Jump to content

Malware.trace will not go away


Recommended Posts

Hi and thank you for considering my issue.

A while back, I created this post on bleepingcomputer.com. Here is a brief description of my issue:

I run the free version of MBAM and it detects a File infection, in the path C://Public/Users/ASR.dat. The vendor name, as indicated by MBAM, is Malware.trace. As suggested by the employee on Bleeping Computer, I ran several utility tools, such as Temporary File Cleaner (TFC), ESET Online Scanner, Adwcleaner, and Rkill (in association with a follow-up MBAM scan). After MBAM detects this "Malware.trace", I select to quarantine, and follow by deleting it. Sometimes, a week or two will pass (in other cases it is a matter of a few days), and the virus will be detected again. I read a post by another user on Bleeping Computer, and one of the people suggested that it might be a false positive left over from a previous infection. However, the problem is this: my computer was never infected prior to MBAM detecting Malware.trace (it is a recently purchased PC). Here are my main questions:

1) is there a threat to my PC if this keeps reappearing? There is no real "obvious" sign of infection on my laptop.

2) if it needs to be removed, what should I do? None of the tools mentioned above seemed to do the trick.

Thank you very much in advance,

Alex

Link to post
Share on other sites

Hello and :welcome: :
 
 
I think that the staff will need more information in order to sort this out -- the name of the detection alone is not enough. :(
 
So, I suggest the following, in order to get a better idea of what's going on:

  • Please follow the instructions at the bottom of this post to ATTACH to your next reply here in this topic the MBAM SCAN LOG(S) that show(s) the detection.
  • AND please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

 

Thanks,
----------------------

How to get scan logs:
(Export log to save as a txt file for posting in the forum when requested)

  • MBAM may prompt to restart the computer after malware removal in order to complete the process -- allow it to do so.
  • After the restart, once you are back to the desktop, open MBAM.
  • Click on the HISTORY tab > APPLICATION LOGS.
  • Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post).
  • Click EXPORT.
  • Click TEXT FILE (*.txt)
  • In the "Save File" dialog box which appears, click on DESKTOP.
  • In the FILE NAME box, type a name for your scan log.
  • A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
  • Click OK.
  • Attach the saved log to your next reply.
Link to post
Share on other sites

Hi:

 

Thanks for the logs.

 

We will need to wait for staff/experts to formally review them.

Until then, the one thing that stands out is that you have remnants of at least 3 AV products installed (Webroot, AVG and Norton).

That is NOT advisable, as it actually reduces the computer's security and can lead to all sorts of problems (clashes, conflicts, slowdowns, instability, etc).

Even if the programs are not running, the drivers can most definitely create problems.

 

It also looks as if MBAM was installed back on 12/4/2014.

 

While we wait for someone to review your logs, you might want to do the following:

  • Fully uninstall -- using the vendor's removal tool, if available -- 2 of the 3 AVs
  • Cleanly reinstall MBAM, following the best practices here: MBAM Clean Removal Process 2x

Depending on the staff/expert review of your logs, further investigation might be needed.

 

Thanks for your patience,

Link to post
Share on other sites

Just a note about a "malware.trace" detection.
 
That isn't a detection of an actual infector or agent.  It is a detection for a; remnant of, symptom of or creation of an actual infector or agent.  For example if a trojan creates its own working data file.  That working data file may be deemed a "malware.trace".
 
That leaves us with two possibilities.
 
1.  The trojan still exists and recreates the "malware.trace" file on the fly
2.  It is a False Positive detection on the part of MBAM.
 
Maybe the best route is to start from the POV it my be a False Positive detection.
 
The objective would be to reference;  Please read before reporting a false positive and then post in;  File Detections
 
If it is NOT a False Positive detection then proceed to;  Malware Removal Help

Link to post
Share on other sites

  • Fully uninstall -- using the vendor's removal tool, if available -- 2 of the 3 AVG

 

When I installed AVG2015 and tried to uninstall it, the uninstaller tool would hang and would not finish. I tried uninstalling from the control panel and that did not work either, so I deleted the files that I could find from Safe Mode. I know that probably wasn't a good idea. What would you recommend I do to remove it? Also, I never installed Norton (it appears it came with the computer). Should I still uninstall it?

Link to post
Share on other sites

@David H. Lipman

 

I read the instructions in your link, including that I may need to restore the file from Quarantine for analysis. However, each time it quarantined the file, I would proceed to delete it as well, so does this mean I will need to wait until it reappears to continue? Thanks.

Link to post
Share on other sites

A malware.trace detected file is an artifact.  Therefore you can disable MBAM real-time, restore from quarantine,  run a scan using "/developer" until you obtain a log.  Then place file detected as malware.trace  in a ZIR or RAR and then upload it with your MBAM log.

 

Alternatively, you may post a old log showing a past detection and attach it and the ZIP or RAR file to a post.  However, in this scenario, a Malware Researcher may subsequently request  a Developer's Log.

Link to post
Share on other sites

AlexH123:
 
daledoc1 had a Malware Researcher review this thread hoping there was enough information to determine if the malware.trace was a False Positive detection or not.

 

It was enough data and the Malware Researcher has indicated it was a False Positive detection and a fix will be pushed in the next update.

Link to post
Share on other sites

@AlexH123:
 
Yes, let's see if the item detection has been fixed:

  • First of all, open the main program dashboard from your desktop shortcut icon.
  • Select Update Now.
  • Click the Scan tab, choose Threat Scan and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), open the MBAM dashboard again and click the History tab.
  • Click Application Logs and double-click the Scan Log for the scan that was just run.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and attach it to your next reply, just like you did the last time (same instructions as in my previous reply here).

It will be TODAY's scan log this time. :)

 

We'll go from there.

 

Thanks!

Link to post
Share on other sites

Hi:

 

Thank you for the log.

It is clean -- the false positive detection is gone. :)

 

Now, it might be a good idea to clean up all those extra anti-virus (AVs) applications.

Having remnants of so many AVs on the system could eventually lead to problems.

 

>>If you would like help with that and unless the staff reviewing your logs here see anything warranting a trip to the malware removal section, I suggest starting a new, separate topic in the PC Help section >>HERE<<.

 

>>When you do, it would help if you would attach BOTH of your FRST logs (the same ones you posted in Reply #4), AND if you would copy and paste this link into the body of the post:

https://forums.malwarebytes.org/index.php?/topic/162930-malwaretrace-will-not-go-away/

Thank you again,

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.