Jump to content

something in syswow?


Recommended Posts

Hello

I did a windows update with several updates and restarted my computer yesterday. When it rebooted, I noticed it was running very slow and freezing up. I updated MBAM and scanned, but got no results. I downloaded rkill and ran it in safe mode and it killed 3 "conime" exe's; I ran MBAM immediately following and still no results. I ran rkill again, and this time (and all following attempts) it killed "C:\Windows\SysWOW64\InfDefaultInstall.exe". MBAM still shows nothing.

Avira found C:\Program Files (x86)\Common Files\MS\MSOLEDEBROW.DLL (amongst false hits), and quarantined it.

rkill is still killing processes that appear in the SysWOW64 folder, and I don't know what else may be lurking on my computer.

This is my play computer; I mostly play games, surf the internet, chat, and do light work on it.

I simply replaced instances of my name with "Owner" (for privacy) using Notepad in the logs--I hope that's okay.

Please help me determine what's wrong! Thank you!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6359

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

4/14/2011 3:03:04 AM

mbam-log-2011-04-14 (03-03-04).txt

Scan type: Quick scan

Objects scanned: 163816

Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Owner at 2:09:50.78 on Thu 04/14/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Microsoft

Attach.zip

Link to post
Share on other sites

THank you very much for helping me!

VirusTotal report:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: f2ba6f31e7dac6523dba1e5193f57b48

Date first seen: 2009-04-04 02:54:27 (UTC)

Date last seen: 2011-04-14 01:53:45 (UTC)

Detection ratio: 0/42

I clicked reanalyze:

File name:

InfDefaultInstall.exe

Submission date:

2011-04-15 07:49:10 (UTC)

Current status:

finished

Result:

0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.04.15.00 2011.04.15 -

AntiVir 7.11.6.133 2011.04.15 -

Antiy-AVL 2.0.3.7 2011.04.15 -

Avast 4.8.1351.0 2011.04.14 -

Avast5 5.0.677.0 2011.04.14 -

AVG 10.0.0.1190 2011.04.14 -

BitDefender 7.2 2011.04.15 -

CAT-QuickHeal 11.00 2011.04.15 -

ClamAV 0.97.0.0 2011.04.15 -

Commtouch 5.2.11.5 2011.04.15 -

Comodo 8347 2011.04.15 -

DrWeb 5.0.2.03300 2011.04.15 -

Emsisoft 5.1.0.5 2011.04.15 -

eSafe 7.0.17.0 2011.04.13 -

eTrust-Vet 36.1.8272 2011.04.14 -

F-Prot 4.6.2.117 2011.04.14 -

F-Secure 9.0.16440.0 2011.04.15 -

Fortinet 4.2.257.0 2011.04.15 -

GData 22 2011.04.15 -

Ikarus T3.1.1.103.0 2011.04.15 -

Jiangmin 13.0.900 2011.04.15 -

K7AntiVirus 9.96.4382 2011.04.13 -

Kaspersky 7.0.0.125 2011.04.15 -

McAfee 5.400.0.1158 2011.04.15 -

McAfee-GW-Edition 2010.1D 2011.04.15 -

Microsoft 1.6702 2011.04.15 -

NOD32 6042 2011.04.15 -

Norman 6.07.07 2011.04.15 -

Panda 10.0.3.5 2011.04.14 -

PCTools 7.0.3.5 2011.04.15 -

Prevx 3.0 2011.04.15 -

Rising 23.53.03.06 2011.04.14 -

Sophos 4.64.0 2011.04.15 -

SUPERAntiSpyware 4.40.0.1006 2011.04.14 -

Symantec 20101.3.2.89 2011.04.15 -

TheHacker 6.7.0.1.173 2011.04.13 -

TrendMicro 9.200.0.1012 2011.04.15 -

TrendMicro-HouseCall 9.200.0.1012 2011.04.15 -

VBA32 3.12.16.0 2011.04.13 -

VIPRE 9017 2011.04.15 -

ViRobot 2011.4.15.4411 2011.04.15 -

VirusBuster 13.6.305.0 2011.04.14 -

Additional information

MD5 : f2ba6f31e7dac6523dba1e5193f57b48

SHA1 : a2285be7a6c785219fa4a62a2dbbd17d3b7dc187

SHA256: eb66d4fe05c793f5633fb4edb37025b6a46b91d71e3b7862e5e5f87c42d97d1c

After my first post, I tried running rkill a few more times, and a C:\Windows\SysWOW64\runonce.exe showed up several times. Its VirusTotal result is also 0%, and the same with conime.exe.

The last rkill report:

Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\InfDefaultInstall.exe

C:\Windows\SysWOW64\runonce.exe

Rkill completed on 04/15/2011 at 3:48:36.

I know running rkill is unnecessary if my anti-virus softwares run, but before I noticed my computer acting slow/weird rkill always finished within 5seconds and only terminates itself. It takes a while for it to finish now, and always listing these processes.

I really don't know what I'm doing regarding viruses and how to tell if my computer is clean. MBAM says my computer is clean, Avira gives me a couple spyware in temp folders.

Can you help me make sure nothing's wrong (and I'm just being dumb)?

Thanks a lot!

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.