Jump to content

is this google chrome or is it a bad trojan?

snidely
 Share

Recommended Posts

snidely

snidely

Posted
Posted

I am about to have a breakdown and need someone to confirm this for me...My old computer died suddenly, I had the files put on a hard drive. I then bought a brand new sony computer. I put a couple of files on it from the hard drive. Then I did a malware bytes scan and it found 10 infected objects. I assumed it was the files from the external...however to make a long story short, my new sony turned out to have a windows issue (so rare) so I traded it in for a new sony last night.

I did all my windows updates, have kaspersky internet suite 2010 installed and of course downloaded malware bytes. I put nothing else on the computer. Did a scan and the same trojan shows up...so I go on google and some people say it is from google chrome and isn't a bad trojan, others disagree. Can someone please help me figure out if this is google chrome? I have searched the MB forums and come up with both sides...

The log from mbam came with the exact same thing on both computers:

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> No action taken.

C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> No action taken.

I wasn't sure if this was the right forum, so if I goofed please accept my apologies.

Thanks for your help, I need to save my sanity here!

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

This is not the full log. We need to see a developer log in order to determine if its a false positive or not.

Please click on START - RUN and type in MBAM /developer

Then check for UPDATES first and then run your normal Quick Scan and post back that complete full log and we'll review and let you know.

Link to post
Share on other sites
snidely

snidely

Posted
  • Author
Posted

Thanks for letting me know that...I have vista, I tried to do the start, run but I couldn't find MBAM/developer. Does it go under something else?

This is not the full log. We need to see a developer log in order to determine if its a false positive or not.

Please click on START - RUN and type in MBAM /developer

Then check for UPDATES first and then run your normal Quick Scan and post back that complete full log and we'll review and let you know.

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Hi snidely -

I hate to step in on AdvancedSetups' call but ensure you have done the following -

In the Run box you must leave a space between the MBAM(hit space bar)/developer -

I think if you got no result then you might not have left that one space -

That will then bring up the "normal" Malwarebytes scan box - You can then click on update first then run a quick scan -

I just tested it and found there must be a space between the last M and / (at least on my computer) -

He will correct me if this is wrong -

Thank you - :)

EDIT -

I only posted this as you replied that you typed MBAM/developer without the space -

Thank you - :)

P.S. Please hit the fast reply tab unless you are relating to a special posting -

Link to post
Share on other sites
snidely

snidely

Posted
  • Author
Posted

That tip helped! I was able to find it that way :) Thanks everyone, you are all great.

The scan appears clean as you can see below, which is good (it was the developer one). I am still perplexed as to whether Trojan BHO (partner.exe) is a google chrome bit or a bad trojan...I can't use my computer fully until I can find that out as I have sensitive client info on it...Any ideas on how to find out? The google search gave me both answers :)

Malwarebytes' Anti-Malware 1.42

Database version: 3379

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18865

12/16/2009 8:33:40 PM

mbam-log-2009-12-16 (20-33-40).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 220078

Time elapsed: 32 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
snidely

snidely

Posted
  • Author
Posted

Didn't see the fast reply, will use that now :)

The scan appears clean as you can see below, which is good (it was the developer one). I am still perplexed as to whether Trojan BHO (partner.exe) is a google chrome bit or a bad trojan...I can't use my computer fully until I can find that out as I have sensitive client info on it...Any ideas on how to find out? The google search gave me both answers sad.gif

Malwarebytes' Anti-Malware 1.42

Database version: 3379

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18865

12/16/2009 8:33:40 PM

mbam-log-2009-12-16 (20-33-40).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 220078

Time elapsed: 32 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.