SHOP PRODUCTS
Houzz Logo Print
dee_can1

Spyware found

dee_can1
11 years ago

I ran a scan yesterday with Malwarebytes, and for the first time it found something (in my Toshiba DVD Player of all things - huh? Any idea how I got this?). Coincidentally, my daily morning antivirus scan did not find it (I use AVG Free). I quarantined and deleted the file, and everything seems to be running fine. Is there anything else I need to do, ie. could my computer be infected still somehow? I'll post a copy of the log file. Thank you for looking.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.01.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

01/08/2012 10:24:30 AM

mbam-log-2012-08-01 (10-24-30).txt

Scan type: Full scan (C:\:)

Scan options enabled: Memory : Startup : Registry : File System : Heuristics/Extra : Heuristics/Shuriken : PUP : PUM

Scan options disabled: P2P

Objects scanned: 387129

Time elapsed: 1 hour(s), 5 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\TOSAPINS\TOSHIBA-DVD-Player\DirectX\tdxinstall.exe (Spyware.Zbot.OUT) -> Quarantined and deleted successfully.

(end)

Comments (34)

  • ravencajun Zone 8b TX
    11 years ago

    Hi
    Lets run you over to the LzD forum and have you post your own thread there you will need to do some more intense scans and the team there will guide you step by step in the process.
    Go to the link I provide, register there, then start your own post in the area I am linking you to which is the malware removal. Please post what you have posted here over there too.
    I am on that forum also so if you need any help just let me know.
    This is definitely one we need to look at because it can change it's name.

    Analysis and Malware Removal

    I will be watching for you there.
    In the mean time don't use this pc for any type of financial transactions.

  • Elmer J Fudd
    11 years ago

    The file was not found in the DVD drive, it was on the PC's hard drive, in the folder where software and files for the DVD drive are stored. DVD drives don't have memory storage that can be accessed for non-mission related files.

    Nothing further for you to do.

  • Related Discussions

    SUPERAntiSpyware scan

    Q

    Comments (3)
    Sugar_fl why don't you go on back to the other forum (LzD)and post this there, it looks like you have Vundo infection which is pretty serious, since you are already familiar with them there and are registered you can get assistance quickly. Do start a new thread though for this in the same area you have posted in the past.
    ...See More

    Microsoft Works 2006 closing/ error

    Q

    Comments (2)
    Thanks, Bob, My sister was phoned back by a Microsoft rep. She was told to do the following : " Go into your control panel, printers and faxes and add an HPDeskjet350 as a printer and check that as default printer, then you should find that you can open your documents and print them. " The Microsoft rep. said this was only a temporary fix and HP should be contacted for a printer driver update ( which doesn't seem available since my sister tried conversing with them and was disconnected) What is quite odd is everything worked fine for about 5-6 months
    ...See More

    Same song, second verse, plus

    Q

    Comments (2)
    Hi Sue, Then I got a message about isass.exe. are you sure that's how it was spelled on the message you got? Because isass.exe. is a Trojan see link below. What did that message say? The legit Microsoft file would be lsass.exe, you can see that running in the task manager. See if isass.exe is also running in the task manager and let us know please. Here is a link that might be useful: System look up
    ...See More

    trojan system 32

    Q

    Comments (6)
    I now have a related problem. He downloaded the 15 day trial of SuperAntiSpware. I'm sure they will ask HIM for money. He doesn't have credit card & I'm not about to give him my number. What I need to know is after he finish scanning can he delete it & get the totally free one.. I know sometimes bits & pieces are left so U can't get it to work if U install it again. Can I download it.. PAY for it & send it to him as an attachment. Do U think it will install OK if I do that. We have done that before with other programs but not for something already on the computer. I also don't want to mess mine up but my thinking is if I don't run it I'll be OK. Sorry to be such a bother. You & others there have been a lifesaver to us. Dar
    ...See More
  • ravencajun Zone 8b TX
    11 years ago

    yes indeed there is much more to do as advised Dee please go on over to LzD to make sure every thing is removed, this is a know infection that does change it's name and can in fact return.

