Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG finds 59 threats detected by auto-rootkit; can't remove them


  • Please log in to reply
32 replies to this topic

#1 wordplay

wordplay

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 16 November 2013 - 08:16 PM

System particulars: Win 7 Professional, SP1, 64 bit, 4GB ram, MicroElectronics

 

I am helping a friend with his computer.  It started with a virus that appeared.  After booting up and logging in, things would seem to startup normally and then the screen would get taken over by a large splash screen.  The taskbar and desktop were gone.  The screen had a lot of official text about national security and gave his IP address and quoted a lot of threatening legalese.  It provided a link to go to in order to pay money to unlock the computer.  I switched user to another account on his system with admin privs and this account did not have this problem.  His main account also has admin privs  I used Norton (which was already installed) to scan his computer and it found no problems.

 

I then installed and ran Spybot.  It found and removed a few things but they didn't appear to be very serious.

 

I then installed and ran Malwarebytes and it found some serious things which I removed.

 

I then installed and ran AVG (whole system scan) and it found many serious things... 73. some of which it seemed to be able to handle and fix (green check marks) but others remained as threats and had X instead of checkmarks.  The nature of these threats  were Object name : idle  and all were identified by Anti-rootkit.  I clicked the button to 'remove all' and it said this required a reboot. 

 

After rebooting and logging into this secondary account again, I had AVG do a whole system scan and right off the bat while it was displaying that is was scanning for Rootkit it flagged 59 threats.  I aborted the scan after it seemed to be not finding any more and it had those same threats with X's on them.  I clicked 'remove all' and again rebooted.

 

I again logged into the secondary account and  I ran the same scan again with AVG and the same threats were back.  If I chose 'remove all' and then started the scan again, without rebooting then it found more, something in the 60's as the number of threats.  Again, I clicked 'remove all' and rebooted.

 

This time, I logged into the main account where the virus first made itself apparent.  No more splash screen asking for money to unlock the computer.  I ran AVG again (whole system scan) and this time it found 60-something threats, all with the X in front of them and all but one was Object:name: idle and Identified by: Anti-rootkit.  The additional one, the first one in the list was Hidden Driver, path c:\Windows\System32\drivers, Identified by Anti-rootkit.

 

So, the system seems to be infected but can't be cleaned by the normal (for me) removal tools. 

 

I tried one more round of 'Remove all', reboot, and now I've logged into the secondary account again.

 

This a serious virus?  Not an artifact of having thrown so many tools at the problem?

 

Thanks for your help.  I'm so glad I found this forum.

 

-wordplay



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:42 AM

Posted 16 November 2013 - 08:41 PM

Hello wordplay and Welcome -

Do you recall the exact wording of the screen "FAKE" ransomware problem.

Although 99% can be fixed the same way, some are a bit altered -

 

http://www.bleepingcomputer.com/virus-removal/remove-your-browser-has-been-locked-ransomware
The above is only 1 version that includes FBI / Police / Porn / and others.

 

If you do recall the name I can link specific directions for you -

 

Thank You -



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:42 AM

Posted 16 November 2013 - 09:05 PM

As an extra, here is a link to the names of some of the more recent versions

 

http://www.bleepingcomputer.com/forums/t/171335/spyware-and-malware-removal-guides-index/#entry1307244
 

Please check some of the names -



#4 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 16 November 2013 - 09:08 PM

No, I don't remember.  It resembles that link, but not exactly.  As best as I could see it wasn't a browser window.  It just covered the screen so there was no taskbar or desktop and couldn't get around it.  It came up during his log-in.  It isn't coming up anymore. I am concerned with the threats reported by AVG that I can't remove.  Are they related to this ransomware screen I saw or are they an entirely separate beast?

 

Thanks!



#5 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 16 November 2013 - 09:20 PM

Thanks for the information.  One of these looks closer to what I saw.  I'll read through this and follow the directions.  I'll let you know what happens. 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:42 AM

Posted 16 November 2013 - 09:59 PM

These are all listed In this Area if any will help you -
http://www.bleepingcomputer.com/virus-removal/remove-your-computer-has-been-locked-ransomware
http://www.bleepingcomputer.com/virus-removal/remove-united-states-courts-ransomware
http://www.bleepingcomputer.com/virus-removal/remove-computer-crime-intellectual-property-section
http://www.bleepingcomputer.com/virus-removal/remove-department-of-justice-ransomware
http://www.bleepingcomputer.com/virus-removal/remove-fbi-cybercrime-division-ransomware
http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware
 

Keep looking and I will keep helping you -

 

Good luck -



#7 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 17 November 2013 - 07:40 AM

I've looked through all the links and it looks like the http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware link.  Others were similar, but lacked the printout of the IP address and internet service provider info.  Of the ones that seemed similar or the same it appears that Hitman Pro and Emsisoft Emergency are the "cure".  I ran both of these and Hitman Pro didn't find anything and Emsisoft found an adware item, that I removed.

