Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Bytes Reported 44 Objects Infected


  • Please log in to reply
7 replies to this topic

#1 Bedbrossian

Bedbrossian

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 11 January 2014 - 10:23 AM

Hi all,

Malware bytes said it removed all these threats yesterday and now they are back. Can someone help me remove them for good.

Thanks,

Alex

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2014.01.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
SYSTEM :: ALEX-PC [administrator]

Protection: Enabled

1/10/2014 4:05:02 PM
mbam-log-2014-01-10 (16-05-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 265010
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Consumer Input\dca-ua.exe (PUP.Optional.Consumer.Input.A) -> 1672 -> No action taken.

Memory Modules Detected: 1
C:\Program Files (x86)\Consumer Input\dca-api.dll (PUP.Optional.Consumer.Input.A) -> No action taken.

Registry Keys Detected: 12
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\dcabho.Dca.1 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\dcabho.Dca (PUP.Optional.Consumer.Input.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\Interface\{15527BF5-9729-49DC-889C-9F956983154C} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CptUrlPassthru.HttpMonitor.1 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CptUrlPassthru.HttpMonitor (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9} (PUP.Optional.Consumer.Input.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Program Files (x86)\Consumer Input (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Chrome (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\chrome (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\defaults (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\defaults\preferences (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\META-INF (PUP.Optional.Consumer.Input.A) -> No action taken.

Files Detected: 21
C:\$Recycle.Bin\S-1-5-21-964799061-1939820016-1842410600-1000\$RYP9VOP.exe (PUP.Optional.Verti) -> No action taken.
C:\Program Files (x86)\Consumer Input\ConsumerInputDiagnosticTool.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\CptUrlPassthru.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\dca-api.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\dca-ua.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\log4cxx.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\uninstall.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\uninstall.ico (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\uninstall.log (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Chrome\cicr-3.1.0-2123.crx (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Chrome\uninstall.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Chrome\uninstall.ico (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\uninstall.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\uninstall.ico (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\chrome.manifest (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\install.rdf (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\chrome\ciff.jar (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\defaults\preferences\preferences.js (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\META-INF\manifest.mf (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\META-INF\zigbert.rsa (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Firefox\src\META-INF\zigbert.sf (PUP.Optional.Consumer.Input.A) -> No action taken.

(end)
 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 11 January 2014 - 01:26 PM

You will need to update then do a quick scan,this time tick each item for removal post the new log.

 

 

Step 1

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

Step 2

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3.

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and Remove Found Threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    •  
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Step 4.

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.


Edited by InadequateInfirmity, 11 January 2014 - 01:26 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 11 January 2014 - 08:53 PM

NOTE: Your Malwarebytes Anti-Malware log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having Malwarebytes remove the threats. To confirm if everything was removed:
  • Rescan again (Quick Scan) in normal mode.
  • Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning.
  • Make sure that everything detected is checked and then click the Remove Selected button.
  • Then click the Logs tab and copy/paste the contents of the new report in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 11 January 2014 - 11:44 PM

Thank you quiet man I did provide those instructions if you notice at the top,although yours are a bit more detailed. :)



#5 BeeBalm

BeeBalm

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 19 August 2014 - 03:26 PM

Hi, My brother made the same mistake as described by Quietman. Yesterday I followed the instructions in this post but was not completely successful in removing PUP.Optional.Verti 

 

I would greatly appreciate assistance to remove this item and all of it's spawn from my brothers computer.

 

Thanks



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 19 August 2014 - 03:41 PM

I would greatly appreciate assistance to remove this item and all of it's spawn from my brothers computer.

If you need assistance, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 BeeBalm

BeeBalm

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 19 August 2014 - 04:20 PM

Sorry... 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 19 August 2014 - 04:30 PM

No need to apologize...you're a new member and in the process of learning how to use our forums.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users