Found malware.trace in addon.dat file (not sure if I've corrected problem)

By dk272
Oct 17, 2009
  1. Hello, recently malwarebytes detected that one file was infected with "malware.trace" in the file addon.dat. I tried to clean and quarantine it with malwarebytes but every time it said it had successfully removed the threat it came back upon post scan with computer restart. Before reaching your forum I used Combofix and now I am not sure if It is completely gone (I have the log from it saved). I am going through your 8 step process as we speak and will post logs when I am done.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, dk. I'll help you with the problem as soon as you get the logs up. Don't do an Edit and put them the original post because I will not get email notice.

    Instead, run the programs and attach the logs from Malwarebytes and Superantispyware.
    Paste the HijackThis log in the reply.
  3. dk272

    dk272 TS Rookie Topic Starter

    Hello and thank you Bobbye for taking time out of your schedule to help me with this annoyance. I must first say that when I ran combofix I did Not do so from my desktop and I have not uninstalled it yet either. Also my Malwarebytes was not updated but I have updated today 10/18/2009 and have ran a full system scan, again it finds malware.trace in the same file path and keeps saying it has been successfully removed but upon reboot it is always back. So here are the the Logs from combofix, malwarebytes and hjackthis. (Tried to paste the log from hijack this but it said I couldn't post links yet?? idk so I attached it sorry)

    Hello, bumping again > I just did a scan with Avira and it found 14 traces of malware/viruses (it asked if I wanted to repair and of course I did but it says they were all moved and nothing was deleted ?! kind of confused >everything is sitting in the "event" category in avira. Also it would not let me update avira? I tried 3x and they all failed? I am starting to get worried please respond thank you. I have the log for it which I will post as well

    (Bobbye I unintentionally did the "8 step process" out of order so I am not sure if any of the previous logs are going to be useful to you? the avira scan log is the most recent. Everything that avira found is in quarantine. I am not going to run combo fix again unless prompted by yourself to do so but I will run cc cleaner, malwarebytes and Superanti spyware again<(even though superanti spyware did not find anything Before I did the Avira scan that found all the viruses) I will then post the Hijackthis log

    Avira log file 10/18/2009
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I will read you the riot act first: it is very important that you only run the programs I tell you to and it is equally important that they be run in the order I have set up.

    You ran Combofix the day before Mbam and HJT> bad.

    You used Avira for the AV scan and most of what it found was items quarentines by Spybot and Syantec- Norton. I don't see any entries for Avira in the HJT log and see a homepage set up for Symantec. So what is the AV status?


    1. Go to Spybot. Delete what it has found.
    2. Find the Norton folder and delete all the quarantined items.
    IF you are now using Avira and it isd properly installed, remove Symantec:
    Download then run the Norton Removal Tool.

    3. The reason the malware wasn't removed in Malwarebytes (No action taken). is because you didn't check the line that says "remove"!
    • Make sure that everything is checked, and click Remove Selected.
    So go back, update MBAM, chec the entry and rescan. Include new log.

    4. Update and rescan with Avira. Include new log with next reply.

    5.Please identify this for me: c:\program files\rukro.txt>> it appears to be related to WoW but I don't know why it's text.

    6. Adobe Photoshop CS2\KeyGen.exe: this indicates that the program was pirated. To continue, it needs to be removed.

    7. c:\program files\Cloakfish and c:\program files\My-Proxy
    I need information about how you are using both of these programs.

    8. P2P or 'file sharing: P2P Warning:
    I notice that you are using P2P programs: uTorrent and FrostWire

    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall uTorrent and Frostwire for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    If you choose not to remove these programs, please do not use them while we are cleaning. Their use could lead to loss of support.

    Rescan with HJT when all of the above has been handled. Include logs for Mbam, Avira and HJT. You should be able to paste the hJT log now. Attach the other 2.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...