Sign in to follow this  
Artem of Maiya

Found possible infection. Unable to delete.

Recommended Posts

> Greetings,

>

> Found something in my registry as

> HKEY_CURRENT_USER\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8} ( screenshot attached ) that is not recognized by ad-aware. Googled it - seems something as a trojan or a virus. Tried to delete it - restores after every reboot. Did full ad-aware scan - haven't found anything.

> I'm using free edition as of currently.

>

> Artem.

post-93839-0-74061900-1358271509_thumb.jpg

  • Like 1

Share this post


Link to post
Share on other sites

Hi Artem,

 

Sure we can investigate which program in your computer that is responsible for that registry entry. Please, follow the instructions in the topic Read This Before You Post!.

Share this post


Link to post
Share on other sites

Greetings, I apologize for not replying for long.

 

About System Tray Cleaner - no. I'm not using it. Screenshot is of regedit. Ermm.. When I said "Tried to delete it" I meant "Tried to delete {B2CB09FF-2453-4f85-9F40-21C05BE4CBA8} in regedit"

I aplogize again for not beeing precise.

 

Thank you for your help. Also I'm quite busy over the month and next several to be, so my next reply could also take long.

 

Best regards.

 

Artem

Share this post


Link to post
Share on other sites

It might be something that has to do with an "USB 3.0 Host Controller Driver", see http://www.system-tray-cleaner.com/systray/programs.php?appid=130597E59242C0C1F88722CE952B64010001BA88 Click on "Click here for more details" near the bottom.

Do you have USB 3 ports or a file called nusb3mon.exe?

Share this post


Link to post
Share on other sites

Yeah, I wasn't expecting that :)

 

Do you have this folder and file?

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

Share this post


Link to post
Share on other sites

Miitsketaa!! Ghm... I mean I found It. :sleep: ( 3 seconds later ) :D

 

P.S. 4 posts\replies total for the last 4 hours. I feel like I've beaten my record for the year 2012. :)

P.P.S. Hmm... That also means I've beaten my record that was before The Apocalypse. ( deep thought )

 

Sorry, I guess that was unneeded. Couldn't withold myself from a joke though.

 

Awaiting guidance.

post-93839-0-98632300-1358818995_thumb.jpg

Share this post


Link to post
Share on other sites

A joke is always fun :D

 

Everything that I can find suggests that the register key you found, has to do with USB 3 controllers. I don't speak French or Spanish, but I think that all the French and Spanish pages have to do with a tool that is called USBFix in English. This tool is removing malicious files from USB flash drives and maybe it is useful when removing the malicious files to delete the registry key too. Maybe bad entries sometimes have been added to the registry key by an USB flash drive infection.

Share this post


Link to post
Share on other sites

Hmm... Ermm... I see... Well technically - It doesnt affect system at all, pretty much. And no quantity of network monitring shows any kind of system transgession ('s ) to something it shouldn't be. And I assume no data of any kind is being send somewhere or anywhere.( not sure about this though - didn't use any specific monitoring tools ( there was no need, till late ) ). Oh, also I speak and know russian, - so I browsed that part of the internet - found something referring to modding and programming ports. I can provide you with URL If you have a wish ( the screenshots of system meesages are in english apart the forum messages itself ). If You DO have a wish I advise you to use Full Security. You know - going in armed to the teeth. Russian forums are quite the frifgtening expirience. Starting from level of proframming up to the messages itself. Its of tghe topic though - if you'll have a wish I'll be more precise and make a few examples of ...expiriences.

 

In any case - there was information it has something to do with the serials ( Yeah - if not for the "PopupMessageAp" ). Also I assume that your knowledge in this is far greater than mine so I guess it still remains just assumptions and guesses from my side.

 

By the way - I think I'm going for a record in 2013 :)

 

Ahh, almost frogot, I applogize for not using DDS. I guess I'm the type "Trust No One" ( No, I'm not a fan of X-Files ). Not to the point of paranoia though, but close enough. It's a bit unpleasant for me to use it - leaves not much of a pleasant feeling. Though of course if it'll be totally necessary - no complaints from me. Better, I beleive, then the possibilyty of system crash.

 

Sincerely

 

Tem

Edited by Artem of Maiya

Share this post


Link to post
Share on other sites

Always good to have high goals to aim at :D

 

I think I stay away from the Russian forums ;) If you find a short piece that you find very interesting, you maybe can quote it here. I don't think that I have that much knowledge that you think.

 

After my searches for that registry key, I think that a DDS log wouldn't give anything (or is the key mentioned in the log?). You can always run an online scanner to get a second opinion about your computer as http://www.eset.com/onlinescan/

Share this post


Link to post
Share on other sites

Hi again,

 

I dont have a short, I have long one instead, though its 50%/50% russian/english ( very funny to read though :D ). To make things short - post's doesn't refer to exactly USBfix or iusb3mon.exe, yet, - in first one USBFix is mentioned as one of the tools for manual hardware/software recombination. In second - as a possible tool ( quite a vague reference, it also has *.reg extension, so maybe is totally and entirely something else ) for manual creation of boot version of a certain OS ( ;) ) on a flash USB drive made to load from BIOS included. As for iusb3mon.exe - no reference at all towards Popupetc...

 

Quite a mystery

 

Tem

Edited by Artem of Maiya

Share this post


Link to post
Share on other sites

Hi,

 

What do you mean with "manual hardware/software recombination"?

 

A registry change to make an USB flash drive bootable? That seems rather strange.

 

I agree that's a mystery :)

Share this post


Link to post
Share on other sites

Answer has been posted now when I'm back at the computer.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this