Solved Suspected Malware

I

Injust

Banned
Local time
9:57 PM
Messages
418
Hello,
Recently, I have been suspicious that there is some malware on my computer. Today, I ran TDSSKiller, a rootkit detections software, and it came up with this log (attached). There are 2 suspicious items, but they are part of programs that I normally use.
Is there anything that I should do?
Oh, just FYI, before, there was also a driver called "usbappl64.sys" that was detected as suspicious. The driver was listed as "Apple Mobile Application Support Driver". Because I didn't use QuickTime much anyway, I uninstalled it and manually deleted the driver.

EDIT: Just got a BSOD. If you want to help, please go to HERE.
 

Attachments

Last edited:

My Computer

OS
N/A
Injust,

Unsigned files are not necessarily indicative of malware...

You can go to VirusTotal, and search the MD5 for each file:

BB1FC298BE53AAB1E110F6E786BD8AC5
ABEFA4BD23329FD9BD47496BF2E58774

VirusTotal:
https://www.virustotal.com/en/#search

Enter the MD5 in the area where it says: Enter term


FYI:
MD5 = Message-Digest Algorithm, and is commonly used to check data integrity.
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Thanks. The 2 files are perfectly fine, but just unsigned. VirusTotal scanned them and there were negative.

I now need BSOD help :)
 

My Computer

OS
N/A
Just did 3 scans in avast!: a rootkit scan, an autorun scan, and a memory scan. All 3 came back clean.
 

My Computer

OS
N/A
Injust,

Glad you figured out the VirusTotal search routine.

My bad!! Mixed up the MD5 search instructions with the file scan instructions. :o Geesh!
Was in a hurry, but, that is no excuse.

As you figured out, those files are OK; no need to kill them.

Saw where you posted in the BSOD forum. That is not my thing...

However, what leads you to believe you have malware problems ?

What problems are you having, besides BSODs?

Were you having problems before removing usbappl64.sys?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Sometimes, when I use any executable file (EXE or BAT), after running them and finishing with them, I will try to delete them. But sometimes, they won’t delete. When I use the normal delete, it tells me that I need admin privileges, which I have. When I use Shift+Delete (permanent delete, skipping recycle bin), it seems to delete successful, but when I refresh, it pops back. After a while, the file deletes itself. The process is NOT running, and I have tried the program Unlocker, which did not help.
 

My Computer

OS
N/A
Try the following to see if those executables will behave as expected...

Press the Windows key and the R key simultaneously.
At the Run prompt, type: services.msc
Press: OK

At the Services window, go to: Application Experience
Double-click to open.
Set Startup type to: Automatic
Service status set to: Start
Click: Apply, and then OK

Restart the computer.

See what happens with the executables you delete.

(This issue does not strike me as a malware problem.)



If no-go, then, try the following tools to see if you can find the culprit:

ShellExView:
http://www.nirsoft.net/utils/shexview.html
If explorer.exe has the executable open, check shell extensions, as one might be incorrectly closing files that it opened.

Process Explorer:
Process Explorer
use CTRL and F and type the name of the executable to identify what is keeping it open.

Process Monitor:
Process Monitor
Shows what I/O operations are happening.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Application Experience was disabled, so I set it to automatic.
Also, shell extensions play no part, as the only ones I have are 7-Zip, avast!, and Unlocker.
I've used Process Explorer, the executable I am trying to delete is NEVER opened :P
 

My Computer

OS
N/A
Application Experience was disabled, so I set it to automatic.
Click to expand...
I presume you also started the service...;)

Try using Process Monitor (PM).

PM should show the .exe file as "Delete Pending" (marked for deletion, but not deleted yet).
The probable reason for this pending situation is that a handle to the file still exists. If the "Application Experience" service is disabled, you cannot see a handle.

The .exe file should get deleted instantly with the AE service enabled.

Also, give Process Explorer a whirl now that the AE service is no longer disabled. You might be able to see the executable.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
For now, I have had no problems with deleting files for now. I will report back if the problem arises again.
 

My Computer

OS
N/A
That's fine.

Good luck!
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
You must log in or register to reply here.

Similar threads

Aardvarkly
Checking drivers
Replies
4
Views
12K
Aardvarkly
Aardvarkly
J
Missing Directory / Restored / Programs won't run from folder?
Replies
3
Views
2K
Bree
Bree
X
Soundcard ESI JULI@ drivers suddenly fail during install
Replies
7
Views
4K
townsbg
townsbg
M
NVIDIA Driver won't install. (NO matter what it would seem)
Replies
7
Views
4K
Matt The Cat
M
M
Solved Random "ping spikes/connection resetting" on computer's end, not route
Replies
7
Views
18K
misterkay2
M
Back
Top