  • dee_can1
    Original Author
    11 years ago

    Thanks raven for your advice. I registered and posted at the LzD forum.

    Thanks also snidely for clarifying that it wasn't the actual DVD player that was infected - ha - I thought that sounded kind of impossible... ; ) Hopefully, the Malwarebytes did get rid of 'it', and I won't find any traces of anything.

  • mikie_gw
    11 years ago

    That can be a bad bugger. It infects other files on your pc and comes back when you use them.

  • ravencajun Zone 8b TX
    11 years ago

    I see you there and I posted the link to here for clarification. The team is from all over the world so be patient and take your time if you have any questions just ask.

  • dee_can1
    Original Author
    11 years ago

    Wonderful. : /

    I've never had problems before; I think I'm a pretty safe surfer. Anyway, one obviously got through. The only thing I've been doing differently is I've been posting on a Facebook group - other than the group (for a medical condition I have), I'm not into the fb scene. I'm wondering if I picked it up there. Maybe I clicked on photos, or links that some people have provided now that I think about it.

  • ravencajun Zone 8b TX
    11 years ago

    it very well could be happens a lot through FB.

  • DA_Mccoy
    11 years ago

    Though many times in discussion it comes under the same generic terminology of malware, virus detection and malware detection have two different target groups. This is why informed users utilize multiple detection applications.

    DA

  • ravencajun Zone 8b TX
    11 years ago

    So right DA a good layered security protection is the best way to go. And of course remembering to update all of them prior to scanning.

  • DA_Mccoy
    11 years ago

    Plus, we should always continue to promote the best prevention is user knowledge. This responsibility must include Internet awareness, system safety, e-mail discipline, and safe surfing techniques.

    DA

  • dee_can1
    Original Author
    11 years ago

    What are the multiple detection applications that you recommend? I think I'm going to change my anti-virus program since AVG did not detect anything amiss during my daily scans.

    I'm not really getting anywhere with the steps I'm following to find the extent of my problems. I'm going to post about the fiasco at the other forum as soon as I get some time to even articulate everything.

    I have to say that I've been using computers for probably 15 years and don't think I've ever had a virus or malware, so it's not like I'm totally careless. I consider myself to use safe internet techniques and email discipline. I'm maybe guilty of not updating as often as I should though (although I update AVG every day, just don't run the Malwarebytes everyday). I guess I took it for granted that nothing has ever been found on my computers when I've done various scans.

  • zep516
    11 years ago

    dee can,

    Don't make any changes to the computer while your working with LDZ. I'm talking about AVG. Every computer I see infected has an Anti Virus running for the most part, Anti Virus programs are not brick walls none of them and things get through. Running old versions of adobe is just to risky though, I saw your logs. Stick with Corrine and you will get straightened out. Again don't make any changes to the computer, until your done there.

  • ravencajun Zone 8b TX
    11 years ago

    absolutely just as Corrine said in the very first post do NOT change anything, please do not give up you are making good headway you will see this is all worth the efforts.
    Many here have had to go on over to get help and everyone of them was happy they did.

    What you did not do was keep all the things updated that need updating especially the Adobe and Java, those are 2 of the biggest methods of infection these days which is why we are always stressing update update update. Those 2 things are causing the most of the really bad infections we see.
    Using secunia or one of the other scans that tells you what is out dated on your pc is really essential. Not just doing the windows updates, all things that can have security vulnerabilities must be updated regularly.

    once you are done I am sure Corrine will tell you about using Secunia if she has not already, keep it bookmarked! You can use the online scan and not install anything or use the one you install either way.
    Secunia Online Software Inspector (OSI)

    I do agree after you are done I would consider removing fully the AVG using a removal tool, please mention that to Corrine she will provide the link, and then go with Microsoft Security Essentials MSE or AVAST. both free.

    Believe me these things can happen to the most knowledgeable so it has nothing to do with that.

    as to the layered protection we mentioned I recommend
    Malwarebytes free updated and scan weekly
    Superantispyware updated and scan weekly
    Spywareblaster, update weekly and hit enable all protection no scans to do.
    Randomly do an online antivirus scan like ESET free to double check your onboard AV.
    Use a tool like secunia to check for any updates that need to be done on the pc, lots of things get security updates.
    Keep windows updates current.
    And of course a good up to date antivirus program
    and a working firewall.
    And keep your browsers updated and your flash on each updated.

