Return to the Computer Help Forum | Post a Follow-Up

 o
Spyware found

Posted by dee_can (My Page) on
Thu, Aug 2, 12 at 10:31

I ran a scan yesterday with Malwarebytes, and for the first time it found something (in my Toshiba DVD Player of all things - huh? Any idea how I got this?). Coincidentally, my daily morning antivirus scan did not find it (I use AVG Free). I quarantined and deleted the file, and everything seems to be running fine. Is there anything else I need to do, ie. could my computer be infected still somehow? I'll post a copy of the log file. Thank you for looking.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

01/08/2012 10:24:30 AM
mbam-log-2012-08-01 (10-24-30).txt

Scan type: Full scan (C:\:)
Scan options enabled: Memory : Startup : Registry : File System : Heuristics/Extra : Heuristics/Shuriken : PUP : PUM
Scan options disabled: P2P
Objects scanned: 387129
Time elapsed: 1 hour(s), 5 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TOSAPINS\TOSHIBA-DVD-Player\DirectX\tdxinstall.exe (Spyware.Zbot.OUT) -> Quarantined and deleted successfully.

(end)


Follow-Up Postings:

 o
RE: Spyware found

Hi
Lets run you over to the LzD forum and have you post your own thread there you will need to do some more intense scans and the team there will guide you step by step in the process.
Go to the link I provide, register there, then start your own post in the area I am linking you to which is the malware removal. Please post what you have posted here over there too.
I am on that forum also so if you need any help just let me know.
This is definitely one we need to look at because it can change it's name.

Analysis and Malware Removal

I will be watching for you there.
In the mean time don't use this pc for any type of financial transactions.


 o
RE: Spyware found

The file was not found in the DVD drive, it was on the PC's hard drive, in the folder where software and files for the DVD drive are stored. DVD drives don't have memory storage that can be accessed for non-mission related files.

Nothing further for you to do.


 o
RE: Spyware found

yes indeed there is much more to do as advised Dee please go on over to LzD to make sure every thing is removed, this is a know infection that does change it's name and can in fact return.


 o
RE: Spyware found

Thanks raven for your advice. I registered and posted at the LzD forum.

Thanks also snidely for clarifying that it wasn't the actual DVD player that was infected - ha - I thought that sounded kind of impossible... ; ) Hopefully, the Malwarebytes did get rid of 'it', and I won't find any traces of anything.


 o
RE: Spyware found

That can be a bad bugger. It infects other files on your pc and comes back when you use them.


 o
RE: Spyware found

I see you there and I posted the link to here for clarification. The team is from all over the world so be patient and take your time if you have any questions just ask.


 o
RE: Spyware found

Wonderful. : /

I've never had problems before; I think I'm a pretty safe surfer. Anyway, one obviously got through. The only thing I've been doing differently is I've been posting on a Facebook group - other than the group (for a medical condition I have), I'm not into the fb scene. I'm wondering if I picked it up there. Maybe I clicked on photos, or links that some people have provided now that I think about it.


 o
RE: Spyware found

it very well could be happens a lot through FB.


 o
RE: Spyware found

Though many times in discussion it comes under the same generic terminology of malware, virus detection and malware detection have two different target groups. This is why informed users utilize multiple detection applications.

DA


 o
RE: Spyware found

So right DA a good layered security protection is the best way to go. And of course remembering to update all of them prior to scanning.


 o
RE: Spyware found

Plus, we should always continue to promote the best prevention is user knowledge. This responsibility must include Internet awareness, system safety, e-mail discipline, and safe surfing techniques.

DA


 o
RE: Spyware found

What are the multiple detection applications that you recommend? I think I'm going to change my anti-virus program since AVG did not detect anything amiss during my daily scans.

I'm not really getting anywhere with the steps I'm following to find the extent of my problems. I'm going to post about the fiasco at the other forum as soon as I get some time to even articulate everything.

I have to say that I've been using computers for probably 15 years and don't think I've ever had a virus or malware, so it's not like I'm totally careless. I consider myself to use safe internet techniques and email discipline. I'm maybe guilty of not updating as often as I should though (although I update AVG every day, just don't run the Malwarebytes everyday). I guess I took it for granted that nothing has ever been found on my computers when I've done various scans.


 o
RE: Spyware found

dee can,

Don't make any changes to the computer while your working with LDZ. I'm talking about AVG. Every computer I see infected has an Anti Virus running for the most part, Anti Virus programs are not brick walls none of them and things get through. Running old versions of adobe is just to risky though, I saw your logs. Stick with Corrine and you will get straightened out. Again don't make any changes to the computer, until your done there.


 o
RE: Spyware found

absolutely just as Corrine said in the very first post do NOT change anything, please do not give up you are making good headway you will see this is all worth the efforts.
Many here have had to go on over to get help and everyone of them was happy they did.

