Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes - Mbam-Log -


  • Please log in to reply
10 replies to this topic

#1 spoilzer

spoilzer

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 12 September 2013 - 01:16 PM

So, I tried to restart my computer and it went bananas, I could hardly press anything.
 
I knew something was wrong so I shut down the computer manually and restarded it in safe mode to
 
restore it to a previous Point. Then I used malwarebytes  and it found the things "below" in this "Log"
 
Attached File  MBAM-log-2013-09-11 (23-33-07).txt   133.95KB   4 downloads
 
 
 Shortcut if needed. :)
 
 
PUP.Optional.SmartBar.A and the PUP.Optional.Wajam.A
 
 
I restarted the Computer in normal mode and my Antivirus program Microsoft Security Essentials for this
 
Exploit:Java/CVE-2013-1493.
 
 
 
Are these files and programs related? since the Exploit is the loophole?

Edited by Orange Blossom, 12 September 2013 - 01:40 PM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 12 September 2013 - 02:38 PM


A PUP detection means a "Potentially Unwanted Program". PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted (bundled) software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.

In the past, Malwarebytes Anti-Malware detected only PUPs that were considered mostly harmful and deceiving but they revised their policy, taking a more aggressive approach to include PUPs that most users found annoying or misleading. PUPs may be defined somewhat differently by various security vendors. This is what Malwarebytes has to say: What are the 'PUP' detections, are they threats and should they be deleted?.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Please download Junkware Removal Tool thisisujrt.gif and save it to your Desktop.
  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 12 September 2013 - 02:43 PM

Exploit:Java/CVE-2013-1493

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Java Runtime Environment 7 Update 40 (JRE) was released 09/10/13.

After following the instructions in my previous reply, please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts, including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 spoilzer

spoilzer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 12 September 2013 - 04:08 PM

Hi, Janitor

 

Thanks for your reply :)

 

here's the result for the adw scan.

 

# AdwCleaner v3.003 - Report created 12/09/2013 at 23:01:47
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Running from : C:\Users\Nicklas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTF1ZFYO\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Users\Nicklas\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Nicklas\AppData\Roaming\Systweak

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Nicklas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1357 octets] - [12/09/2013 22:58:11]
AdwCleaner[S0].txt - [1269 octets] - [12/09/2013 23:01:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1329 octets] ##########


Edited by spoilzer, 12 September 2013 - 04:09 PM.


#5 spoilzer

spoilzer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 12 September 2013 - 04:14 PM

I will get back to you tomorrow,

 

Off for a night's sleep ;P


Edited by spoilzer, 12 September 2013 - 04:14 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 12 September 2013 - 05:04 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 spoilzer

spoilzer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 September 2013 - 02:44 AM

Hi again,

 

so..were these files in my previous reply doing any harm to my computer?



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 13 September 2013 - 07:13 AM

RegClean Pro and Systweak each claim to be an optimizing tool with registry cleaning capability that purports to improve performance, make repairs and enhance the speed of a computer. These types of tools and the claims they make are borderline scams.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.
Why you should not use Registry Cleaners and Optimization Tools

Further, these types of junk programs (as well as toolbars) are often considered a Potentially Unwanted Program (PUP) and may be detected and removed by various security scanning tools.

Keep in mind that a PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted (bundled) software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs. PUPs may also be defined somewhat differently by various security vendors.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 spoilzer

spoilzer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 September 2013 - 10:51 AM

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nicklas on 2013-09-13 at 17:10:12,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnmcp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnmcp_RASMANCS

 

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho6CC7.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBDC7.tmp

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Nicklas\appdata\local\{1A5468F0-EA71-4B45-9FA0-45378EFB569C}
Successfully deleted: [Empty Folder] C:\Users\Nicklas\appdata\local\{3B2EDDCB-8A6C-4A0E-AD9C-5F155F9F31AF}
Successfully deleted: [Empty Folder] C:\Users\Nicklas\appdata\local\{40DCF7BC-C09C-4C95-95E7-9BDFC7570980}
Successfully deleted: [Empty Folder] C:\Users\Nicklas\appdata\local\{84B37A67-D082-44A6-9A8C-470F454E8253}

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-09-13 at 17:18:36,08
End of JRT log


Edited by spoilzer, 13 September 2013 - 11:10 AM.


#10 spoilzer

spoilzer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 September 2013 - 03:28 PM

Am I good for now? :)



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 13 September 2013 - 05:40 PM

I didn't see anything too serious in your logs.

How is the computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users