  • mikie_gw
    11 years ago

    MalwareBytes Pro.. paid version. Really kind of an amazing real time guard dog. I installed and watched it with teamviewer on a Mabezat worm, very severely infected pc .. stopping the outgoing & blocking the incoming connects. Impressive... Slick !! Avira just sat quietly ... obviously bypassed.

  • DA_Mccoy
    11 years ago

    Dee,

    Of course do as you wish, but just to mention I have been using AVG Free for 6-8 years now without any concern. Like any other application there have been reported widespread concerns with definition updates and core upgrades. They were remedied quickly and efficiently.

    Nothing is 100% effective. If a product reports to be run away from it. It is already spreading falsehoods. That's why informed users layer the protection with multiple detection.

    DA

  • dee_can1
    Original Author
    11 years ago

    raven, thanks for explaining about updating Adobe and Java. It's strange because I have Java on automatic update, and it seems I'm getting an update notification pretty regularly. I obviously never updated to version 7, though, and I don't know why that didn't happen. I really thought I was updated. And with the Adobe, I'm surprised about that, too, because I do the automatic updates with the Flash Player. I haven't noticed any update notifications with the Adobe Reader, however, so I'll try to enable that. The Secunia program sounds like what I need.

    After my computer is 'fixed' hopefully, I'll download the Superantispyware and the Spywareblaster.

    mikie, the MalwareByte Pro sounds really good - I had to laugh at your description. I'll check that out before I make any decisions.

    DA, I have to admit I've been really happy with AVG all these years. And, I do realize there is no perfect program out there. I've got some decisions to make, this has been a wakeup call for me. ha

  • nearandwest
    11 years ago

    I use Secunia and it has helped me tremendously to keep up to date with my software updates. When I see that I have an insecure program, I usually just go to the program website (adobe.com, java.com, etc.) and download the latest version of the program. It's really quite simple and works well for me.

  • dee_can1
    Original Author
    11 years ago

    Good advice near. I'm definitely going to download Secunia. I'm not quite finished with my computer clean up yet, though. Getting there.

  • nearandwest
    11 years ago

    Hi dee_can:

    I've been following your progress over on landzdown. You're doing great! It appears that the original spyware problem is resolved. Those folks have been quite helpful for you.

    I run a Secunia check about once a week. Since I have installed Secunia, I haven't had a single issue with malware or other harmful programs.

  • ravencajun Zone 8b TX
    11 years ago

    Yes you are doing great at LzD and lucky that the second trojan was found during all the scans too!

    Just be sure with Java that you MUST remove any old out of date versions and not leave them on the pc, I am sure you will hear about that at LzD. It is the old versions that cause vulnerabilities just by being on the pc.

    Many people do have malware on their pc they just never knew it was there till they start to have a problem or decide to run a malware program like malwarebytes. I can not tell you how many I have seen that said I have never had anything ever on my pc and turns out they had and it had been there a while. We sometimes get complacent and think oh the antivirus program will catch it all, but unfortunately they don't. It takes the effort on our part to run all the scans update all that needs updating and being alert careful users and of course not go to dodgy sites LOL

  • dee_can1
    Original Author
    11 years ago

    Thanks near and raven. I'm very thankful to the people over at LzD. Yes, I'm lucky to find the second trojan. I guess you can never know how long these things have been on your computer? For all I know the Zbot.OUT (and that second trojan) could have been there a long time, but I doubt it since I ran a Malwarebytes a month (ha - yes, a whole month!) prior to finding it last week. Obviously, I've learned my lesson and will now scan much more frequently, especially since I'm going to be adding more security programs like the Secunia and the other recommendations by Corinne. Also, when I download the Secunia I will run it at least once a week, thanks for the advice near.

    Also, my computer didn't seem to run any differently than it has been all along. It didn't seem to run slowly, or anything like that. So I'm happy Malwarebytes found it and deleted it.

