1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Possible Malware in a startup file called "NA"...?

Discussion in 'Legacy Windows' started by Medabee, 2014/11/09.

Page 1 of 2
  1. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    So I was going through my notifications and noticed a rather odd apps in my startups. One of them is titled "Btmshellex" and the other is called "NA ". They both have blank pages as thumbnails and I have no way of opening the file location or their properties window.
    The computer I have is a windows 8-64 bit laptop. The anti-virus programs I have are Kapersky, SuperAntiSpyWare, and Avast!Antivirus. I have ran scans on all three and they all come out saying that nothing is wrong.
    So is this program dangerous and what should I do?
     
    Medabee,
    #1
  2. 2014/11/09
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,901
    Likes Received:
    510
    Hi Medabee, Welcome to Windowsbbs! :)

    Please download Autoruns. After you download the zipped folder on your desktop, right click the zipped folder and click Extract All. After the folder has been extracted open the regular folder. Run the autoruns.exe program by right clicking on it and selecting Run as administrator. When you open the program click the Logon Tab and then post a screenshot of all the startup entries in your next reply.

    Since you are a new member you don't have the ability to attach files directly to posts so upload the Autoruns screenshot to http://imgur.com/ and post the link here.

    Then, please read this and post the requested logs in your next reply.

    Also please enter your System Details. It helps us in answering your questions.

    Note: A common error is to forget to show your System Details in your profile:

    Make sure to do the above when entering your System Details, thanks.
     
    Evan Omo,
    #2


  3. to hide this advert.

  4. 2014/11/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm moving this to Windows 8 forum.
     
    broni,
    #3
  5. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    Here's the screen shot:
    http://imgur.com/rqLGl1I

    And also I would like to know how to uninstall the Speccy program I just downloaded, please.
     
    Medabee,
    #4
  6. 2014/11/09
    SpywareDr

    SpywareDr SuperGeek WindowsBBS Team Member

    Joined:
    2005/12/31
    Messages:
    3,752
    Likes Received:
    338

    Windows 8 Tip: Manage Startup Applications




    Microsoft Community > process listed as "NA" under Startup tab in Task Manager




    Since running two live Anti-Virus programs at the same time, (Kaspersky and Avast), can potentially create conflicts and cause an unstable system, recommend uninstalling one or the other.
     
    SpywareDr,
    #5
  7. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    Medabee,
    #6
  8. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    Thank you for this information. I got myself paranoid by reading another post on this site and decided that my computer probably had the same problem.
     
    Medabee,
    #7
  9. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    Medabee,
    #8
  10. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    So i took the screenshots, but this site won't let me post the link. 8/
     
    Medabee,
    #9
  11. 2014/11/09
    SpywareDr

    SpywareDr SuperGeek WindowsBBS Team Member

    Joined:
    2005/12/31
    Messages:
    3,752
    Likes Received:
    338

    You're welcome. A little paranoia while surfing today's internet is probably a good thing. ;)



    Yep, I believe you have to be a contributing member and/or have a certain number of posts before you can attach pics. You could upload your screenshots to somewhere like TinyPic and then post the links to them in your reply.
     
    Last edited: 2014/11/09
    SpywareDr,
    #10
  12. 2014/11/09
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,890
    Likes Received:
    387
    Please note .....

    As a new member (or a member with a minimum amount of postings to your account) any post you make which contains a URL requires approval (moderation) before it is visible.

    Only Contributing Members can make attachments to posts
     
    PeteC,
    #11
  13. 2014/11/09
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,901
    Likes Received:
    510
    Evan Omo,
    #12
  14. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    Medabee,
    #13
  15. 2014/11/09
    SpywareDr

    SpywareDr SuperGeek WindowsBBS Team Member

    Joined:
    2005/12/31
    Messages:
    3,752
    Likes Received:
    338

    From the Windows 8 Start Screen, type appwiz.cpl and press [Enter]. Right-click Speccy and select Uninstall.
     
    SpywareDr,
    #14
  16. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    So I scanned my computer with MBAM and quarantined the four items it found.
    Here is the scan report:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/9/2014
    Scan Time: 12:52:49 PM
    Logfile: logj.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.09.07
    Rootkit Database: v2014.11.08.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Cristian

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 337179
    Time Elapsed: 23 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.LinkiDoo.A, HKLM\SOFTWARE\WOW6432NODE\LinkiDoo, , [c8f3bc7d13698babcf33226db54fea16],
    PUP.Optional.LinkiDoo.A, HKU\S-1-5-21-3154009826-3736226036-1010914661-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LinkiDoo, , [43781722ceae43f3ca39256a5fa54db3],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.LinkiDoo.A, C:\Program Files (x86)\LinkiDoo, , [4e6def4a7efe56e0c63b662953b1c838],

    Files: 1
    PUP.Optional.LinkiDoo.A, C:\Program Files (x86)\LinkiDoo\LinkiDoo.ico, , [4e6def4a7efe56e0c63b662953b1c838],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
    Medabee,
    #15
  17. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    Okay, so after following the steps from the links Spyware Dr posted, the process finally got rid of the suspicious "NA" file from my start-ups. Thank you guys so much. I would have probably set my computer on fire if it weren't for you guys. n.n
     
    Medabee,
    #16
  18. 2014/11/09
    Medabee

    Medabee Active Member Thread Starter

    Joined:
    2014/11/09
    Messages:
    41
    Likes Received:
    0
    Is there anything else I should do?
     
    Medabee,
    #17
  19. 2014/11/09
    lj50 Lifetime Subscription

    lj50 SuperGeek WindowsBBS Team Member

    Joined:
    2003/07/04
    Messages:
    2,801
    Likes Received:
    137
    In your Post #13 where you highlighted Power2Go,that is a part of CyberLink DVD Suite.
     
    Last edited: 2014/11/10
    lj50,
    #18
  20. 2014/11/09
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,901
    Likes Received:
    510
    If you haven't already, in Autoruns find the yellow Power2Go entry, highlight it and remove it. Then the entry should be gone from the startup list.
     
    Evan Omo,
    #19
  21. 2014/11/10
    SpywareDr

    SpywareDr SuperGeek WindowsBBS Team Member

    Joined:
    2005/12/31
    Messages:
    3,752
    Likes Received:
    338
    From what I can see it looks like you're good to go. There is nothing out of the ordinary in your Autoruns Logon tab, and it looks like Malwarebytes got rid of a few PUPs (Potentially Unwanted Programs) for you. Are you noticing anything else unusual?
     
    SpywareDr,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...