Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help making sure I removed all malware...


  • Please log in to reply
1 reply to this topic

#1 nirvana83

nirvana83

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 20 June 2014 - 05:04 PM

Hi! 

Recently my son decided to download a free version of Minecraft- I have no idea the website he clicked on but all kinds of popups were on the screen when he finally came to get me. I ran Malwarebytes, and downloaded SuperAntiSpywareand ran that too. Things were found, such as sweetpacks and trojan gen-nullo,  a rouge video converter. Both logs are attached.

 

But one program, Optimum PC Boost kept popping up with messages that we had errors and wanted us to buy the program. I was surprised that neither Malwarebytes or SuperAntiSpyware caught this program, as it was continuously popping up while the scan was running. I then downloaded Kaspersky free trial and ran it, but it found no items either. I deleted the program Optimum PC Boost through add/remove hardware, but I am not convinced i am clean. 

 

While looking through the list of installed products there is something called free-4-pc-bundle. When i click to remove it, a dialog box pops up saying that when I installed it I also installed other programs (such as Google Chrome, Adobe Reader, my printer software, etc), and I know that that is not true. But the only option I have when the dialog box pops up is to remove all programs which I don't want to do. :smash:

 

Below are the logs, and the computer is running Windows XP. 

Thanks so much for any help!

Tiffany

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/19/2014

Scan Time: 5:50:29 PM

Logfile:

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.19.09

Rootkit Database: v2014.06.19.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Joanna

Scan Type: Hyper Scan

Result: Completed

Objects Scanned: 240683

Time Elapsed: 10 min, 40 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Disabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.Sweetpacks, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Video Converter, Quarantined, [6aec3743b7c4c17578a14e409969cb35],

 

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

 

Folders: 5

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\ct3240727, Quarantined, [b89e126899e20c2ab797d8b508fa54ac],

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\CT3324066, Quarantined, [5006ed8d2f4c7db9d579c3caa45e03fd],

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\CT3325809, Quarantined, [bb9b403a3843af87b896d5b8778bfd03],

PUP.Optional.Sweetpacks, C:\Program Files\SweetPacks, Quarantined, [6aec3743b7c4c17578a14e409969cb35],

PUP.Optional.Sweetpacks, C:\Program Files\SweetPacks\VideoConverter, Quarantined, [6aec3743b7c4c17578a14e409969cb35],

Files: 9

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\ct3240727\chromeid.txt, Quarantined, [b89e126899e20c2ab797d8b508fa54ac],

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\ct3240727\ctbe.exe, Quarantined, [b89e126899e20c2ab797d8b508fa54ac],

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\ct3240727\setup.ini.txt, Quarantined, [b89e126899e20c2ab797d8b508fa54ac],

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\CT3324066\ddt.csf, Quarantined, [5006ed8d2f4c7db9d579c3caa45e03fd],

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\CT3325809\ddt.csf, Quarantined, [bb9b403a3843af87b896d5b8778bfd03],

PUP.Optional.Sweetpacks, C:\Program Files\SweetPacks\VideoConverter\ffmpeg.exe, Quarantined, [6aec3743b7c4c17578a14e409969cb35],

PUP.Optional.Sweetpacks, C:\Program Files\SweetPacks\VideoConverter\settings.xml, Quarantined, [6aec3743b7c4c17578a14e409969cb35],

PUP.Optional.Sweetpacks, C:\Program Files\SweetPacks\VideoConverter\uninstall.exe, Quarantined, [6aec3743b7c4c17578a14e409969cb35],

PUP.Optional.Sweetpacks, C:\Program Files\SweetPacks\VideoConverter\VideoConverter.exe, Quarantined, [6aec3743b7c4c17578a14e409969cb35],

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/19/2014

Scan Time: 6:48:56 PM

Logfile:

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.19.09

Rootkit Database: v2014.06.19.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Joanna

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 289017

Time Elapsed: 39 min, 14 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

Files: 4

PUP.Optional.Conduit.A, C:\Documents and Settings\Joanna\Local Settings\Temp\dlLogic.exe, Quarantined, [7dd9f28828535fd7873cd36f53add42c],

PUP.Optional.SmartBar.A, C:\Documents and Settings\Joanna\Local Settings\Temp\SmartbarExeInstaller.exe, Quarantined, [d28416640d6eee48e4620618d030b34d],

PUP.Optional.SearchProtect.A, C:\Documents and Settings\Joanna\Local Settings\Temp\spstub.exe, Quarantined, [3125ef8b413a4cea7347c8bcb74ac13f],

PUP.Optional.OpenCandy, C:\Documents and Settings\Joanna\Local Settings\Temp\dlm18B.tmp\InstallRARFileOpenKnife.exe, Quarantined, [92c4e199463541f5d9d50f93fa0a0af6],

Physical Sectors: 0

(No malicious items detected)

 

(end)

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 06/19/2014 at 09:13 PM

Application Version : 5.7.1026

Core Rules Database Version : 11319

Trace Rules Database Version: 9131

 

Scan type       : Complete Scan

Total Scan Time : 01:00:26

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned      : 504

Memory threats detected   : 0

Registry items scanned    : 37160

Registry threats detected : 0

File items scanned        : 35941

File threats detected     : 18

 

Adware.Tracking Cookie

core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KZ76S8PD ]

.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.brighthouse.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

onespot-tracking.herokuapp.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.fastclick.net [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

tracking.onespot.com [ C:\DOCUMENTS AND SETTINGS\JOANNA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

 

Trojan.Agent/Gen-Nullo[Short]

C:\SYSTEM VOLUME INFORMATION\_RESTORE{93DF1093-D715-4C48-92E9-8BCA85055007}\RP320\A0046207.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{93DF1093-D715-4C48-92E9-8BCA85055007}\RP320\A0046208.EXE

 



BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:11:53 PM

Posted 20 June 2014 - 05:30 PM

 Sweetpacks and Conduit are two really nasty forms of malware to get rid of.  You could try several things including running those two programs in Safe Mode, but when I got hit by those I ended up restoring my computer to factory settings.  The first thing you should do is make sure you have any data you don't want to lose backed up.  Then make sure you have the discs you'll need if you have to restore to factory settings.  Then, if you still have a problem, you could try doing a System Restore to prior to the beginning of your problem.  

 If you still have a problem, see the recommendations by Boopme here

http://www.bleepingcomputer.com/forums/t/538250/jskryptiki-trojan/?hl=%2Bboopme#entry3400319

 

 When you've gotten your system back like you want it, I urge you to get yourself an external hard drive and a good 3rd party backup program. You can set it up to do everything automagically at the time and frequency of your choice. 1 TB external hard drives are about $60 these days and a really good FREE backup program is the Easeus Todo Backup Free.  That can save you a lot of time and frustration the next time something like this happens. Sooner or later it happens to all computers for one reason or another.
 
 Good luck.

Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users