    I do find it strange too since I have Java Update why it didn't update to version 7. So, yeah, I'll be more diligent about keeping on top of things. And, I'll do my best stay away from dodgy sites - lol. (Not that I go to dodgy sites...)

  • dee_can1
    Original Author
    11 years ago

    btw, I'm also thankful to the people here for helping me, too.

  • nearandwest
    11 years ago

    Now, aren't you glad you posted here and on landzdown for help? I know you must be feeling better about your computer security now.

    1. Don't assume that Windows Updates is installing all your updates. Check Windows Updates weekly to insure that all your Windows updates are installed.

    2. Use Microsoft Security Essentials as your anti-virus program and set it to update and run automatically on a weekly schedule.

    3. Use Malwarebytes AntiMalware and keep it manually updated weekly and run a scan weekly.

    4. Use SuperAntispyware and/or SpywareBlaster and keep it updated weekly and run a weekly scan.

    5. Use Secunia and run an updated scan weekly to insure that your software programs are up to date.

    6. Use WinPatrol to keep an eye out for any changes that are made to your computer.

    I think you now know where you can go for help and answers to your questions. Good luck.

  • dee_can1
    Original Author
    11 years ago

    Yes, I do feel better about my computer security, but truthfully will feel a lot better when I get it all sorted out. Is it just me, or do you have to be a rocket scientist to understand SpywareBlaster? lol

    First of all, under Protection Status, Internet Explorer Protection, I ticked off both Active X Protection and Cookie Protection not being sure if I should do that. ie. Do I want to protect my PC from ALL Active X and ALL cookies? I just left the 'Block List' alone since SpywareBlaster has 355 items selected, and since I don't know what I want to block or not block. After doing this, Internet Explorer Protection is 'partially enabled'. I don't know if that's what I should have.

    I have protection enabled for Restricted Sites - that, I think I understand.

    Do I want to do a System Snapshot?

    And with the Secunia, when I downloaded it I set it to automatically update out-of-date programs. Should I have selected that option, or should I manually update out-of-date programs that it finds?

    To respond to your recommendations (and thank you for making them), near:

    1. I do have Windows set to automatically update, so I'm good on that. I checked up update history, and the only updates it recommends at this time are 7 optional ones. I never done the optional updates.

    2. I'm seeing more and more recommendations for the MSE. So it only updates and runs once a week and not daily. I guess this is sufficient? I'm not sure if I'm going to switch over my AVG for something else, but MSE is in the running.

    3. Check, on the MalwareBytes. Do you usually run a full scan or a Quick Scan? I've been running the full scan mostly.

    4.Check, on the SpywareBlaster (but I have the above questions on it). I still haven't downloaded the SuperAntispyware.

    5. I downloaded the Secunia.

    6. I haven't downloaded the WinPatrol yet. I have been wondering if AVG will have a problem with it, or vice versa. But we'll see.

  • dee_can1
    Original Author
    11 years ago

    To clarify, I should say I checked both of the boxes for Active X and Cookies (in SpywareBlaster), so they are both 'on'.

  • owbist
    11 years ago

    For most people running Spywareblaster at the default settings is all that is needed. Usually only those with specific reasons will make changes.

    MSE updates as and when necessary not just weekly. The scan is done weekly and by default this takes place at 2 a.m. on Sundays or the next time the computer is started. MSE is as good as any other safety program out there provided by reputable companies, I have used it exclusively since it was first introduced with no other safety programs on this computer. That is not a recommendation for anyone else to follow suit, I simply decided to do a one man test and have so far had no regrets.

    Malwarebytes on my other confusers is run sporadically with 2 to 4 months in between unless I have ventured into sites that cause me to ponder. If I visit doubtful sites (those offering free images for example) then I will run a scan as soon as I am done with looking. You can alternate between full and quick scans whenever you feel the need, I usually run a full scan after the searching mentioned above.

    I have never used Winpatrol or Secunia because I feel they are just 2 more programs running in the background and using valuable resources. Both are excellent programs and come highly recommended and used by many.