What you did not do was keep all the things updated that need updating especially the Adobe and Java, those are 2 of the biggest methods of infection these days which is why we are always stressing update update update. Those 2 things are causing the most of the really bad infections we see.
Using secunia or one of the other scans that tells you what is out dated on your pc is really essential. Not just doing the windows updates, all things that can have security vulnerabilities must be updated regularly.

once you are done I am sure Corrine will tell you about using Secunia if she has not already, keep it bookmarked! You can use the online scan and not install anything or use the one you install either way.
Secunia Online Software Inspector (OSI)

I do agree after you are done I would consider removing fully the AVG using a removal tool, please mention that to Corrine she will provide the link, and then go with Microsoft Security Essentials MSE or AVAST. both free.

Believe me these things can happen to the most knowledgeable so it has nothing to do with that.

as to the layered protection we mentioned I recommend
Malwarebytes free updated and scan weekly
Superantispyware updated and scan weekly
Spywareblaster, update weekly and hit enable all protection no scans to do.
Randomly do an online antivirus scan like ESET free to double check your onboard AV.
Use a tool like secunia to check for any updates that need to be done on the pc, lots of things get security updates.
Keep windows updates current.
And of course a good up to date antivirus program
and a working firewall.
And keep your browsers updated and your flash on each updated.


 o
RE: Spyware found

MalwareBytes Pro.. paid version. Really kind of an amazing real time guard dog. I installed and watched it with teamviewer on a Mabezat worm, very severely infected pc .. stopping the outgoing & blocking the incoming connects. Impressive... Slick !! Avira just sat quietly ... obviously bypassed.


 o
RE: Spyware found

Dee,

Of course do as you wish, but just to mention I have been using AVG Free for 6-8 years now without any concern. Like any other application there have been reported widespread concerns with definition updates and core upgrades. They were remedied quickly and efficiently.

Nothing is 100% effective. If a product reports to be run away from it. It is already spreading falsehoods. That's why informed users layer the protection with multiple detection.

DA


 o
RE: Spyware found

raven, thanks for explaining about updating Adobe and Java. It's strange because I have Java on automatic update, and it seems I'm getting an update notification pretty regularly. I obviously never updated to version 7, though, and I don't know why that didn't happen. I really thought I was updated. And with the Adobe, I'm surprised about that, too, because I do the automatic updates with the Flash Player. I haven't noticed any update notifications with the Adobe Reader, however, so I'll try to enable that. The Secunia program sounds like what I need.

After my computer is 'fixed' hopefully, I'll download the Superantispyware and the Spywareblaster.

mikie, the MalwareByte Pro sounds really good - I had to laugh at your description. I'll check that out before I make any decisions.

DA, I have to admit I've been really happy with AVG all these years. And, I do realize there is no perfect program out there. I've got some decisions to make, this has been a wakeup call for me. ha


 o
RE: Spyware found

I use Secunia and it has helped me tremendously to keep up to date with my software updates. When I see that I have an insecure program, I usually just go to the program website (adobe.com, java.com, etc.) and download the latest version of the program. It's really quite simple and works well for me.


 o
RE: Spyware found

Good advice near. I'm definitely going to download Secunia. I'm not quite finished with my computer clean up yet, though. Getting there.


 o
RE: Spyware found

Hi dee_can:

I've been following your progress over on landzdown. You're doing great! It appears that the original spyware problem is resolved. Those folks have been quite helpful for you.

I run a Secunia check about once a week. Since I have installed Secunia, I haven't had a single issue with malware or other harmful programs.


 o
RE: Spyware found

Yes you are doing great at LzD and lucky that the second trojan was found during all the scans too!

Just be sure with Java that you MUST remove any old out of date versions and not leave them on the pc, I am sure you will hear about that at LzD. It is the old versions that cause vulnerabilities just by being on the pc.

