Results 1 to 5 of 5

Thread: Need information about a Malware infection i have.

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    13

    Question Need information about a Malware infection i have.

    Hello everybody! (Sorry in advance for the long post.)

    I have a new question today, At 22:48PM, 22:52PM, 22:55PM, 22:58PM PST
    My trend micro antivirus found some infected files that it labeled "PAK_Generic.001" and PAK_Generic.005"(.005 is listed three times)
    The actual file names are as follows:

    C:\users\owner\appdata\local\temp\ww39560\internet.dll
    (22:48PM PAK_Generic.0005)

    C:\users\owner\appdata\local\temp\ww39560\schdwash.exe
    (22:52PM PAK_Generic.001)

    c:\users\owner\appdata\local\temp\ww39560\engsetup.dll
    (22:55PM PAK_Generic.005)

    C:\users\owner\appdata\local\temp\ww39560\english.dll
    (22:58PM PAK_Generic.005)

    Source type: File

    Detected by: File monitor

    First action: Quarantined success

    Second action: (Blank)

    It says it successfully quarantined them and i hit the "Delete" button, Presumably nuking the problem. The problem is this.

    1.) when I'm not using the internet i unplug the ethernet chord. (On this occasion it was out for 4 hours before the files were detected)

    2.) I was running a webroot spysweeper scan at the time trend micro found the files ( trend micro has no schedueled run times, I run it every three or so days, but it does have it's active protection active.)

    3.) Afterwards i kept my computer unplugged and ran a full trend micro scan, SPYBOT scan, full windows defender scan, and another webroot scan which found nothing to be amiss.

    So, I guess my question is thus.

    How do i find out what it was, or if it left any remnants in my system and if so how do i get rid of them?

    Also as a side note: I looked through my computer to see if anything was changed or messed up. So i looked in the properties of almost all of my files when i found something strange. This only appears in pictures.

    i have two backround pictures from sites marked as safe from Mcafee siteadvisor and browser defender.

    They are the only pictures saved to my computer(I deleted the default ones a long time ago because i didn't like them) when i looked in properties -> security tab. I see this:

    Account Unknown(S-1-5-21-2675523129-3664480364-4030225571-1001)
    Account Unknown(S-1-5-21-2675523129-3664480364-4030225571-1002)

    This only shows up for those two pictures and they have full access, However i have never looked in properties before so i don't know if it's new or not.

    Also under the scan tab (Only shows up if you have trend micro i think)
    it says it's never found a problem with them.

    So what does this all mean? (I'm on Vista if that helps)

    Thank you to anyone who takes the time to read/answer my question!
    Last edited by avaldi; 2008-06-18 at 18:18.

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,483

    Default

    Trend Micro description for PAK_Generic.001:
    http://www.trendmicro.com/vinfo/viru...%2E001&VSect=P

    PAK_Generic.005:
    http://www.trendmicro.com/vinfo/viru...%2E005&VSect=P

    These were found in your temp files,so the path is not the same.But,schdwash.exe seems to be related to Window Washer:
    http://www.spywaredata.com/spyware/m...hdwash.exe.php

    Unknown Account:
    I found this,if it helps:
    http://www.vistax64.com/vista-accoun...n-account.html

  3. #3
    Junior Member
    Join Date
    Jun 2008
    Posts
    13

    Talking

    wow, this helps a lot! I did have window washer on my computer at one time but the trial expired so i never bothered removing it. Trend micro took that fire and quarantined it and i clicked "Delete" however the application was still there.

    I uninstalled it (I forgot it was even there) as for the unknown accounts i had geek squad mess with my computer once when i bought it so that makes sense.

    the 005 files are still a mystery to me although i downloaded a windows update for " Update for Windows vista - english" so that could be it i suppose.

    Anyways, Thanks a lot! I appreciate it.

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,483

    Default

    You're welcome.

    The PAK_Generic detections are just for suspicious files,i.e. executable files that are compressed using Win32 compression tools.So when Trend Micro detects PAK_Generic,the files might be malicious,but not necessarily so.

    schdwash.exe may have just been a leftover file from Window Washer in your temp folder.(Do not worry,Webroot's window washer is not known to be malicious.)

  5. #5
    Junior Member
    Join Date
    Jun 2008
    Posts
    13

    Smile

    Alright! I'll keep that in mind! Thanks!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •