-
Need information about a Malware infection i have.
Hello everybody! (Sorry in advance for the long post.)
I have a new question today, At 22:48PM, 22:52PM, 22:55PM, 22:58PM PST
My trend micro antivirus found some infected files that it labeled "PAK_Generic.001" and PAK_Generic.005"(.005 is listed three times)
The actual file names are as follows:
C:\users\owner\appdata\local\temp\ww39560\internet.dll
(22:48PM PAK_Generic.0005)
C:\users\owner\appdata\local\temp\ww39560\schdwash.exe
(22:52PM PAK_Generic.001)
c:\users\owner\appdata\local\temp\ww39560\engsetup.dll
(22:55PM PAK_Generic.005)
C:\users\owner\appdata\local\temp\ww39560\english.dll
(22:58PM PAK_Generic.005)
Source type: File
Detected by: File monitor
First action: Quarantined success
Second action: (Blank)
It says it successfully quarantined them and i hit the "Delete" button, Presumably nuking the problem. The problem is this.
1.) when I'm not using the internet i unplug the ethernet chord. (On this occasion it was out for 4 hours before the files were detected)
2.) I was running a webroot spysweeper scan at the time trend micro found the files ( trend micro has no schedueled run times, I run it every three or so days, but it does have it's active protection active.)
3.) Afterwards i kept my computer unplugged and ran a full trend micro scan, SPYBOT scan, full windows defender scan, and another webroot scan which found nothing to be amiss.
So, I guess my question is thus.
How do i find out what it was, or if it left any remnants in my system and if so how do i get rid of them?
Also as a side note: I looked through my computer to see if anything was changed or messed up. So i looked in the properties of almost all of my files when i found something strange. This only appears in pictures.
i have two backround pictures from sites marked as safe from Mcafee siteadvisor and browser defender.
They are the only pictures saved to my computer(I deleted the default ones a long time ago because i didn't like them) when i looked in properties -> security tab. I see this:
Account Unknown(S-1-5-21-2675523129-3664480364-4030225571-1001)
Account Unknown(S-1-5-21-2675523129-3664480364-4030225571-1002)
This only shows up for those two pictures and they have full access, However i have never looked in properties before so i don't know if it's new or not.
Also under the scan tab (Only shows up if you have trend micro i think)
it says it's never found a problem with them.
So what does this all mean? (I'm on Vista if that helps)
Thank you to anyone who takes the time to read/answer my question!
Last edited by avaldi; 2008-06-18 at 17:18.
-
Spybot Advisor Team
Trend Micro description for PAK_Generic.001:
http://www.trendmicro.com/vinfo/viru...%2E001&VSect=P
PAK_Generic.005:
http://www.trendmicro.com/vinfo/viru...%2E005&VSect=P
These were found in your temp files,so the path is not the same.But,schdwash.exe seems to be related to Window Washer:
http://www.spywaredata.com/spyware/m...hdwash.exe.php
Unknown Account:
I found this,if it helps:
http://www.vistax64.com/vista-accoun...n-account.html
-
-
Spybot Advisor Team
You're welcome.
The PAK_Generic detections are just for suspicious files,i.e. executable files that are compressed using Win32 compression tools.So when Trend Micro detects PAK_Generic,the files might be malicious,but not necessarily so.
schdwash.exe may have just been a leftover file from Window Washer in your temp folder.(Do not worry,Webroot's window washer is not known to be malicious.)
-
Alright! I'll keep that in mind! Thanks!
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules