Malware.Trace infection

Page 1 of 2 12 LastLast

  1. Posts : 34
    Windows Pro 7 64-bit
       #1

    Malware.Trace infection


    Good Morning. I woke this morning to see that my normal nightly full system scan by SUPERAntiSpyware found a registry malware called Malware.Trace with this information:

    HKUS\S-1-5-21-2418211180-2028737814-1402298196-1003\SOFTWARE\MICROSOFT\WINDOWS NT\Current Version\WinLogOn\ (SHELL -C:\Windows\eHome\McrMgr.exe)

    Right now SAS has it quarantined but I am concerned about root kits and keyloggers as I work from this computer from home and security is a must. I am looking for a way to find out if this I remove this file from my system from the SAS quarantine will I be done with it?

    Microsoft Security Essentials: did not find the infection
    MBam: did not find the infection
    AdAware: did not find the infection
    Norton 360: did not find the infection

    Here is my log file from SAS:
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/28/2010 at 06:30 AM

    Application Version : 4.47.1000

    Core Rules Database Version : 6081
    Trace Rules Database Version: 3893

    Scan type : Complete Scan
    Total Scan Time : 00:30:40

    Memory items scanned : 786
    Memory threats detected : 0
    Registry items scanned : 15154
    Registry threats detected : 1
    File items scanned : 53845
    File threats detected : 12

    Adware.Tracking Cookie
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@cdn.at.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@tacoda.at.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@ar.atwola[3].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@click.tigeronline[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@doubleclick[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@at.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\shannon@ar.atwola[1].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ar.atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@at.atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@atwola[2].txt
    C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Cookies\Low\shannon@ar.atwola[1].txt

    Malware.Trace
    (x86) HKU\S-1-5-21-2418211180-2028737814-1402298196-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL


    Any help would be greatly appreciated, also as soon as possible due to work issues, need clean machine to work.
    Thank you in advance; let me know if you need more information.

    Oh, running Windows 7 Professional.
      My Computer


  2. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #2

    It looks like you're running all the right software. If something is in quarantine, that's just to keep it there for either submission or in case you accidentally took out a file that is, in fact, needed.

    Tracking cookies are becoming a all-to-common thing unfortunately. Most of the time though, they are easy enough to remove.

    Just keep an eye on your system for strange behavior (system slowness, pop ups, etc).

    MSE checks for rootkits, but if you would like another option, you can d/l Norton Power Eraser, which now has rootkit detection (you'll have to reboot for this option to run, as it checks the system before windows initilizes)

    http://security.symantec.com/nbrt/npe.asp?lcid=1033

    As with any program, be cautious using this as it can inadvertently hose your system.

    If you have any doubts, Norton offers an online scan which will d/l a AV engine into your system, it runs in a sandbox, then scans your entire drive.

    http://security.symantec.com/sscv6/h...&auth_status=0
      My Computer


  3. Posts : 34
    Windows Pro 7 64-bit
    Thread Starter
       #3

    Hi Borg Thank you for the fast reply. One question MSE? are you referring to Microsoft Security Essentials??

    The tracking cookies are not my concern; I get those every time I scan with pretty much all my scanners; it's the Malware.Trace at the bottom that I am super concerned with. So if the file is in quarantine it cannot effect my system??
      My Computer


  4. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #4

    Yepperz....MSE (Microsoft Security Essentials)

    Depending on the level you want to check things out, Process Explorer will show you what's running on your system.

    http://technet.microsoft.com/en-us/s...rnals/bb896653
      My Computer


  5. Posts : 34
    Windows Pro 7 64-bit
    Thread Starter
       #5

    Wasn't sure if you saw this part of the post as it was an edit.....
    The tracking cookies are not my concern; I get those every time I scan with pretty much all my scanners; it's the Malware.Trace at the bottom that I am super concerned with. So if the file is in quarantine it cannot effect my system??
      My Computer


  6. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #6

    Nope...once it's in quarantine, it's been removed from the system use and placed in a safe folder.

    Now, if you delete that from quarantine and it shows up again, that's an indication that there is something in the system & it keeps getting put back in.
      My Computer


  7. Posts : 34
    Windows Pro 7 64-bit
    Thread Starter
       #7

    Ok, thank you for your help; glad it was an easy one for you. :)
      My Computer


  8. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #8

    Well, it looks that way. Like I said, keep an eye on your system. Malware nowadays is pretty tricky and even after apparent removal it's sometimes sitting in the background, it just changed it's spots. Glad I could help, but keep doing regular scans which is a good practice.
      My Computer


  9. Posts : 1,036
    Winbdows 7 ultimate x64 | Ubuntu 12.04 x64 LTS
       #9

    As far as tracking cookies, you can avoid tracking cookies by using sandboxie and browsing in a sandboxed browser. This way as soon as you delete the sandbox, everything that was saved on your disk while browsing will be gone. However, it has a 'con' that the bookmarks you made in sandboxed browser will also be gone. But atleast, it'll save you from any malicious dloads which doesn't require user's consent.
      My Computer


  10. Posts : 1,036
    Winbdows 7 ultimate x64 | Ubuntu 12.04 x64 LTS
       #10

    Borg 386 said:
    Well, it looks that way. Like I said, keep an eye on your system. Malware nowadays is pretty tricky and even after apparent removal it's sometimes sitting in the background, it just changed it's spots. Glad I could help, but keep doing regular scans which is a good practice.
    This and also keep an eye on your start-up items.SysInternals Autoruns is a great program for it.
    Autoruns for Windows
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:33.
Find Us