 

Since the ransomware screen is no longer coming up on the main account it seems that my earlier efforts with malwarebytes, spybot and AVG may have removed it and these two further checks are confirming that.

 

What I'm concerned about is that AVG is still reporting threats that are identified by Anti-rootkit and I can't seem to remove them.  Are these false positives?  Is there a tool that can corroborate or refute AVG?

 

Thanks very much!



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:42 AM

Posted 17 November 2013 - 02:27 PM

What I'm concerned about is that AVG is still reporting threats that are identified by Anti-rootkit and I can't seem to remove them.  Are these false positives?  Is there a tool that can corroborate or refute AVG?

Hello -

Can you post the actual readings that AVG is giving you. Since AVG is giving several Rootkit false positives at the moment, I may recognise these.

 

Also you can run this Online Scanner to check if most things are now OK -

 

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs >>How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

- a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
- b - Double click on the  icon on your desktop.

4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - NOTE - Please be patient as this will take some time (first time scans are even longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

Next -

When finished - Just update your version of Malwarebytes Anti-Malware and run a Full Scan.

The results will pop out when finished.

Please post them back here also -

 

For your results - Copy and Paste Tutorial
 

Thank You -



#9 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 17 November 2013 - 03:44 PM

Unfortunately AVG does not provide text output.  I cannot give you screen shots so I'll have to type them :

 

 

I get 58 threats that all look like this:

 

Threat name: Hidden application - Idle (with three red dots)

Result: infected

 

 

And if I show the details on one of them (they are all the same) it shows this:

 

Threat: Hidden application

Object name: Idle

Severity: High

State: Infected

Identified by: Anit-Rootkit

Date:    ...etc

 

 

I will run the other programs as you suggest.  Will post back here much later tonight... maybe 6-7hrs from now.  Thanks SOOOOO much!



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:42 AM

Posted 17 November 2013 - 05:46 PM

Thanks for the update.

I will wait, and research those results while I wait ....  . :busy:



#11 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 17 November 2013 - 11:09 PM

ESET is still running.  I'll report back in the morning.  It's 11pm here.  Thanks for standing by.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:42 AM

Posted 17 November 2013 - 11:13 PM

It may run for up to 5 or 6 hours, so be sure the power supply is secure -

 

Is this a fair picture of what you see from your AVG output ?? 90% chance of a False Positive.

 

"Infected";"High";"Hidden application";"Idle";"Infected"
"Infected";"High";"Hidden application";"Idle";"Infected"
"Infected";"High";"Hidden application";"Idle";"Infected"
"Infected";"High";"Hidden application";"Idle";"Infected"
"Infected";"High";"Hidden application";"Idle";"Infected"
"Infected";"High";"Hidden application";"Idle";"Infected"

 

From one person at the AVG forum >
I wonder if it might be a little glitch in AVG 2014 that previous scan reports will continue to list these as active? I am in the middle of another scan to see if they show up again. This often takes a few hours, so I will let you guys know the results once I get them.

And another >
Same problem here. AVG has a detrimental effect on overall performance my laptop. I don't know how they expect anyone to purchase the end product after watching the free version slow things down so greatly.


Edited by noknojon, 17 November 2013 - 11:15 PM.


#13 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 18 November 2013 - 07:38 AM

Those do look like the threats reported by AVG.



#14 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 18 November 2013 - 07:44 AM

