Author Topic: Malware or false alarm?  (Read 4399 times)

0 Members and 1 Guest are viewing this topic.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Malware or false alarm?
« on: January 12, 2013, 09:12:07 PM »
Hi, I'm back! :smiley: I found something in ‘History’ in MSE last night, and would like to know if it’s something to worry about, or if it’s a false alarm. Leading up to this (and maybe unrelated), I had a couple of problems updating Java two nights ago, and after I updated to the latest version, something strange happened. I restarted my computer as per java's update instructions, and Win Patrol seemed to disappear from my computer. This happened directly after 'Scotty' asked me if I wanted to allow an add-on from Java. I allowed it because I took this to mean it detected that I had updated Java, but I could have misunderstood.

Right after that, the Scotty icon disappeared from the taskbar. I tried to open Win Patrol from the 'All Programs' list just to see if I could open it that way, but it wouldn't open. Today, after doing a bit of research on the internet, I decided to uninstall Java and also uninstall Win Patrol (because it wouldn't open). I figured I could reinstall Win Patrol at some point again. I uninstalled Java mainly because I wasn't really sure if I need it. I figured if 'things' don't work well from this point on I would reinstall that, too, at some point.

So that is the history up until I looked into MSE after I got a Windows 'alert' (last night) on my taskbar telling me something with MSE went awry because of 'Telemetry' something or other : P - I got this once before, and it didn't turn out to be anything important. I opened up MSE and took a look in History, nothing was in Quarantine, btw. And just a note, I started this post last night and saved it to post today. Since then I saw ravencajun's post at GW about java, and then Corrine's blog about java, so I have no qualms about uninstalling java). Do you think I should just remove the trojan from the history and forget about it (seems it was already quarantined)? Here is a copy of it from MSE History (Thank you):


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20870
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malware or false alarm?
« Reply #1 on: January 12, 2013, 09:45:45 PM »
Hi, Dianne. 

Excellent explanation of what you've done and congratulations on being free of Java!  Hopefully, you won't run into situations where you need to reinstall it in the future.  I've been free of Java for several years with no problems.

The Error Code 0x80508023 showing in the screen copy means "threat not found."  With Microsoft Security Essentials, this may be caused by a number of things, one of which is that the threat was removed by a conflicting security program that you are running at the same time as MSE.  It can also mean that the threat was blocked, coming via an infected web page, and then a scan was unable to remove it as it never saved to the browser cache.  In this case, the trojan was in Temporary Internet Files and quarantined.  Because the file is quarantined, it cannot harm your computer.  You can certainly elect to remove the quarantined file.

I don't recall at this point if I've ever had you run TFC, Temp File Cleaner by OldTimer.  It is an extremely effected tool for cleaning temp files.  Here are my standard instructions plus a bit of extra information about what TFC does:

Download TFC by Old Timer from here (direct download):  http://www.itxassociates.com/OT-Tools/TFC.exe
  • First, save any files as TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
More info:
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Let us know if you have problems reinstalling WinPatrol. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Malware or false alarm?
« Reply #2 on: January 12, 2013, 10:48:45 PM »
Hi Corrine, Thanks so much for your explanation and reassurances. It's good to know that the threat was taken care of by... something. :grin: I have MSE, Malwarebytes, Superantispyware, and Spywareblaster - so one of them must have intervened. I just wanted to double-check with you to make sure I have nothing to worry about. And, I'm glad to be rid of Java, especially since reading about how risky it is to have. Everything seems to be working fine without it.

I'm going to run TFC tomorrow, when I'm more awake.  :lol: I'll let you know how everything goes.

Thanks again!

Dianne

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20870
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malware or false alarm?
« Reply #3 on: January 12, 2013, 11:20:52 PM »
You are most welcome, Dianne!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Malware or false alarm?
« Reply #4 on: January 13, 2013, 09:58:47 AM »
I ran TFC just now. Everything went fine. Once again, thanks for your help, Corrine.

Dianne

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Malware or false alarm?
« Reply #5 on: January 13, 2013, 10:15:14 AM »
Also, I deleted TFC from my computer.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20870
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malware or false alarm?
« Reply #6 on: January 13, 2013, 12:25:15 PM »
You're welcome, Dianne. 

TFC isn't a bad tool to have around and use on occasion, especially if you notice your computer getting a bit sluggish. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Malware or false alarm?
« Reply #7 on: January 13, 2013, 08:40:52 PM »
I was wondering that, about using TFC for occasional cleanup. I think I'll keep it on my computer then. Thanks Corrine.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20870
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malware or false alarm?
« Reply #8 on: January 14, 2013, 05:40:05 PM »
You're welcome, Dianne. 

It is surprising how many temp files are accumulated and not all of them are good.   


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.