Many people do have malware on their pc they just never knew it was there till they start to have a problem or decide to run a malware program like malwarebytes. I can not tell you how many I have seen that said I have never had anything ever on my pc and turns out they had and it had been there a while. We sometimes get complacent and think oh the antivirus program will catch it all, but unfortunately they don't. It takes the effort on our part to run all the scans update all that needs updating and being alert careful users and of course not go to dodgy sites LOL


 o
RE: Spyware found

Thanks near and raven. I'm very thankful to the people over at LzD. Yes, I'm lucky to find the second trojan. I guess you can never know how long these things have been on your computer? For all I know the Zbot.OUT (and that second trojan) could have been there a long time, but I doubt it since I ran a Malwarebytes a month (ha - yes, a whole month!) prior to finding it last week. Obviously, I've learned my lesson and will now scan much more frequently, especially since I'm going to be adding more security programs like the Secunia and the other recommendations by Corinne. Also, when I download the Secunia I will run it at least once a week, thanks for the advice near.

Also, my computer didn't seem to run any differently than it has been all along. It didn't seem to run slowly, or anything like that. So I'm happy Malwarebytes found it and deleted it.

I do find it strange too since I have Java Update why it didn't update to version 7. So, yeah, I'll be more diligent about keeping on top of things. And, I'll do my best stay away from dodgy sites - lol. (Not that I go to dodgy sites...)


 o
RE: Spyware found two

btw, I'm also thankful to the people here for helping me, too.


 o
RE: Spyware found

Now, aren't you glad you posted here and on landzdown for help? I know you must be feeling better about your computer security now.

1. Don't assume that Windows Updates is installing all your updates. Check Windows Updates weekly to insure that all your Windows updates are installed.

2. Use Microsoft Security Essentials as your anti-virus program and set it to update and run automatically on a weekly schedule.

3. Use Malwarebytes AntiMalware and keep it manually updated weekly and run a scan weekly.

4. Use SuperAntispyware and/or SpywareBlaster and keep it updated weekly and run a weekly scan.

5. Use Secunia and run an updated scan weekly to insure that your software programs are up to date.

6. Use WinPatrol to keep an eye out for any changes that are made to your computer.

I think you now know where you can go for help and answers to your questions. Good luck.


 o
RE: Spyware found

Yes, I do feel better about my computer security, but truthfully will feel a lot better when I get it all sorted out. Is it just me, or do you have to be a rocket scientist to understand SpywareBlaster? lol

First of all, under Protection Status, Internet Explorer Protection, I ticked off both Active X Protection and Cookie Protection not being sure if I should do that. ie. Do I want to protect my PC from ALL Active X and ALL cookies? I just left the 'Block List' alone since SpywareBlaster has 355 items selected, and since I don't know what I want to block or not block. After doing this, Internet Explorer Protection is 'partially enabled'. I don't know if that's what I should have.

I have protection enabled for Restricted Sites - that, I think I understand.

Do I want to do a System Snapshot?

And with the Secunia, when I downloaded it I set it to automatically update out-of-date programs. Should I have selected that option, or should I manually update out-of-date programs that it finds?

To respond to your recommendations (and thank you for making them), near:

1. I do have Windows set to automatically update, so I'm good on that. I checked up update history, and the only updates it recommends at this time are 7 optional ones. I never done the optional updates.

2. I'm seeing more and more recommendations for the MSE. So it only updates and runs once a week and not daily. I guess this is sufficient? I'm not sure if I'm going to switch over my AVG for something else, but MSE is in the running.

3. Check, on the MalwareBytes. Do you usually run a full scan or a Quick Scan? I've been running the full scan mostly.

4.Check, on the SpywareBlaster (but I have the above questions on it). I still haven't downloaded the SuperAntispyware.

5. I downloaded the Secunia.

6. I haven't downloaded the WinPatrol yet. I have been wondering if AVG will have a problem with it, or vice versa. But we'll see.


 o
RE: Spyware found clarification

To clarify, I should say I checked both of the boxes for Active X and Cookies (in SpywareBlaster), so they are both 'on'.


 o
RE: Spyware found

For most people running Spywareblaster at the default settings is all that is needed. Usually only those with specific reasons will make changes.

MSE updates as and when necessary not just weekly. The scan is done weekly and by default this takes place at 2 a.m. on Sundays or the next time the computer is started. MSE is as good as any other safety program out there provided by reputable companies, I have used it exclusively since it was first introduced with no other safety programs on this computer. That is not a recommendation for anyone else to follow suit, I simply decided to do a one man test and have so far had no regrets.

