BleepingComputer.com: Symantec Corp autoprotect popped up out of nowhere and started blocking downloaded infections for period of one hour, then stopped by itself

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

Symantec Corp autoprotect popped up out of nowhere and started blocking downloaded infections for period of one hour, then stopped by itself

#1 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 28 May 2011 - 11:11 PM

Hello,

Last night, beginning at 12.24 AM till 1.23 AM, my Symantec Corporate AV autoprotect popped up, and started showing blocking Trojan.gen being d/l'd into a temp directory. Occasionally it showed Trojan Horse being blocked. This occurred for an hour (computer unattended) and then apparently stopped alone.

What caused the downloads to begin is a mystery and the fact that it was downloading trojans makes me pretty sure that something must be on my computer already.
Spybot Teatimer running on this machine constantly and scheduled weekly scans which have turned up nothing. Also SuperAntiSpyware and MBAM but not sure when they each ran last.

Not sure what else I can provide and don't want to do anything at this point since the infection is so mysterious.

Thanks in advance.

J.

#2 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 28 May 2011 - 11:23 PM

Can you update Super Anti-Spyware and Mbam, and rerun any scans?

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#3 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 28 May 2011 - 11:35 PM

Thanks for your help.

Run quick scans or complete scans?

Thx,
J.

#4 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 28 May 2011 - 11:38 PM

Complete scans then post the logs.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#5 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 28 May 2011 - 11:56 PM

View Postcryptodan, on 28 May 2011 - 11:38 PM, said:

Complete scans then post the logs.

Ok, thx. Just stopped the quickscan and started MBAM complete. I expect these will each take a while so I'll be back when they're both done.

J.

#6 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 29 May 2011 - 10:26 AM

MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6708

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/29/2011 11:19:01 AM
mbam-log-2011-05-29 (11-18-13).txt

Scan type: Full scan (C:\|E:\|W:\|X:\|)
Objects scanned: 644894
Time elapsed: 8 hour(s), 35 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Joe\AppData\Local\D9T4n\dk3guopr6.cpl (Trojan.CTRLRedir.Gen) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\dk3GuOPr6 (Trojan.CTRLRedir.Gen) ->

Value: dk3GuOPr6 -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default)

(Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joe\AppData\Local\svg.exe" -a "C:\Program Files

\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default)

(Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joe\AppData\Local\svg.exe" -a "C:\Program Files

\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default)

(Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joe\AppData\Local\svg.exe" -a "iexplore.exe) Good:

(iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$recycle.bin\s-1-5-21-2904340870-3673874416-1695913044-1000\$reve44c.exe (Trojan.FakeAlert) ->

No action taken.
c:\program files\snadboy's revelation v2\revelation.exe (HackTool.Snadboy) -> No action taken.
c:\program files\snadboy's revelation v2\revelationhelper.dll (PUP.PWSTool.SnadBoy) -> No action

taken.
e:\$RECYCLE.BIN\s-1-5-21-2904340870-3673874416-1695913044-1000\$RZ7DRI0.exe (RiskWare.Tool.HCK) ->

No action taken.
c:\Users\Joe\AppData\Local\D9T4n\dk3guopr6.cpl (Trojan.CTRLRedir.Gen) -> No action taken.


Should I allow it to clean?

J.

#7 User is offline   Comp39 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 29-May 11

Posted 29 May 2011 - 10:48 AM

The file is in Recycle bin, look at properties of file, WITHOUT taking out of your bin, if it is not Microsoft delete it.

Other one is Sandboys revelation, do you need Sandboy`s revelation? Here is what the program does.
"The SnadBoy's Revelation application was designed to be a tool that will let you see the actual password behind the asterisks! This feature is intended to protect your passwords; but sometimes this feature becomes more of a nuisance, rather than a benefit."

If not delete it.

BUT, always check these items are not Microsoft. If still unsure Google them, type into Google search bar something like this, ThinkThisIsNasty.exe malware. Thou place in the real name of the questionable item.

Malwarebytes is a great program, listen to what is says unless you are uncertain, Google any infection your not certain of. If further problems please do get back to us.

This post has been edited by Comp39: 29 May 2011 - 11:02 AM

#8 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 29 May 2011 - 11:07 AM

View PostComp39, on 29 May 2011 - 10:48 AM, said:

The file is in Recycle bin, look at properties of file, WITHOUT taking out of your bin, if it is not Microsoft delete it.

Other one is Sandboys revelation, do you need Sandboy`s revelation? Here is what the program does.
"The SnadBoy's Revelation application was designed to be a tool that will let you see the actual password behind the asterisks! This feature is intended to protect your passwords; but sometimes this feature becomes more of a nuisance, rather than a benefit."

If not delete it.

BUT, always check these items are not Microsoft. If still unsure Google them, type into Google search bar something like this, ThinkThisIsNasty.exe malware. Thou place in the real name of the questionable item.


Thank you Comp39.

Yes, Snadboy's is mine/needed and I'm aware of it being there.

