I booted up my computer this morning and found PC Tools Registry Mechanic installed. I didn't install anything, and I immediately searched the net about it. Turns out it was a legit program. I uninstalled it and continued on as usual. Then I got an idea to search the Task Manager. I found two processes, SSDMonitor and Facebook Install. I killed them without much hesistation. I didn't install anything of those. Funny thing is, Avira didn't say a word. My question is: is this just ordinary junk or is there something malicious to it? Oh, by the way, I CAN access the Avira Website, I know some viruses block it.
Did some research. SSDMonitor is junk file left behind by Registry Mechanic.
Hello again. Facebook install is a TR/Spy.GEN2. Just read that it steals information.
IMO, I would DUMP Avira and install Avast Free....MUCH better protection, and get Avast to do a bootscan on reboot.
http://filehippo.com/download_avast...
Also run a quickscan using Malwarebytes and fix all it finds
http://filehippo.com/download_avast...Some HELP in posting on Computing.net plus free progs and instructions 7 Medals
OK, will try.
Ummm, It seems I am getting redirected to spam websites.
use these free progs in EXACTLY the order listed
1- rkill.exe
http://www.bleepingcomputer.com/dow...
2- tdss killer
http://support.kaspersky.com/faq/?q...
3- malwarebytes
run a full scan and fix all it finds and then rebootSome HELP in posting on Computing.net plus free progs and instructions 7 Medals
Can I run them in safe mode or not?
yes, that or normal mode Some HELP in posting on Computing.net plus free progs and instructions 7 Medals
RKill Log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.Rkill was run on 17.02.2012 at 18:06:13.
Operating System: Windows 7 Ultimate
Processes terminated by Rkill or while it was running:C:\Users\ilija_iksi99\AppData\Local\Akamai\netsession_win.exe
C:\Users\ilija_iksi99\AppData\Local\Akamai\netsession_win.exe
C:\Users\ilija_iksi99\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe
Rkill completed on 17.02.2012 at 18:06:27.
One more thing: What am I supposed to do with the TDSSKiller detections? Delete or what? Oh, and please post a link to MalwareBytes, Google getting redirected.
The link is in response #3
what did tdss killer find? It removes unwanted rootkits if foundSome HELP in posting on Computing.net plus free progs and instructions 7 Medals
I didn't run it yet. Can give me the link to Malwarebytes? I'm getting redirected.
http://filehippo.com/download_avast...
I told you it was in response #3...TWICE.....hmmmmWhy didn't you follow response #6?
Some HELP in posting on Computing.net plus free progs and instructions 7 Medals
Sry, running it now...
TDSS Killer found nothing. What now?
Keep moving on and run malwarebytes. TDSSKiller may not find anything. It searches for a particular series of rootkits. mike
yes, like I said in my responses...RUN all 3 utilities in the EXACT order Some HELP in posting on Computing.net plus free progs and instructions 7 Medals
Heres the Malwarebytes log. NOTE: It says no action taken, but that's because I saved the log before deleting the malware.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.orgDatabase version: v2012.02.17.05
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ilija_iksi99 :: LAPTOP [administrator]17.2.2012 19:43:46
mbam-log-2012-02-17 (21-54-33).txtScan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 788955
Time elapsed: 2 hour(s), 5 minute(s), 58 second(s)Memory Processes Detected: 0
(No malicious items detected)Memory Modules Detected: 0
(No malicious items detected)Registry Keys Detected: 0
(No malicious items detected)Registry Values Detected: 0
(No malicious items detected)Registry Data Items Detected: 0
(No malicious items detected)Folders Detected: 0
(No malicious items detected)Files Detected: 6
C:\Users\Mamica\AppData\Local\Temp\msitcm.cpl (Rootkit.MBR) -> No action taken.
C:\Users\Public\Downloads\WinZumaSetup.exe (Adware.TryMedia) -> No action taken.
D:\$RECYCLE.BIN\S-1-5-21-2460506696-2778253166-2730111924-1001\$R8ECX1Q.exe (Adware.MyWebSearch) -> No action taken.
D:\Downloads\Windows 7 Activator\win7\win-egydown.exe (Riskware.Tool.CK) -> No action taken.
D:\Å erovanje\Terraria.v1.0.4.cracked-THETA\Terraria.v1.0.4.cracked-THETA\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken.
D:\Å erovanje\Terraria.v1.0.4.cracked-THETA\Terraria.v1.0.4.cracked-THETA\t-terra5\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken.(end)
Guess what? My brother just told me that he browsed the web this morning with Avira Virus Guard off. I'm furious! At least I know how I got this rootkit it mentions. The other viruses are months old. I had no idea those were viruses, though. Used them for so long. So, am I clean or not? That's it for today! Hear from you tommorow. Don't know about you guys, but here in Serbia it's half past 10 in the evening!
Still infected! What do I do now?!?
Its really wierd, I would have thought that between rkill and tdss, the kit would have been shut down. Slide over to safe mode, Clear your Hosts file, check your proxy, then try running the three programs again. IF you dont mind, repost the rkill and the malwarebytes logs. mike
OK, will do later. I wasn't able to post MalwareBytes log because I forgot to turn off Avira and it dleted the detections before MB. As far as I remember, those were identified as exploits.
Sorry, no infection. Turns out that Avira found a file MalwareBytes didn't pay attention to. I'm clean because no more redirections, too. It's because I configured Avira to protect me not only from viruses, but other nuisances like jokes and adware.
thank you for returning to let us know. hopefully thats the last of that. mike