Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Still infected what to do?

  • This topic is locked This topic is locked
28 replies to this topic

#1 Ramon20000510


  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 27 October 2013 - 02:40 PM

Hi i have a problem SUPERAntiSpyware detected Trojan.Agent/Gen-Obfuscator and cleande it.After that i runned a full scan again and its found a Trojan.Dropper/SVCHost-Fake cleaned it.Now SUPERAntiSpyware says my computer is clean,runned a full scan with Malwarebytes dont find anything.Am i still infected?What to do?

BC AdBot (Login to Remove)


#2 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • Gender:Male
  • Location:
  • Local time:10:44 AM

Posted 29 October 2013 - 09:46 AM

Hello OP,

Hello and welcome to The Bleeping Computer Forums :welcome: . My name is Fastwalker and I will be helping you with your computer issues today. :)

Resolving malware issues may or may not solve other issues you have with your machine.

Please take note of some guidelines for this process:

- If you do not make a reply within 5 days, we will have to close your topic.

- You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic where you can choose email notifications. The topics you are tracking are shown here(Insert Link)

- Please refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Also, please do not take any advice relating to this computer from any other source throughout the course of this fix.

- If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.

- Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.

- Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.

- Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Please download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open the logfile.
  • You can find the logfile on your desktop as well.
  • Please post the content of that logfile with your next answer.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."

#3 Ramon20000510

  • Topic Starter

  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 29 October 2013 - 02:16 PM

Hello and thanks for help!


DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16968  BrowserJavaVersion: 10.40.2
Run by [removed] at 19:42:36 on 2013-10-29
Microsoft Windows 7 Home Premium   6.1.7600.0.1250.36.1038.18.2670.1463 [GMT 1:00]
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
============== Running Processes ================
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
============== Pseudo HJT Report ===============
uProxyOverride = <local>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\[removed]\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\users\[removed]\appdata\local\akamai\netsession_win.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{E45BF7DA-AFD6-4C34-9BB1-045ED569CD94} : DHCPNameServer = [removed]
TCP: Interfaces\{EF91BB21-D96A-4CCE-8126-39F404B7A4CE} : DHCPNameServer = [removed]
TCP: Interfaces\{EF91BB21-D96A-4CCE-8126-39F404B7A4CE}\2516D6F6E6 : DHCPNameServer = [removed]
TCP: Interfaces\{EF91BB21-D96A-4CCE-8126-39F404B7A4CE}\2516D6F6E62303531303 : DHCPNameServer = [removed]
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
============= SERVICES / DRIVERS ===============
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-1 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-17 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-4 403440]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-24 35560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-4 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-4 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-21 50344]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-10-1 1612112]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2013-8-26 375056]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R3 IntcDAud;Intel® Megjelenítő - Hang;c:\windows\system32\drivers\IntcDAud.sys [2012-9-17 270336]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2012-9-17 68208]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-9-17 41216]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2011-1-5 227600]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter illesztőprogram 32 bites Windows 7;c:\windows\system32\drivers\NETwNs32.sys [2011-1-4 7435264]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-7-8 159208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2012-5-15 18816]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
=============== File Associations ===============
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
=============== Created Last 30 ================
2013-10-27 10:18:11 -------- d-----w- c:\users\[removed]\appdata\roaming\.mono
2013-10-26 13:11:45 -------- d-----w- c:\users\[removed]\appdata\roaming\LOVE
2013-10-23 18:06:18 -------- d-----w- c:\users\[removed]\appdata\local\Opera Software
2013-10-23 18:06:17 -------- d-----w- c:\users\[removed]\appdata\roaming\Opera Software
2013-10-22 13:46:02 -------- d-----w- c:\users\[removed]\appdata\roaming\AVAST Software
2013-10-19 06:10:21 -------- d-----w- c:\programdata\SUPERSetup
2013-10-19 06:08:54 -------- d-----w- c:\users\[removed]\appdata\roaming\SUPERAntiSpyware.com
2013-10-19 06:08:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-19 06:08:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-10-16 18:55:44 -------- d-----w- c:\program files\WinCDEmu
2013-10-14 15:39:56 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-12 10:05:41 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2013-10-11 20:12:23 -------- d-----w- c:\users\[removed]\appdata\roaming\iceda
2013-10-05 10:18:17 -------- d-----w- c:\windows\San Andreas Mod Installer
2013-10-02 14:41:30 -------- d-----w- c:\users\[removed]\appdata\local\LogMeIn
2013-10-02 14:41:30 -------- d-----w- c:\programdata\LogMeIn
2013-10-02 14:40:45 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-10-01 16:18:26 163256 ----a-w- c:\program files\mozilla firefox\plugins\np-mswmp.dll
2013-10-01 16:18:22 5171904 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-10-01 14:36:02 -------- d-----w- c:\programdata\.mono
==================== Find3M  ====================
2013-10-21 18:00:05 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-21 18:00:05 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-21 18:00:05 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 18:00:05 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-21 18:00:02 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-21 18:00:01 43152 ----a-w- c:\windows\avastSS.scr
2013-10-19 13:59:04 922172 ----a-w- c:\windows\Grand Theft Auto_ San Andreas hun Uninstaller.exe
2013-10-08 19:14:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 19:14:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 17:46:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-23 17:46:53 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-23 17:46:53 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 20:12:30 796672 ----a-w- c:\windows\GPInstall.exe
2013-08-29 16:27:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-08-20 17:56:12 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-08-20 17:56:12 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-08-05 06:15:10 66104 ----a-w- c:\windows\system32\bdmpega.acm
2013-08-05 06:15:08 66104 ----a-w- c:\windows\system32\bdmpegv.dll
2013-08-05 06:15:06 23080 ----a-w- c:\windows\system32\bdmjpeg.dll
============= FINISH: 19:43:22,47 ===============
I removed the ips and the administrator name.

