Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pup.optional Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 krypton5

krypton5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 24 January 2014 - 12:04 PM

I ran malwarebytes and it has found several Pup.optional infections.

 

Heres the log from when i ran it

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-76814CAF25 [administrator]

23/01/2014 19:22:14
MBAM-log-2014-01-24 (16-45-16).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439965
Time elapsed: 5 hour(s), 25 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\Toolbar.CT2504091 (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> No action taken.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.
HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> No action taken.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: ž2ºP•‰I³ò—2é-Ì -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data:  -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> Data: Vuze Remote Toolbar -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Documents and Settings\user\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy\E7C134AC7D344308B327D6BD7EE5B06E (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy\OpenCandy_E7C134AC7D344308B327D6BD7EE5B06E (PUP.Optional.OpenCandy) -> No action taken.

Files Detected: 60
C:\Program Files\Vuze_Remote\prxtbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Program Files\Conduit\Community Alerts\Alert1.dll (PUP.Optional.Conduit) -> No action taken.
C:\Program Files\Vuze_Remote\hk64tbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Program Files\Vuze_Remote\hktbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Program Files\Vuze_Remote\ldrtbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Program Files\Vuze_Remote\tbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\hk64tbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\hktbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\user\Local Settings\Application Data\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\user\Local Settings\Application Data\Vuze_Remote\hk64tbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\user\Local Settings\Application Data\Vuze_Remote\hktbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\user\Local Settings\Application Data\Vuze_Remote\ldrtbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\user\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\14147.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\1708.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\17781.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\2229.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\2255.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\3620.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\371.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\4489.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\8099.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\83.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy\E7C134AC7D344308B327D6BD7EE5B06E\3653.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy\E7C134AC7D344308B327D6BD7EE5B06E\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy\E7C134AC7D344308B327D6BD7EE5B06E\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy\E7C134AC7D344308B327D6BD7EE5B06E\SnapDo.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\user\Application Data\OpenCandy\E7C134AC7D344308B327D6BD7EE5B06E\SnapDo_ALL_p1v2.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)

 

 

Cheers David

Attached Files


Edited by krypton5, 24 January 2014 - 12:05 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 25 January 2014 - 08:41 PM

Hi David,

 

this doesn't look too bad.

Please run a FRST scan:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.



#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 26 February 2014 - 06:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users