Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit/YTD Video Downloader Removed: Am I Still Infected?


  • Please log in to reply
7 replies to this topic

#1 SoNotAGeek

SoNotAGeek

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:24 PM

Posted 24 September 2013 - 12:52 PM

Hello,

I would like to assistance to run Combofix to ensure I have no malware. I have run Malwarebytes' Anti-Malware but am concerned that it and similar anti-malware software will not recognize all the 3rd-party software inadvertently (i.e., w/o my express permission) that installed with the latest update to YTD Video Downloader (version 4.5.1) from CNET. I also run CCleaner as part of my regular routine.

 

Also, if it is allowed I would like to post a warning to others regarding the unethical practices that seem to be cropping up more and more w/very popular freeware that I've used for some time w/o previous issues. Or perhaps, someone could direct me to the correct place for such advisory posts? 

 

Of most concern to me is the method by which I got "infected" (details purposely omitted in case this is not the correct place for them).

 

OS: Windows 7 H.P. x64; SvcPack 1

AV: Avast Internet Security

 

 

 



BC AdBot (Login to Remove)

 


#2 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:11:24 PM

Posted 24 September 2013 - 01:14 PM

Hello, I and the vast majority of people on this forum will strongly advise against running combofix.  Combofix is a tool that should only be run as a last resort on a system that is very badly infected otherwise you risk damaging your system.

 

Please run these programs, they are designed to remove these sort of programs and have a much lower risk of damaging the system.

Junkware removal tool

http://www.bleepingcomputer.com/download/junkware-removal-tool/

 

 

ADWcleaner      (press scan, when the scan has finished press clean)

http://www.bleepingcomputer.com/download/adwcleaner/

 

 

Malwarebytes antimalware 

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

 

 

All of these programs will create a log file once the scan has finished, please post all three log files so that we can all see what has been removed.

 

If you are unsure about anything or have any questions about any of the tools then feel free to ask   :)


Edited by hbyton, 24 September 2013 - 01:16 PM.


#3 SoNotAGeek

SoNotAGeek
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:24 PM

Posted 24 September 2013 - 01:46 PM

Thank you for the quick response. FYI, after "infection" I uninstalled/re-installed Chrome browser; also the following software detected by Malwarebytes', Cool Timer & Dexpot are legitimate programs that I opted to keep.

I did not run AdwCleaner's "Clean" option after running scan as I would like your advise previous to any action on my part.

 

BTW, Avast's taskbar icon disappeared on me after running JRT & I can no longer customize my taskbar icons!

 

Here are all 3 logs:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.22.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
SSDD :: SSDD-PC [administrator]
 
9/22/2013 5:16:01 PM
mbam-log-2013-09-22 (17-16-01).txt
 
Scan type: Full scan (C:\|E:\|F:\|G:\|M:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 412088
Time elapsed: 39 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Program Files (x86)\Cool Timer\Harmony_Hollow_Software.exe (PUP.Optional.OpenCandy) -> No action taken.
M:\Data Bu\Setups\Desktop Utilities\WinExplorer Alternatives\dexpot_1510_r1579.exe (PUP.Optional.OpenCandy) -> No action taken.
M:\Data Bu\Setups\Grpahics Tools\Viewers\AlbumThumbsCreatorSetup.exe (Trojan.Agent.FDP) -> Quarantined and deleted successfully.
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by SSDD on Tue 09/24/2013 at 13:28:28.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/24/2013 at 13:32:09.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.005 - Report created 24/09/2013 at 13:32:53
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SSDD - SSDD-PC
# Running from : C:\Users\SSDD\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\SSDD\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [729 octets] - [24/09/2013 13:32:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [788 octets] ##########
 

Thanks.



#4 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:11:24 PM

Posted 24 September 2013 - 01:56 PM

"C:\Program Files (x86)\Cool Timer\Harmony_Hollow_Software.exe (PUP.Optional.OpenCandy) -> No action taken.

M:\Data Bu\Setups\Desktop Utilities\WinExplorer Alternatives\dexpot_1510_r1579.exe (PUP.Optional.OpenCandy) -> No action taken."       I advise you remove these programs with malwarebytes
 
I don't think that you need to press clean with adwcleaner, I don't think that your pc is infected anymore, if there is anything remaining then go into the control panel then add and remove programs, proceed to remove anything that you do not want.
 
That is strange about what you said about JRT, it did not remove anything that would cause that to happen, have you tried restarting your pc?

 



#5 SoNotAGeek

SoNotAGeek
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:24 PM

Posted 24 September 2013 - 01:59 PM

No, will do after I post this reply. Would you be able to tell me exactly what that END file in my C: Root directory was? I did notice it after my infection & thought it suspicious but didn't delete it myself when I saw it installed on another pc as well.



#6 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:11:24 PM

Posted 24 September 2013 - 02:12 PM

After doing some searching i have found out that it apparently part of Conduit, however i have not seen it before so i cannot be 100% sure if it is safe to remove so would not advise to remove it (unless somebody else reading this knows that it is safe). However if you do want to remove it then create a restore point before you do so just to be sure.



#7 SoNotAGeek

SoNotAGeek
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:24 PM

Posted 24 September 2013 - 02:13 PM

Update: After reboot, avast UI (taskbar icon) re-appeared (Hurray!) 

Why is adwcleaner's log identifying Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} & ...AppData\Local\Google\Chrome\User Data\Default\preferences? Or, please direct me to the correct forum for asking file specific questions.

 

Thank you for your assistance & reassurance! :-)


Edited by SoNotAGeek, 24 September 2013 - 02:13 PM.


#8 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:11:24 PM

Posted 24 September 2013 - 02:15 PM

Sorry, i just wanted to check around to make sure that it is safe to remove them from your system and found out that it is safe to do so. So you can go ahead and press clean.

 

Please create a system restore point before removing them, you can never be too safe  :)


Edited by hbyton, 24 September 2013 - 02:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users