Malwarebytes on my other confusers is run sporadically with 2 to 4 months in between unless I have ventured into sites that cause me to ponder. If I visit doubtful sites (those offering free images for example) then I will run a scan as soon as I am done with looking. You can alternate between full and quick scans whenever you feel the need, I usually run a full scan after the searching mentioned above.

I have never used Winpatrol or Secunia because I feel they are just 2 more programs running in the background and using valuable resources. Both are excellent programs and come highly recommended and used by many.


 o
RE: Spyware found

Thanks, owbist,

So, in SpywareBlaster I shouldn't have checked on the boxes for Active X and Cookies, then, I should have left those unchecked? Then again, I shouldn't have checked anything at all, I should have just downloaded SpywareBlaster and left it at that?

I appreciate the information about MSE, too. I understand that no one is trying to push any one antivirus program on anyone, that's it's each person's choice. It's good to hear your experience with it, though. And with the other programs you mentioned.


 o
RE: Spyware found

you don't have to do a single thing to spyware blaster other than download and install it then hit the update button every week and then hit the enable all protection button to install those updates that is IT. so just go back and get it to default state as it came originally, hit update, when it updates you will see the link for enable all protection hit that and the big shield will turn green. THAT IS IT.
do it once a week. no scans nothing it just sits there and protects you it is about the simplest security program there is.


 o
RE: Spyware found

I always run full scans with all my security programs and always MUST update it prior to scanning so that it has all the latest threats in the database. Frequency varies. I suggest at least once a month if you do anything you are worried about do a scan, see something that concerns you do a scan.
Superantispyware can catch things that malwarebytes misses and vice versa which is why we recommend both. Scanning procedure is same as above.

AVG used to be great I used it for years but it has undergone changes over the past few years that in my opinion are not for the better. I have not recommended it in at least 3 years now.
I personally recommend and use MSE and AVAST free on mine, not both at the same time but on different machines of course.

Secunia either way is fine as long as you are fully updated and all old versions of java are gone.

winpatrol is an excellent program and will warn you before anything makes any changes to your pc


 o
RE: Spyware found

AVG has gone through a serious update of late. Before it was simply an anti virus, today it is an almost total anti malware package with only a keylogger missing. From my reading AVG has 10 processes running in the background while MSE has 3.

Seems all security minded programs are upgrading and updating to cover a wider range and stay in the game to grab or keep a share of the market.


 o
RE: Spyware found

I decided to uninstall, then reinstall SpywareBlaster, and I followed your instructions, raven. Thank you. Also, I uninstalled AVG, and installed MSE. The first full scan with MSE took almost 5 hours. I think I saw smoke coming out of my laptop by the end of it. lol I'll give the MSE a try anyway, and if I don't like it, I'll try AVAST. I decided to set the MSE full scan for every Sunday at 1 am. The thing is, I turn my router off (and computer, too) every night before bed, so I just want to make sure that I don't need my computer connected to the internet just to do a scan, do I? I'll be leaving my computer on, though, overnight Sat/Sun, and updating MSE before shutting off the router (so, before it scans). I don't like leaving the wireless on all night, which is a controversial topic for another day, but that's just my preference. So scanning once a week might be overkill? Is this because MSE has real-time protection, so it's not like it's sitting there doing nothing until it scans? With AVG, I had it scheduled to scan everyday, this is why I'm wondering about the reason to not scan as frequently with MSE. (Although if I scanned everyday with MSE, it looks like my PC would be in pertual scan. lol)

Superantispyware and WinPatrol are my next mission...

owbist, I've been hearing not very good things about AVG for quite awhile now. I had never had any problems with it (as far as I knew anyway), and was quite happy with it, so I kept it. I feel a little... guilty about getting rid of it since all it did was let one little Zbot get through. ha It'll be interesting to try something new, though, and see how it goes. I will say AVG didn't take as long to scan. Hopefully this 4.5 hour scan is a one time thing (first scan, and all).


 o
RE: Spyware found

fwiw
MSE pauses it scans when other processes are using the cpu... its sort of user friendly that way and lets other processes have priority.. .which makes the scans seem to go on forever. But also lets you surf the net and stuff without that scan slowdown.

MSE, if you have dual or quad cpu.. you can look in MSE settings and change processor use to 100%. I've found scans are much faster when set to 100% while I go about doing normal stuff. It will use about 50% of each un-busy core then.


 o
RE: Spyware found

I have a dual cpu so I'll set it for 100% then. Thanks for the tip mikie.


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here