Suspected Malware

Page 1 of 2 12 LastLast

  1. Posts : 418
    N/A
       #1

    Suspected Malware


    Hello,
    Recently, I have been suspicious that there is some malware on my computer. Today, I ran TDSSKiller, a rootkit detections software, and it came up with this log (attached). There are 2 suspicious items, but they are part of programs that I normally use.
    Is there anything that I should do?
    Oh, just FYI, before, there was also a driver called "usbappl64.sys" that was detected as suspicious. The driver was listed as "Apple Mobile Application Support Driver". Because I didn't use QuickTime much anyway, I uninstalled it and manually deleted the driver.

    EDIT: Just got a BSOD. If you want to help, please go to HERE.
    Suspected Malware Attached Files
    Last edited by Injust; 09 Mar 2013 at 13:48.
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #2

    Injust,

    Unsigned files are not necessarily indicative of malware...

    You can go to VirusTotal, and search the MD5 for each file:

    BB1FC298BE53AAB1E110F6E786BD8AC5
    ABEFA4BD23329FD9BD47496BF2E58774

    VirusTotal:
    https://www.virustotal.com/en/#search

    Enter the MD5 in the area where it says: Enter term


    FYI:
    MD5 = Message-Digest Algorithm, and is commonly used to check data integrity.
    Last edited by cottonball; 09 Mar 2013 at 17:47. Reason: Gave file instructions vs. MD5
      My Computer


  3. Posts : 418
    N/A
    Thread Starter
       #3

    Thanks. The 2 files are perfectly fine, but just unsigned. VirusTotal scanned them and there were negative.

    I now need BSOD help :)
      My Computer


  4. Posts : 418
    N/A
    Thread Starter
       #4

    Just did 3 scans in avast!: a rootkit scan, an autorun scan, and a memory scan. All 3 came back clean.
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #5

    Injust,

    Glad you figured out the VirusTotal search routine.

    My bad!! Mixed up the MD5 search instructions with the file scan instructions. Geesh!
    Was in a hurry, but, that is no excuse.

    As you figured out, those files are OK; no need to kill them.

    Saw where you posted in the BSOD forum. That is not my thing...

    However, what leads you to believe you have malware problems ?

    What problems are you having, besides BSODs?

    Were you having problems before removing usbappl64.sys?
      My Computer


  6. Posts : 418
    N/A
    Thread Starter
       #6

    Sometimes, when I use any executable file (EXE or BAT), after running them and finishing with them, I will try to delete them. But sometimes, they won’t delete. When I use the normal delete, it tells me that I need admin privileges, which I have. When I use Shift+Delete (permanent delete, skipping recycle bin), it seems to delete successful, but when I refresh, it pops back. After a while, the file deletes itself. The process is NOT running, and I have tried the program Unlocker, which did not help.
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #7

    Try the following to see if those executables will behave as expected...

    Press the Windows key and the R key simultaneously.
    At the Run prompt, type: services.msc
    Press: OK

    At the Services window, go to: Application Experience
    Double-click to open.
    Set Startup type to: Automatic
    Service status set to: Start
    Click: Apply, and then OK

    Restart the computer.

    See what happens with the executables you delete.

    (This issue does not strike me as a malware problem.)



    If no-go, then, try the following tools to see if you can find the culprit:

    ShellExView:
    http://www.nirsoft.net/utils/shexview.html
    If explorer.exe has the executable open, check shell extensions, as one might be incorrectly closing files that it opened.

    Process Explorer:
    Process Explorer
    use CTRL and F and type the name of the executable to identify what is keeping it open.

    Process Monitor:
    Process Monitor
    Shows what I/O operations are happening.
      My Computer


  8. Posts : 418
    N/A
    Thread Starter
       #8

    Application Experience was disabled, so I set it to automatic.
    Also, shell extensions play no part, as the only ones I have are 7-Zip, avast!, and Unlocker.
    I've used Process Explorer, the executable I am trying to delete is NEVER opened :P
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #9

    Application Experience was disabled, so I set it to automatic.
    I presume you also started the service...

    Try using Process Monitor (PM).

    PM should show the .exe file as "Delete Pending" (marked for deletion, but not deleted yet).
    The probable reason for this pending situation is that a handle to the file still exists. If the "Application Experience" service is disabled, you cannot see a handle.

    The .exe file should get deleted instantly with the AE service enabled.

    Also, give Process Explorer a whirl now that the AE service is no longer disabled. You might be able to see the executable.
      My Computer


  10. Posts : 418
    N/A
    Thread Starter
       #10

    For now, I have had no problems with deleting files for now. I will report back if the problem arises again.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:33.
Find Us