#4 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • Gender:Male
  • Location:
  • Local time:10:44 AM

Posted 29 October 2013 - 06:59 PM

Hello Ramon20000510-


Please re run DDS but this time make sure the “Attach.txt” option is checked.  When the scan is finished please  post the contents of that log into your next reply.

Thanks :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."

#5 Ramon20000510

  • Topic Starter

  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 30 October 2013 - 02:20 AM

Hello i have the attach.txt file:

System Uptime: 2013.10.29. 13:46:26 (6 hours ago)
Motherboard: Acer |  | HMA51_HR
Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1067mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 64 GiB total, 29,226 GiB free.
D: is FIXED (NTFS) - 234 GiB total, 115,375 GiB free.
E: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
Class GUID: 
==== System Restore Points ===================
RP530: 2013.10.23. 12:25:49 - Windows biztonsági másolat
RP531: 2013.10.26. 12:51:47 - Installed IG MAKER.
==== Installed Programs ======================
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Advertising Center
avast! Free Antivirus
Bandisoft MPEG-1 Decoder
Bully Scholarship Edition
EAX4 Unified Redist
ESET Online Scanner v3
FormatFactory 2.80
Google Chrome
Grand Theft Auto IV
Grand Theft Auto: San Andreas hun [Honosítás]
GTA San Andreas
Intel PROSet Wireless
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi szoftver
Java 7 Update 40
Java Auto Updater
JavaFX 2.1.1
K-Lite Codec Pack 8.1.0 (Full)
LogMeIn Hamachi
Malwarebytes Anti-Malware version
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Minecraft Cracked
MSVCRT Redists
MTA:SA v1.3.3
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
Nokia Connectivity Cable Driver
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Opera Stable 17.0.1241.53
Pando Media Booster
PC Connectivity Solution
PeerBlock 1.1 (r518)
Pokemon Showdown
Pokémon Trading Card Game Online
Realtek High Definition Audio Driver
RGSS-RTP Standard
Sandboxie 4.04 (32-bit)
Secunia PSI (
Security Task Manager 1.8g
Skype Click to Call
Skype™ 6.9
SonicStage 3.4
Synaptics Pointing Device Driver
TeamSpeak 3 Client
The Sims 2
The Sims 2 Open For Business
The Sims 2 University
The Sims Medieval
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
Total Commander (Remove or Repair)
Unity Web Player
Vegas Pro 11.0
Vizzed Retro Game Room
Windows 7 USB/DVD Download Tool
Windows illesztőprogram-csomag - Nokia pccsmcfd  (08/22/2008
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR 5.00 beta 8 (32-bit)
World of Tanks
==== End Of File ===========================

#6 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • Gender:Male
  • Location:
  • Local time:10:44 AM

Posted 30 October 2013 - 10:05 AM

Hello Ramon20000510-

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.


Can you tell me if you installed these programs:

Advertising Center


I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Thanks Ramon   :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."

#7 Ramon20000510

  • Topic Starter

  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 30 October 2013 - 06:48 PM

Hello Fastwalker i not installed Aplication Center.I already have Malwarebytes should i reinstall it or just do a quick scan?I still dont scanned the computer with ESETOnlineCenter (took to long to finish the scan).

