Jump to content

Recommended Posts

Hi I just recoverd from a malware/virus infection/hack and something I noticed back when I had an infection was that Hitman Pro found a trace in the regitry: s\hklm\software\classes\softsonic and so I did a full scan with MBAM and Avast and they found nothing, so after formatting and reloading my OS I scanned once again with MBAM and Avast and they found nothing but Hitman Pro found the same object in the registy again so is this a legit part of Windows registy or not?

And yes could tell I was being hacked because there where modifications done to my PC example on my 2nd user account someone was making copies of my Firefox profile folder and I also found an idex file next to my PCV Mozbackup file I had in my documents.

If anyone has any ideas if this registry file is safe or not please let me know.

Link to post
Share on other sites

  • Root Admin

It is not a default registry key but could easily have been added by all kinds of different freeware/shareware software that might have been downloaded or installed.

If you want you can run the following scanner and we'll see if anything sticks out to warrant further attentions.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Link to post
Share on other sites

It is not a default registry key but could easily have been added by all kinds of different freeware/shareware software that might have been downloaded or installed.

If you want you can run the following scanner and we'll see if anything sticks out to warrant further attentions.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


  • When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Hmm interesting I was suspecting that maybe Format Factory is putting this into the registry because it comes with it's own optional codecs to install,anyway here's the results.

Attach.txt

DDS.txt

Link to post
Share on other sites

  • Root Admin

Well I don't see anything specific for it but you do have some old Java that you need to uninstall before you do get infected

Java 7 Update 11

Java Auto Updater

Java™ 6 Update 17 (64-bit)

Your Event Logs do show something going on as far as possibly some type of software/hardware/driver conflict or something that warrants further review probably as to what's causing it.

==== Event Viewer Messages From Past Week ========

.

2/4/2013 11:57:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

2/4/2013 11:57:22 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/2/2013 12:37:09 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

2/1/2013 12:47:51 PM, Error: Service Control Manager [7023] -

2/1/2013 12:39:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).

.

==== End Of File ===========================

Programs like these "might" have some type of add/on installer (not sure as I've not installed them myself but this type of programs found on the Web often come with other software as part of the installer)

Burn.Now 4.5

CDBurnerXP

It's up to you but you might want to either review these yourself to see if you can get them corrected or if you think you might be infected I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Link to post
Share on other sites

Alright I just updated Java by using the update feature but that didn't update the 64bit version so I uninstalled the 64bit version and downloaded/reinstalled the latest version, and yes I do have CD burner XP installed not to mention from the first day I got this PC the keyboard was giving me some problems for example the F10 and F8 keys don't respond when rebooting lets say I'm trying to use DBan and I want to run it by pressing F10 I need to use an external keyboard.

And if your wondering what I have for security software besides MBAM and Avast I also use Sandboxie, SuperantiSpyware free,Hitman Pro (free demo version) and Zemana antikeylogger.

Note I didn't install SuperantiSpyware yet and Zemana isn't know to conflict with any of my products :

http://www.zemana.com/product/antilogger/overview/#compatibility

One more thing when I did a Google search for the file Hitman Pro found in the registry here's what I found : http://www.threatexpert.com/report.aspx?md5=1ff434e7658173c709fccd47db54e35a

The thing that has me concerned is that I found an idex file on my second user account before I reformated and reinstalled my OS.

Link to post
Share on other sites

  • Root Admin

It basically looks like just another one of the hundreds of toolbars used by software vendors to try and make a buck. Personally that alone is of little concern.

If all your AV and other scanners don't find any threat besides that then I wouldn't worry about it. If on the other hand you are at least somewhat possibly concerned then nothing lost by spending a few days and having one of the Experts help you scan and look for any possible infections.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.