[jwv13]

Hi Guys,
Can anyone tell me if they've ever run into a recovery partition with a virus? I did a re-installation with Gateways recovery, off the partition; I bought this computer: Gateway SX2800-01 with Vista Home Premium 64bit, from Best Buy. It was running slow so I reformatted and reinstalled the O.S. to see if I could speed it up a little. Noticed it was still running slow so ran a scan with Malwarebytes and it came up with this:

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> Quarantined and deleted successfully.

I attached what Spybot Search and Destroy found.

[knewton37]

we just bought a gateway from best buy also and it has been a nightmare ever since. we did have to do the recovery and i have found this virus. thanks for your suggestions !

[Byteman]

Hi,

What was found could be included in the software preloaded on your computer...I searched and could not begin to go through all the posts with the same items from June 2009 or so on.... These items are detected on the 64-bit version of Vista....I'm not sure if that would be ONLY on 64-bit, or more often....

http://forumserver.twoplustwo.com/48...d-help-531062/

http://www.malwarebytes.org/forums/i...howtopic=10910

In Post #4 there, a recognized worldover expert Tony Klein gives his take on these items- they are adware type things, and it is noted that they may pass info about your browsing etc....Google was built that way, it's no wonder they continue to!

This is what it looks like in an Hijackthis log>


O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe


In one post, a person UNinstalled Google apps on his computer, preferable the Google Toolbar.... or Chrome. I am not sure about Gmail, I use that myself, and have not have any ill effects.... All too often, people rush to delete items and are really upset about what they find on a brand new out of the store or box PC In all of the threads I looked at, people were confounded by the re-appearance of these same things.... either they came back after a format and Reocvery, or from their own backups....

Yes, the scanners find them, and probably rightly so> the scanners are very much detecting what items might be able to do (in this case a breach of privacy etc)


One thing> Sometimes, the detection of items like this will be changed or the files themselves will be...so, reporting things like this DOES do some good for us all.

I am not ranting that you are a nitwit or anything for posting about it...just would like to clear up.

A tip> You buy a new computer, it comes loaded with things you don't want, etc...go get this app:
http://www.pcdecrapifier.com/download

It will show you what you can UNinstall easily.

[jwv13]

Thanks for the help guys. I appreciate it.