#8 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • Gender:Male
  • Location:
  • Local time:10:44 AM

Posted 31 October 2013 - 09:09 AM

Hello Ramon20000510-


I still dont scanned the computer with ESETOnlineCenter (took to long to finish the scan).

If you have trouble with ESET, just leave that out for now and continue with MBAM

 Please update MBAM (Run program>Update Tab>, Check for Updates) then run a full scan, and post the log (Scanner Tab> Check Perform a full scan>Scan)

Please click the "Start Orb" in the lower left hand corner of your screen and then click on Control Panel>Programs and Features>Advertising Center>Uninstall/Change

Thanks Ramon  :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."

#9 Ramon20000510

  • Topic Starter

  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 31 October 2013 - 11:53 AM

Hello Fastwalker i did a full scan with MBAM it doesnt find any threats.ESET runs too slow at 82% i stopped the scan and its found two threats both Win32RiskwarePREMalform.B.I cheked programs and feutures and Advertising Center is not there.

#10 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • Gender:Male
  • Location:
  • Local time:10:44 AM

Posted 31 October 2013 - 01:10 PM

Hello Ramon 2000510-


Hello Fastwalker i did a full scan with MBAM it doesn't find any threats.



Please post the log from that scan into your next reply


ESET runs too slow at 82% i stopped the scan and its found two threats both Win32RiskwarePREMalform.B.



Can you please tell me how long ESET ran for before stopping it?

Thanks Ramon  :busy: 

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."

#11 Ramon20000510

  • Topic Starter

  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 31 October 2013 - 01:17 PM

Hello ESET runs 6 hours when im stoped.I can post the MBAM log but its hungarian:

Malwarebytes Anti-Malware
Adatbázis verzió: v2013.10.31.04
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
[removed] :: [removed] [rendszergazda]
2013.10.31. 15:24:57
mbam-log-2013-10-31 (15-24-57).txt
Vizsgálat típusa: Teljes vizsgálat (C:\|D:\|)
Engedélyezett vizsgálati beállítások: Memória | Indítópult | Rendszerleíró | Rendszerfájlok | Heurisztikus/Extra | Heurisztikus/Shuriken | PUP | PUM
Letiltott vizsgálati beállítások: P2P
Átvizsgált objektumok: 356263
Eltelt idő: 2 óra, 23 perc, 28 másodperc
Fertőzött memóriafolyamatok: 0
(Nem találhatók rosszindulatú elemek)
Fertőzött memória modulok: 0
(Nem találhatók rosszindulatú elemek)
Fertőzött Rendszerleíró kulcsok: 0
(Nem találhatók rosszindulatú elemek)
Fertőzött Rendszerleíró értékek: 0
(Nem találhatók rosszindulatú elemek)
Fertőzött Rendszerleíró adatelemek: 0
(Nem találhatók rosszindulatú elemek)
Fertőzött mappák: 0
(Nem találhatók rosszindulatú elemek)
Fertőzött fájlok: 0
(Nem találhatók rosszindulatú elemek)

#12 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • Gender:Male
  • Location:
  • Local time:10:44 AM

Posted 31 October 2013 - 02:02 PM

Hello Ramon20000510-


Your logs are looking good. How is your computer running now?

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."

#13 Ramon20000510

  • Topic Starter

  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 31 October 2013 - 02:12 PM

Its doing fine.I want to scan my computer with ESET because the riskware is made me nervous.

#14 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • Gender:Male
  • Location:
  • Local time:10:44 AM

Posted 31 October 2013 - 05:00 PM

Hi Ramon20000510-


I want to scan my computer with ESET because the riskware is made me nervous.



We can try and get ESET to run if you would like but the detections you are seeing are most likely “Riskware” which is legitimate software that may come with bundled offers which cause ESET to flag them as infections. Basically, it's a false positive. Let me know if you would like to try and complete the ESET scan anyway and we will see what we can do.  :)


Thanks Ramon

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."

#15 Ramon20000510

  • Topic Starter

  • Members
  • 81 posts
  • Local time:05:44 PM

Posted 01 November 2013 - 04:30 AM

Hello Fastwalker i did a scan with ESET.ESET two files quarantined :

C:\Users\[removed]\AppData\Local\Temp\HouseCall\VS8L114A.0J5 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Users\[removed]\AppData\Local\Temp\HouseCall\VS8L1AS9.079 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
Should i delete this files?

Edited by Ramon20000510, 01 November 2013 - 05:39 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users