Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware


  • Please log in to reply
1 reply to this topic

#1 melen001

melen001

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:29 AM

Posted 15 June 2014 - 11:41 AM

Split from http://www.bleepingcomputer.com/forums/t/537272/trying-to-rule-out-malwarevirus/page-2#entry3395561

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\Cloud_Backup_Setup_us.exe.vir    Win32/MyPCBackup.A potentially unwanted application    deleted - quarantined
C:\MGtools\Process.exe    Win32/PrcView potentially unsafe application    deleted - quarantined
C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe    a variant of Win32/Bunndle potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\awatch.exe    a variant of Win32/AdapterWatch.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\BulletsPassView.exe    a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\ChromePass.exe    Win32/PSWTool.ChromePass.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\LSASecretsDump.exe    Win32/PSWTool.LsaSecretsDump.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\LSASecretsView.exe    Win32/PSWTool.LsasView potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\OperaPassView.exe    Win32/PSWTool.OperaPassView potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\OutlookAddressBookView.exe    a variant of Win32/OutlookAddressBookView.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\PasswordFox.exe    Win32/PSWTool.PassFox.D potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\PasswordScan.exe    a variant of Win32/PSWTool.WebBrowserPassView.C potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\ProduKey.exe    a variant of Win32/PSWTool.ProductKey potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\PstPassword.exe    Win32/PSWTool.PstPassword.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\rdpv.exe    Win32/PSWTool.RDPassView.NAA potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\SkypeLogView.exe    a variant of Win32/SkypeLogView.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\smsniff.exe    a variant of Win32/Sniffer.SniffPass.B potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\SniffPass.exe    a variant of Win32/Sniffer.SniffPass.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\strun.exe    Win32/StartupRun.AB potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\VNCPassView.exe    Win32/PSWTool.VNCPassView.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\WebBrowserPassView.exe    Win32/PSWTool.WebBrowserPassView.B potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\WirelessKeyView.exe    a variant of Win32/WirelessKeyView.A potentially unsafe application    deleted - quarantined
C:\Users\melen\AppData\Roaming\NirSoft Utilities\WirelessNetView.exe    probably a variant of Win32/PSWTool.WirelessNetView.A potentially unsafe application    deleted - quarantined
 
MiniToolBox by Farbar  Version: 13-06-2014
Ran by melen (administrator) on 15-06-2014 at 12:08:13
Running from "C:\Users\melen\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type",

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 2200 = Wireless Network Connection (Connected)
Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 3" address=192.168.184.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : melen-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 9C-4E-36-40-BE-81
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 9C-4E-36-40-BE-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2200
   Physical Address. . . . . . . . . : 9C-4E-36-40-BE-80
   DHCP Enabled. . . . . . . . . . . : Yes
 
 
 
# AdwCleaner v3.212 - Report created 15/06/2014 at 12:12:21
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : melen - MELEN-PC
# Running from : C:\Users\melen\Documents\Tools & Applications\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\melen\AppData\Roaming\Mozilla\Firefox\Profiles\mo3gr1t5.default-1357882393975\prefs.js ]


[ File : C:\Users\melen\AppData\Roaming\Mozilla\Firefox\Profiles\yqwqyau9.default-1383896576037\prefs.js ]


*************************

AdwCleaner[R0].txt - [7042 octets] - [25/04/2014 02:24:01]
AdwCleaner[R10].txt - [2049 octets] - [07/05/2014 17:15:49]
AdwCleaner[R11].txt - [2110 octets] - [08/05/2014 12:30:02]
AdwCleaner[R12].txt - [2171 octets] - [10/05/2014 23:45:50]
AdwCleaner[R13].txt - [2232 octets] - [11/05/2014 15:37:53]
AdwCleaner[R14].txt - [2503 octets] - [27/05/2014 11:39:04]
AdwCleaner[R15].txt - [2585 octets] - [27/05/2014 11:45:12]
AdwCleaner[R16].txt - [8228 octets] - [02/06/2014 19:08:25]
AdwCleaner[R17].txt - [5052 octets] - [04/06/2014 20:25:18]
AdwCleaner[R18].txt - [2347 octets] - [04/06/2014 21:26:20]
AdwCleaner[R19].txt - [2408 octets] - [05/06/2014 10:33:09]
AdwCleaner[R1].txt - [1674 octets] - [25/04/2014 02:36:40]
AdwCleaner[R20].txt - [2359 octets] - [07/06/2014 15:35:08]
AdwCleaner[R21].txt - [2441 octets] - [10/06/2014 15:38:50]
AdwCleaner[R22].txt - [5004 octets] - [11/06/2014 11:17:06]
AdwCleaner[R23].txt - [2563 octets] - [15/06/2014 01:33:10]
AdwCleaner[R24].txt - [1762 octets] - [15/06/2014 12:12:21]
AdwCleaner[R2].txt - [1534 octets] - [25/04/2014 02:56:45]
AdwCleaner[R3].txt - [1602 octets] - [25/04/2014 03:07:43]
AdwCleaner[R4].txt - [1662 octets] - [25/04/2014 12:31:31]
AdwCleaner[R5].txt - [1703 octets] - [26/04/2014 23:01:09]
AdwCleaner[R6].txt - [1807 octets] - [29/04/2014 10:49:34]
AdwCleaner[R7].txt - [1867 octets] - [01/05/2014 16:11:38]
AdwCleaner[R8].txt - [1927 octets] - [04/05/2014 19:31:57]
AdwCleaner[R9].txt - [2045 octets] - [07/05/2014 17:12:55]
AdwCleaner[S0].txt - [6809 octets] - [25/04/2014 02:26:13]
AdwCleaner[S1].txt - [1771 octets] - [25/04/2014 02:45:39]
AdwCleaner[S2].txt - [1610 octets] - [25/04/2014 03:04:14]
AdwCleaner[S3].txt - [5628 octets] - [04/06/2014 20:28:14]
AdwCleaner[S4].txt - [2623 octets] - [15/06/2014 01:33:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R24].txt - [2603 octets] ##########
 
 
 
Not able to run Junkware Removal Tool.............   I have removed , just in case, all Nirsoft Utilities and Tools.......  Also removed Sysinternals Suite just in case........

Edited by boopme, 16 June 2014 - 01:46 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 16 June 2014 - 01:52 PM

Looks clean there run these 2... first is quick , second is long.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .

    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users