Suspicious processes running in Task Manager.

February 17, 2012 at 04:42:20
Specs: Windows 7
I booted up my computer this morning and found PC Tools Registry Mechanic installed. I didn't install anything, and I immediately searched the net about it. Turns out it was a legit program. I uninstalled it and continued on as usual. Then I got an idea to search the Task Manager. I found two processes, SSDMonitor and Facebook Install. I killed them without much hesistation. I didn't install anything of those. Funny thing is, Avira didn't say a word. My question is: is this just ordinary junk or is there something malicious to it? Oh, by the way, I CAN access the Avira Website, I know some viruses block it.

See More: Suspicious processes running in Task Manager.

Report •


#1
February 17, 2012 at 07:01:06
Did some research. SSDMonitor is junk file left behind by Registry Mechanic.

Report •

#2
February 17, 2012 at 07:10:08
Hello again. Facebook install is a TR/Spy.GEN2. Just read that it steals information.

Report •

#3
February 17, 2012 at 07:49:33
IMO, I would DUMP Avira and install Avast Free....MUCH better protection, and get Avast to do a bootscan on reboot.
http://filehippo.com/download_avast...
Also run a quickscan using Malwarebytes and fix all it finds
http://filehippo.com/download_avast...

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

Related Solutions

#4
February 17, 2012 at 08:05:41
OK, will try.

Report •

#5
February 17, 2012 at 08:14:30
Ummm, It seems I am getting redirected to spam websites.

Report •

#6
February 17, 2012 at 08:35:42
use these free progs in EXACTLY the order listed
1- rkill.exe
http://www.bleepingcomputer.com/dow...
2- tdss killer
http://support.kaspersky.com/faq/?q...
3- malwarebytes
run a full scan and fix all it finds and then reboot

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#7
February 17, 2012 at 08:51:28
Can I run them in safe mode or not?

Report •

#8
February 17, 2012 at 09:06:59
yes, that or normal mode

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#9
February 17, 2012 at 09:09:48
RKill Log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 17.02.2012 at 18:06:13.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\Users\ilija_iksi99\AppData\Local\Akamai\netsession_win.exe
C:\Users\ilija_iksi99\AppData\Local\Akamai\netsession_win.exe
C:\Users\ilija_iksi99\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe


Rkill completed on 17.02.2012 at 18:06:27.


Report •

#10
February 17, 2012 at 09:14:15
One more thing: What am I supposed to do with the TDSSKiller detections? Delete or what? Oh, and please post a link to MalwareBytes, Google getting redirected.

Report •

#11
February 17, 2012 at 09:42:26
The link is in response #3
what did tdss killer find? It removes unwanted rootkits if found

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#12
February 17, 2012 at 09:45:18
I didn't run it yet. Can give me the link to Malwarebytes? I'm getting redirected.

Report •

#13
February 17, 2012 at 10:03:41
http://filehippo.com/download_avast...
I told you it was in response #3...TWICE.....hmmmm

Why didn't you follow response #6?

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#14
February 17, 2012 at 10:05:50
Sry, running it now...

Report •

#15
February 17, 2012 at 10:08:41
TDSS Killer found nothing. What now?

Report •

#16
February 17, 2012 at 10:34:15
Keep moving on and run malwarebytes. TDSSKiller may not find anything. It searches for a particular series of rootkits.

mike


Report •

#17
February 17, 2012 at 12:52:53
yes, like I said in my responses...RUN all 3 utilities in the EXACT order

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#18
February 17, 2012 at 13:06:40
Heres the Malwarebytes log. NOTE: It says no action taken, but that's because I saved the log before deleting the malware.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ilija_iksi99 :: LAPTOP [administrator]

17.2.2012 19:43:46
mbam-log-2012-02-17 (21-54-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 788955
Time elapsed: 2 hour(s), 5 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Mamica\AppData\Local\Temp\msitcm.cpl (Rootkit.MBR) -> No action taken.
C:\Users\Public\Downloads\WinZumaSetup.exe (Adware.TryMedia) -> No action taken.
D:\$RECYCLE.BIN\S-1-5-21-2460506696-2778253166-2730111924-1001\$R8ECX1Q.exe (Adware.MyWebSearch) -> No action taken.
D:\Downloads\Windows 7 Activator\win7\win-egydown.exe (Riskware.Tool.CK) -> No action taken.
D:\Ċ erovanje\Terraria.v1.0.4.cracked-THETA\Terraria.v1.0.4.cracked-THETA\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken.
D:\Ċ erovanje\Terraria.v1.0.4.cracked-THETA\Terraria.v1.0.4.cracked-THETA\t-terra5\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken.

(end)


Report •

#19
February 17, 2012 at 13:10:45
Guess what? My brother just told me that he browsed the web this morning with Avira Virus Guard off. I'm furious! At least I know how I got this rootkit it mentions. The other viruses are months old. I had no idea those were viruses, though. Used them for so long. So, am I clean or not? That's it for today! Hear from you tommorow. Don't know about you guys, but here in Serbia it's half past 10 in the evening!

Report •

#20
February 18, 2012 at 04:52:50
Still infected! What do I do now?!?

Report •

#21
February 18, 2012 at 05:38:59
Its really wierd, I would have thought that between rkill and tdss, the kit would have been shut down. Slide over to safe mode, Clear your Hosts file, check your proxy, then try running the three programs again. IF you dont mind, repost the rkill and the malwarebytes logs.

mike


Report •

#22
February 18, 2012 at 07:48:19
OK, will do later. I wasn't able to post MalwareBytes log because I forgot to turn off Avira and it dleted the detections before MB. As far as I remember, those were identified as exploits.

Report •

#23
February 19, 2012 at 07:44:04
Sorry, no infection. Turns out that Avira found a file MalwareBytes didn't pay attention to. I'm clean because no more redirections, too. It's because I configured Avira to protect me not only from viruses, but other nuisances like jokes and adware.

Report •

#24
February 19, 2012 at 08:11:54
thank you for returning to let us know. hopefully thats the last of that.

mike


Report •


Ask Question