace at the bottom that I am super concerned with. So if the file is in quarantine it cannot effect my system??
      My Computer
    Quote Quote

  8. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #6

    Nope...once it's in quarantine, it's been removed from the system use and placed in a safe folder.

    Now, if you delete that from quarantine and it shows up again, that's an indication that there is something in the system & it keeps getting put back in.
      My Computer
    Quote Quote

  10. dorkpixie
    Posts : 34
    Windows Pro 7 64-bit
    Thread Starter
       New #7

    Ok, thank you for your help; glad it was an easy one for you. :)
      My Computer
    Quote Quote

  11. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #8

    Well, it looks that way. Like I said, keep an eye on your system. Malware nowadays is pretty tricky and even after apparent removal it's sometimes sitting in the background, it just changed it's spots. Glad I could help, but keep doing regular scans which is a good practice.
      My Computer
    Quote Quote

  12. EzioAuditore
    Posts : 1,036
    Winbdows 7 ultimate x64 | Ubuntu 12.04 x64 LTS
       New #9

    As far as tracking cookies, you can avoid tracking cookies by using sandboxie and browsing in a sandboxed browser. This way as soon as you delete the sandbox, everything that was saved on your disk while browsing will be gone. However, it has a 'con' that the bookmarks you made in sandboxed browser will also be gone. But atleast, it'll save you from any malicious dloads which doesn't require user's consent.
      My Computer
    Quote Quote

  13. EzioAuditore
    Posts : 1,036
    Winbdows 7 ultimate x64 | Ubuntu 12.04 x64 LTS
       New #10

    Borg 386 said:
    Well, it looks that way. Like I said, keep an eye on your system. Malware nowadays is pretty tricky and even after apparent removal it's sometimes sitting in the background, it just changed it's spots. Glad I could help, but keep doing regular scans which is a good practice.
    This and also keep an eye on your start-up items.SysInternals Autoruns is a great program for it.
    Autoruns for Windows
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Possible malware infection
in System Security

Sorry if ths is in the wrong section,,i wasn't sure where to put itl. My cother computer wont let me visit any pages at all with any browser and it also wont let me run hardly any programs either. I have cleeaned the system with Malwarebytes Anti Malware and tried to use superantispyware but...
Malware infection.
in System Security

Hi, so this all started when I clicked on a Shipment Label.exe that arrived on my email, impersonating FedEx, a minute later, I get hit by a Malware denying me internet. So, I start by running Avira which didn't find anything. So, I go onto my laptop to see what I can do, after that, I restart my...
Possible malware infection
in System Security

Hey, I have been having problems with BSODs, and have been redirected to here from the BSOD subforum. https://www.sevenforums.com/bsod-help-support/281276-recent-bsods-happening-random.html I have no idea what I should post or say here furthermore, but I do need help as it is a very big...
Malware.Trace detected
in System Security

SuperAntiSpyware detected a threat called Malware.Trace in the registry. The locations is: HKEY_USERS\S-1-5-21-2727477870-1681592241-1705532872-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL Several google results were saying that it's something that appears to be a...
Malware Infection
in System Security

hello everyone, got a problem here, i use Avast! Free AV and Malwarebytes free, i already scan everything and nothing was detected, but once in a while Avast always detect this malware infection :( Infection Details URL: ...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:59.
Find Us