I cannot check the recycle bin files.. they don't exist in recycle bin (assumedly because the filenames start with '$'). How can I check their properties or should I just delete them?

What about the other items, eg. the registry items and firefox items, in particular the one named 'dk3GuOPr6'?

Thanks much,
J.

#9 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 29 May 2011 - 12:49 PM

OK,

I couldn't wait any longer (my apologies) so I allowed MBAM to remove the threats (including the Recycle Bin ones but not SnadBoy Revelation, which I need/want).

MBAM indicated that some files could not be deleted and to restart. I am about to reboot and then I will proceed to run Super Anti Spyware.

MBAM says it saved a log to the logs folder (after the cleaning) - do you need that log as well?

Thanks,
J.

#10 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 29 May 2011 - 02:04 PM

Yes please provide the log, and also please wait till someone else advices you what to do with the logs here.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#11 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 29 May 2011 - 03:08 PM

Ok, thank you.
SAS full scan's been running for an hour and forty minutes so hopefully will complete soon.

Where is the MBAM logs directory? I can't find it.
thanks,

#12 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 29 May 2011 - 04:00 PM

It will be in the logs tab on the application.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#13 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 29 May 2011 - 04:10 PM

Thank you CryptoDan.

Here is the end log from MBAM.
I did not realize this ran 8 hours so maybe SAS still has a long way to go (only at 2h 44m now..)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6708

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/29/2011 1:43:44 PM
mbam-log-2011-05-29 (13-43-44).txt

Scan type: Full scan (C:\|E:\|W:\|X:\|)
Objects scanned: 644894
Time elapsed: 8 hour(s), 35 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Joe\AppData\Local\D9T4n\dk3guopr6.cpl (Trojan.CTRLRedir.Gen) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\dk3GuOPr6 (Trojan.CTRLRedir.Gen) -> Value: dk3GuOPr6 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joe\AppData\Local\svg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joe\AppData\Local\svg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Joe\AppData\Local\svg.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$recycle.bin\s-1-5-21-2904340870-3673874416-1695913044-1000\$reve44c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\snadboy's revelation v2\revelation.exe (HackTool.Snadboy) -> Not selected for removal.
c:\program files\snadboy's revelation v2\revelationhelper.dll (PUP.PWSTool.SnadBoy) -> Not selected for removal.
e:\$RECYCLE.BIN\s-1-5-21-2904340870-3673874416-1695913044-1000\$RZ7DRI0.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\Users\Joe\AppData\Local\D9T4n\dk3guopr6.cpl (Trojan.CTRLRedir.Gen) -> Delete on reboot.


I believe I had a similar situation a bit of a while back and cleaned w/ MBAM, SAS and Spybot. I'm wondering if there isn't something hiding underneath..

BTW, when SAS is done, should I allow it to clean the problems it finds?


Thanks for your time and help,
J.

#14 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 29 May 2011 - 04:29 PM

Please remove the following:

c:\program files\snadboy's revelation v2\revelation.exe (HackTool.Snadboy) -> Not selected for removal.
c:\program files\snadboy's revelation v2\revelationhelper.dll (PUP.PWSTool.SnadBoy) -> Not selected for removal

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#15 User is offline   J.Aza 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 28-May 11
  • Gender:Male
  • Location:Brooklyn, NY

Posted 29 May 2011 - 04:50 PM

Should I delete those outright (or just uninstall the program) or do I have to rerun MBAM and let it remove them? Revelation is an app I installed on purpose - hopefully I can put it back after..

Below is the completed SAS log. I have not instructed it to remove anything as yet.
Thanks for all the help.
J.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/29/2011 at 05:38 PM

Application Version : 4.53.1000

Core Rules Database Version : 7162
Trace Rules Database Version: 4974

Scan type : Complete Scan
Total Scan Time : 03:14:29

Memory items scanned : 772
Memory threats detected : 0
Registry items scanned : 12176
Registry threats detected : 0
File items scanned : 123708
File threats detected : 229

Adware.Tracking Cookie
.atdmt.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
segment-pixel.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.ilivid.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.adultzone.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
sdctrack2.thomasnet.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
sdctrack2.thomasnet.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.associatedcontent.112.2o7.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.examinercom.122.2o7.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yadro.ru [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media2.legacy.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ia.media-imdb.com [ C:\Users\Joe\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6QK86SLA ]
media.kyte.tv [ C:\Users\Joe\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6QK86SLA ]
s0.2mdn.net [ C:\Users\Joe\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6QK86SLA ]
crackle.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JFJW3MKQ ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JFJW3MKQ ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@kontera[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickthrough.kanoodle[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda.at.atwola[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.crackle[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.clickpayz[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.crackle[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lycos[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.blogtalkradio[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtechus[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.crackle[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ar.atwola[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@businessfind[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@educationcom.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atwola[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a1.interclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.cpmstar[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crackle[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\JOE\APPDATA\LOCAL\TEMP\RARSFX14\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\JOE\APPDATA\LOCAL\TEMP\RARSFX14\PROCS\EXPLORER.EXE

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users