Need opinions on if this is malware or not.

Discussion in 'malware problems & news' started by Cherub, Feb 9, 2010.

Thread Status:
Not open for further replies.
  1. Cherub

    Cherub Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    169
    Location:
    Kentucky
    I am running Windows 7, 64bit.

    I have avira antivir prem,outpost firewall,prevx and winpatrol with malwarebytes and asquared on demand.

    I updated to the new Outpost Firewall yesterday and I could swear that now my Winpatrol has added 3 new items to the startup menu. I can't say for sure they weren't there before, but I don't remember seeing them in the Winpatrol window before.

    Two of them have Microsoft Corporation under the company in Winpatrol, but one does not.

    The one that doesn't is a program called "Web Check" and under the type heading in winpatrol, it's has "DELAY LOAD". Winpatrol can't seem to identify it and I'm wondering if it is malware or not.

    I've run a complete system check with Asquared,Malwarebytes and in the process of running one with Avira. So far, nothing has been detected.

    In Winpatrol's info, it says that it could possibly be the Mydoom virus. If so, it should show up in these scans, right?

    Is there anything else I can do that will check and make sure this is not the mydoom virus?
     
  2. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Winpatrol should be able to tell you the 'First appearance' date of these entries. You'll be able to know for sure if they in fact showed up on the day you thought they did, or if they were seen before that.

    As for the files in question, upload them to VirusTotal. If it really is Mydoom, then the results will light up like a christmas tree. Mydoom is old enough that I'd expect it to get caught.
     
  3. Cherub

    Cherub Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    169
    Location:
    Kentucky
    Thanks. I have been looking around the web using Google and don't see much on this. I did find a screengrab from a forum and my WinPatrol looks the same as this in regards to the Web Check entry. I don't know how to do my own screengrab, so I'll post the one I found.

    http://i130.photobucket.com/albums/p243/shibu1981/1-2.jpg

    the info button just gives me the "The program information listed above is what we could discover locally on your computer...."

    The PLUS info, talks about it being a file called WEBCHECK.DLL and states it is either OK or a virus(duh, lol....I mean, it states this file is OK, unless it's a Virus.)

    The cause for alarm for me is the fact under Company there is no entry.

    Thanks for the help.
     
Loading...
Thread Status:
Not open for further replies.