Results 1 to 5 of 5

Thread: Need information about a Malware infection i have.

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2008-06-18, 17:14 #1
    avaldi
    avaldi is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    13

    Question Need information about a Malware infection i have.

    Hello everybody! (Sorry in advance for the long post.)

    I have a new question today, At 22:48PM, 22:52PM, 22:55PM, 22:58PM PST
    My trend micro antivirus found some infected files that it labeled "PAK_Generic.001" and PAK_Generic.005"(.005 is listed three times)
    The actual file names are as follows:

    C:\users\owner\appdata\local\temp\ww39560\internet.dll
    (22:48PM PAK_Generic.0005)

    C:\users\owner\appdata\local\temp\ww39560\schdwash.exe
    (22:52PM PAK_Generic.001)

    c:\users\owner\appdata\local\temp\ww39560\engsetup.dll
    (22:55PM PAK_Generic.005)

    C:\users\owner\appdata\local\temp\ww39560\english.dll
    (22:58PM PAK_Generic.005)

    Source type: File

    Detected by: File monitor

    First action: Quarantined success

    Second action: (Blank)

    It says it successfully quarantined them and i hit the "Delete" button, Presumably nuking the problem. The problem is this.

    1.) when I'm not using the internet i unplug the ethernet chord. (On this occasion it was out for 4 hours before the files were detected)

    2.) I was running a webroot spysweeper scan at the time trend micro found the files ( trend micro has no schedueled run times, I run it every three or so days, but it does have it's active protection active.)

    3.) Afterwards i kept my computer unplugged and ran a full trend micro scan, SPYBOT scan, full windows defender scan, and another webroot scan which found nothing to be amiss.

    So, I guess my question is thus.

    How do i find out what it was, or if it left any remnants in my system and if so how do i get rid of them?

    Also as a side note: I looked through my computer to see if anything was changed or messed up. So i looked in the properties of almost all of my files when i found something strange. This only appears in pictures.

    i have two backround pictures from sites marked as safe from Mcafee siteadvisor and browser defender.

    They are the only pictures saved to my computer(I deleted the default ones a long time ago because i didn't like them) when i looked in properties -> security tab. I see this:

    Account Unknown(S-1-5-21-2675523129-3664480364-4030225571-1001)
    Account Unknown(S-1-5-21-2675523129-3664480364-4030225571-1002)

    This only shows up for those two pictures and they have full access, However i have never looked in properties before so i don't know if it's new or not.

    Also under the scan tab (Only shows up if you have trend micro i think)
    it says it's never found a problem with them.

    So what does this all mean? (I'm on Vista if that helps)

    Thank you to anyone who takes the time to read/answer my question!
    Last edited by avaldi; 2008-06-18 at 17:18.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules