Spybot picked up Malware in System32

jman1505 said:

This si what was picked-up from spybot. I'm hesitant to fix the selected items since is in system32.
Should i go ahead with the clean up?

MoxieMomma said:

Hi:

Is this the same computer?
Solved Strange Registry Key- Possible spyware - Windows 10 Forums

If so, it's probably advisable to stick with support in one thread in one place at a time.
Malware removal can be tricky, picky and sticky.
And it can be -- at best -- confusing or -- at worst -- dangerous to work simultaneously in multiple places.
A step advised by one helper may be unknown to another helper and that can lead to problems.
So, it might be a good idea to resume that existing thread.
And no two computer disinfection tools/scanners will pick up the same, exact things.

Having said all, that Spybot S&D is not one of the more highly-regarded anti-malware scanners these days.
And, without a scan log or more data, it would be hard to say if this detection might or might not be a false positive.

Just my thoughts,
MM

You've already done a full scan with Malwarebytes, TDSSKiller, ADWCleaner and Avast - nothing found. Did you do the ESET Online Scanner as well? (you never mentioned that.) I see ESET found 1 thing, which you deleted.

I agree with MM - Spybot should be uninstalled. If you want something, use SuperAntiSpyware Free.

jman1505 said:

This si what was picked-up from spybot. I'm hesitant to fix the selected items since is in system32.
Should i go ahead with the clean up?

Google search winemt.dat turns up a lot of results for Mountain and wine, but I didn't see winemt.dat

Visit VirusTotal - Free Online Virus, Malware and URL Scanner, upload the file and have them check it.

If it is a virus, yes remove it
Then launch Command Prompt (Admin)
enter the following commnad

SFC /ScanNow

that makes sure that system files from the component store are in the right place. It will put the correct file back if it is needed.

MoxieMomma said:

Hi:

Is this the same computer?
Solved Strange Registry Key- Possible spyware - Windows 10 Forums

If so, it's probably advisable to stick with support in one thread in one place at a time.
Malware removal can be tricky, picky and sticky.
And it can be -- at best -- confusing or -- at worst -- dangerous to work simultaneously in multiple places.
A step advised by one helper may be unknown to another helper and that can lead to problems.
So, it might be a good idea to resume that existing thread.
And no two computer disinfection tools/scanners will pick up the same, exact things.

Having said all, that Spybot S&D is not one of the more highly-regarded anti-malware scanners these days.
And, without a scan log or more data, it would be hard to say if this detection might or might not be a false positive.

Just my thoughts,
MM

Sorry about that, i'm used to using new threads for new issues so that it helps others when searching for similar problems

simrick said:

You've already done a full scan with Malwarebytes, TDSSKiller, ADWCleaner and Avast - nothing found. Did you do the ESET Online Scanner as well? (you never mentioned that.) I see ESET found 1 thing, which you deleted.

simrick said:

I agree with MM - Spybot should be uninstalled. If you want something, use SuperAntiSpyware Free.

Slartybart said:

Google search winemt.dat turns up a lot of results for Mountain and wine, but I didn't see winemt.dat

Visit VirusTotal - Free Online Virus, Malware and URL Scanner, upload the file and have them check it.

If it is a virus, yes remove it
Then launch Command Prompt (Admin)
enter the following commnad

SFC /ScanNow

that makes sure that system files from the component store are in the right place. It will put the correct file back if it is needed.

VirusTotal found nothing suspicious

Here's a picture of the file (The file is in a different place than what Spybot reported. Additionally, I had to "Show hidden files" in order to find this)


I've scanned it with Avast and Malwarebytes and they found nothing either
(If it helps, I don't use Norton. I have a hunch that the Norton symbol is there because of the Norton free trial that was pre-installed in my computer when i got it a few years back)

SuperAntiSpyware only found tracking cookies

jman1505 said:

VirusTotal found nothing suspicious

Here's a picture of the file (The file is in a different place than what Spybot reported. Additionally, I had to "Show hidden files" in order to find this)


I've scanned it with Avast and Malwarebytes and they found nothing either
(If it helps, I don't use Norton. I have a hunch that the Norton symbol is there because of the Norton free trial that was pre-installed in my computer when i got it a few years back)

SuperAntiSpyware only found tracking cookies

Just looking at that screenshot of the file - in a different position than what Spybot says? That's odd. But, the fact that it has a Norton icon would lead me to believe it's possibly a leftover from Norton? It's all of 1 byte.

jman1505 said:

Yhea, i dunno what to do. I know that, they type of malware spybot picked up is very nasty, but none of the other programs picked it up, nor can i manually find it either.
I'm at a loss of what to do

Add the extension .old to it - renaming a file's extension makes it unusable. I doubt you'll find any issues. I think it's a leftover from Norton to be honest, and a FP from Spybot.