C:\Users\HP\Documents\Downloads\setup.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Users\HP\Documents\Downloads\verizonTb_6.0.0.25(2).exe    multiple threats    cleaned by deleting - quarantined
C:\Users\HP\Documents\Downloads\verizonTb_6.0.0.25.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\HP\Documents\Unused Desktop Icons\Unused Desktop Shortcuts\Install_AIM.exe    Win32/Adware.WBug.A application    cleaned by deleting - quarantined
C:\Users\HP\Downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\HP\Downloads\Installs\StickyNotesfromIgorV\cnet2_StickyNotes_zip.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\AppData\Local\Temp\4DR6rOaA.exe.part    a variant of Win32/InstallCore.BB application    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\Documents\Downloads\CNET_TechTracker_2_0_1_51_Setup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\Documents\Downloads\setup.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\Documents\Downloads\verizonTb_6.0.0.25(2).exe    multiple threats    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\Documents\Downloads\verizonTb_6.0.0.25.exe    multiple threats    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\Documents\Unused Desktop Icons\Unused Desktop Shortcuts\Install_AIM.exe    Win32/Adware.WBug.A application    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\Downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
I:\BUPowerSpec\New2012\Downloads\Installs\StickyNotesfromIgorV\cnet2_StickyNotes_zip.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
I:\Memeo\Howard - My Passport 12-10-11\C_\Documents and Settings\Owner\My Documents\Downloads\CNET_TechTracker_2_0_1_51_Setup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Memeo\Howard - My Passport 12-10-11\C_\Documents and Settings\Owner\My Documents\Downloads\setup.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
I:\Memeo\Howard - My Passport 12-10-11\C_\Documents and Settings\Owner\My Documents\Downloads\verizonTb_6.0.0.25(2).exe    multiple threats    cleaned by deleting - quarantined
I:\Memeo\Howard - My Passport 12-10-11\C_\Documents and Settings\Owner\My Documents\Downloads\verizonTb_6.0.0.25.exe    multiple threats    cleaned by deleting - quarantined
I:\Memeo\Howard - My Passport 12-10-11\C_\Documents and Settings\Owner\My Documents\Unused Desktop Icons\Unused Desktop Shortcuts\Install_AIM.exe    Win32/Adware.WBug.A application    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\AppData\Local\Temp\4DR6rOaA.exe.part    a variant of Win32/InstallCore.BB application    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Desktop\nuancepdf_d793206.exe    a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Documents\Downloads\CNET_TechTracker_2_0_1_51_Setup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Documents\Downloads\setup.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Documents\Downloads\verizonTb_6.0.0.25(2).exe    multiple threats    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Documents\Downloads\verizonTb_6.0.0.25.exe    multiple threats    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Documents\Unused Desktop Icons\Unused Desktop Shortcuts\Install_AIM.exe    Win32/Adware.WBug.A application    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
J:\BUPowerSpec\New2012\Downloads\Installs\StickyNotesfromIgorV\cnet2_StickyNotes_zip.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201756.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201757.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201758.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201760.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201780.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201781.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201782.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201784.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0201813.exe    Win32/Toolbar.Conduit.Q application    cleaned by deleting - quarantined
J:\System Volume Information\_restore{4C542C60-8F2D-4EA8-9C3D-36A23FE6076F}\RP911\A0202252.exe    Win32/Toolbar.Conduit.Q application    cleaned by deleting - quarantined
J:\Memeo\Memeo Backup - HP1\C_\Documents and Settings\Owner\Desktop\mp3rocket.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
J:\Memeo\Memeo Backup - HP1\C_\Documents and Settings\Owner\Desktop\mp3rocket.mp3    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
J:\Memeo\Memeo Backup - HP1\C_\Documents and Settings\Owner\My Documents\Unused Desktop Icons\Unused Desktop Shortcuts\Install_AIM.exe    Win32/Adware.WBug.A application    cleaned by deleting - quarantined
J:\Memeo\Memeo Backup - HP1\C_\Documents and Settings\Owner\My Documents\Downloads\verizonTb_6.0.0.25.exe    multiple threats    cleaned by deleting - quarantined
J:\Memeo\Memeo Backup - HP1\C_\Documents and Settings\Owner\My Documents\Downloads\verizonTb_6.0.0.25(2).exe    multiple threats    cleaned by deleting - quarantined
J:\Memeo\Memeo Backup - HP1\C_\Documents and Settings\Owner\My Documents\Downloads\CNET_TechTracker_2_0_1_51_Setup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
J:\Memeo\Memeo Backup - HP1\C_\Documents and Settings\Owner\My Documents\Downloads\setup.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\ldrtbWin0.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\ldrtbWinZ.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\prxtbWin0.dll    Win32/Toolbar.Conduit.O application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\prxtbWinZ.dll    Win32/Toolbar.Conduit.O application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\tbWin0.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\tbWinZ.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\WinZipBarToolbarHelper.exe    Win32/Toolbar.Conduit.Q application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\WinZipBar\WinZipBarToolbarHelper1.exe    Win32/Toolbar.Conduit.Q application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\Registry Defense\Analyzers.dll    a variant of Win32/Adware.RegDefense application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL    a variant of Win32/FunWeb.AA application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL    Win32/Toolbar.AskSBar application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL    a variant of Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\My Documents\Unused Desktop Icons\Unused Desktop Shortcuts\Install_AIM.exe    Win32/Adware.WBug.A application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\My Documents\Downloads\CNET_TechTracker_2_0_1_51_Setup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\My Documents\Downloads\setup.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\My Documents\Downloads\verizonTb_6.0.0.25(2).exe    multiple threats    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\My Documents\Downloads\verizonTb_6.0.0.25.exe    multiple threats    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\Local Settings\Application Data\Conduit\CT3106777\WinZipBarAutoUpdateHelper.exe    Win32/Toolbar.Conduit.Q application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\Local Settings\Application Data\WinZipBar\ldrtbWin0.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\Local Settings\Application Data\WinZipBar\ldrtbWinZ.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\Local Settings\Application Data\WinZipBar\tbWin0.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
J:\ManualCopyOldSys2012may08\Documents and Settings\Owner\Local Settings\Application Data\WinZipBar\tbWinZ.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
 



#15 wordplay

wordplay
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NW Philly Burbs
  • Local time:09:42 PM

Posted 18 November 2013 - 02:42 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
HPAdmin :: HOWARD2 [administrator]

11/18/2013 7:38:32 AM
mbam-log-2013-11-18 (07-38-32).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 902787
Time elapsed: 6 hour(s), 40 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
J:\ManualCopyOldSys2012may08\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.

(end)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users