  • dee_can1
    Original Author
    11 years ago

    Thanks, owbist,

    So, in SpywareBlaster I shouldn't have checked on the boxes for Active X and Cookies, then, I should have left those unchecked? Then again, I shouldn't have checked anything at all, I should have just downloaded SpywareBlaster and left it at that?

    I appreciate the information about MSE, too. I understand that no one is trying to push any one antivirus program on anyone, that's it's each person's choice. It's good to hear your experience with it, though. And with the other programs you mentioned.

  • ravencajun Zone 8b TX
    11 years ago

    you don't have to do a single thing to spyware blaster other than download and install it then hit the update button every week and then hit the enable all protection button to install those updates that is IT. so just go back and get it to default state as it came originally, hit update, when it updates you will see the link for enable all protection hit that and the big shield will turn green. THAT IS IT.
    do it once a week. no scans nothing it just sits there and protects you it is about the simplest security program there is.

  • ravencajun Zone 8b TX
    11 years ago

    I always run full scans with all my security programs and always MUST update it prior to scanning so that it has all the latest threats in the database. Frequency varies. I suggest at least once a month if you do anything you are worried about do a scan, see something that concerns you do a scan.
    Superantispyware can catch things that malwarebytes misses and vice versa which is why we recommend both. Scanning procedure is same as above.

    AVG used to be great I used it for years but it has undergone changes over the past few years that in my opinion are not for the better. I have not recommended it in at least 3 years now.
    I personally recommend and use MSE and AVAST free on mine, not both at the same time but on different machines of course.

    Secunia either way is fine as long as you are fully updated and all old versions of java are gone.

    winpatrol is an excellent program and will warn you before anything makes any changes to your pc

  • owbist
    11 years ago

    AVG has gone through a serious update of late. Before it was simply an anti virus, today it is an almost total anti malware package with only a keylogger missing. From my reading AVG has 10 processes running in the background while MSE has 3.

    Seems all security minded programs are upgrading and updating to cover a wider range and stay in the game to grab or keep a share of the market.

  • dee_can1
    Original Author
    11 years ago

    I decided to uninstall, then reinstall SpywareBlaster, and I followed your instructions, raven. Thank you. Also, I uninstalled AVG, and installed MSE. The first full scan with MSE took almost 5 hours. I think I saw smoke coming out of my laptop by the end of it. lol I'll give the MSE a try anyway, and if I don't like it, I'll try AVAST. I decided to set the MSE full scan for every Sunday at 1 am. The thing is, I turn my router off (and computer, too) every night before bed, so I just want to make sure that I don't need my computer connected to the internet just to do a scan, do I? I'll be leaving my computer on, though, overnight Sat/Sun, and updating MSE before shutting off the router (so, before it scans). I don't like leaving the wireless on all night, which is a controversial topic for another day, but that's just my preference. So scanning once a week might be overkill? Is this because MSE has real-time protection, so it's not like it's sitting there doing nothing until it scans? With AVG, I had it scheduled to scan everyday, this is why I'm wondering about the reason to not scan as frequently with MSE. (Although if I scanned everyday with MSE, it looks like my PC would be in pertual scan. lol)

    Superantispyware and WinPatrol are my next mission...

    owbist, I've been hearing not very good things about AVG for quite awhile now. I had never had any problems with it (as far as I knew anyway), and was quite happy with it, so I kept it. I feel a little... guilty about getting rid of it since all it did was let one little Zbot get through. ha It'll be interesting to try something new, though, and see how it goes. I will say AVG didn't take as long to scan. Hopefully this 4.5 hour scan is a one time thing (first scan, and all).

  • mikie_gw
    11 years ago

    fwiw
    MSE pauses it scans when other processes are using the cpu... its sort of user friendly that way and lets other processes have priority.. .which makes the scans seem to go on forever. But also lets you surf the net and stuff without that scan slowdown.

    MSE, if you have dual or quad cpu.. you can look in MSE settings and change processor use to 100%. I've found scans are much faster when set to 100% while I go about doing normal stuff. It will use about 50% of each un-busy core then.

  • dee_can1
    Original Author
    11 years ago

    I have a dual cpu so I'll set it for 100% then. Thanks for the tip mikie.