Jump to content

Is WebChecker startup program a virus?


Recommended Posts

I would really appreciate some help from you knowledgeable folks out there. I am very concerned but don't quite know what to do about a startup program entry on my PC called WebChecker. While viewing startup programs using WinPatrol, I noticed a WebChecker entry with no info the command, the company, the date first detected. See below screen shot post-54073-1286133720_thumb.png

In fact, WinPatrol reports that the file for this entry cannot be found on my system. Is this a virus? I've run a Noton Internet Security 2011 scan, Malwarebytes, Housecall, and even Norton Power Eraser scans without them identifying a problem. Please continue reading as I've provided additional information in hopes that someone can help me.

Here's my HiJackThis log below. Please review it and let me know if you see any problems with the WebChecker startup entry or evidence that something is wrong.

hijackthis.log

I also navigated to the registry entry,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, which can be viewed below. The value name WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}. I have no idea what that refers to. Is this legitimated or is it something foul?

post-54073-1286134926_thumb.png

My PC's basic configuration is:

Dell XPS M1710; 4 GB ram; Windows 7 Professional 64-bit OS (fully updated).

A better understanding of what this entry means and/or help will be greatly appreciated?

Thanks in advance for your attention

Link to post
Share on other sites

Hello BlameMe! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you.

It seems this is Web Site Monitor ("webcheck.dll") who is used for web site monitoring by the Internet Explorer application. It's a legitimate technology, written by Microsoft Corporation.

Link to post
Share on other sites

Borislav, thanks for replying. I appreciated your help.

However, I still don't understand. On my system webchecker.dll is located in C:\Windows\System32.

Question 1: Why doesn't it load that dll?

The registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad has the value name WebCheck set to {E6FB5E20-DE35-11CF-9C87-00AA005127ED}. Please refer to my initial post.

Question 2: What is {E6FB5E20-DE35-11CF-9C87-00AA005127ED}?

Question 3: Can it be verified that {E6FB5E20-DE35-11CF-9C87-00AA005127ED} in fact points to C:\Windows\System32\webchecker.dll which is dated July 13, 2009 with a size of 290,304 bytes?

Answers to these question would be very helpful.

Thanks!

Link to post
Share on other sites

Why doesn't it load that dll?

I really have no answer to this question.

What is {E6FB5E20-DE35-11CF-9C87-00AA005127ED}?

It's a CLSID. More information here:

http://en.wikipedia.org/wiki/Globally_unique_identifier

Specifically for {E6FB5E20-DE35-11CF-9C87-00AA005127ED} :

http://www.systemlookup.com/O21/222-SYSDIR_webcheck_dll.html

Can it be verified that {E6FB5E20-DE35-11CF-9C87-00AA005127ED} in fact points to C:\Windows\System32\webchecker.dll which is dated July 13, 2009 with a size of 290,304 bytes?

There is no official information about its size.

Do you have a license for your Windows?

Link to post
Share on other sites

Ok-this is good information. Thank you! And yes, I am running a legitimate, licensed version of Windows 7.

So, even though the start up program entry for WebCheck on my initial post looks weird, based on the info in your post from systemlookup.com this is not malware and my system should be fine. Correct? I don't need to be concerned - correct?

Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.