Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.FakeMS


  • This topic is locked This topic is locked
28 replies to this topic

#16 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 21 November 2014 - 10:21 AM

Ah, that looks much better. :thumbsup2:

Using Windows Explorer please navigate to the below entry and see if you can delete it.

C:\Users\Store\AppData\Roaming\麽鎒駓覜

 

Please let me know how your computer is running.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#17 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 21 November 2014 - 08:47 PM

I can not find C:\Users\Store\AppData\Roaming\麽鎒駓覜 in the roaming folder.



#18 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 21 November 2014 - 10:20 PM

Thank you for checking. How is your computer behaving?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#19 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 23 November 2014 - 10:04 AM

Computer seems to be working fine but it was working pretty well before we found the virus too.



#20 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 23 November 2014 - 10:08 AM

Very good. Here are our next steps.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#21 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 November 2014 - 10:52 AM

Emsisoft Emergency Kit - Version 9.0
Last update: 11/24/2014 10:05:15 AM
User account: SweetNicholasAd\Sweet Nicholas Admin

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 11/24/2014 10:06:05 AM
Value: HKEY_USERS\S-1-5-21-156844327-1427955894-274932498-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-156844327-1427955894-274932498-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A66011AC-E6B2-E79A-2985-5D60896EB5EE}-acofi.exe -> (Quarantine-PE)  detected: Gen:Variant.Kazy.491365 (B)

Scanned 164140
Found 3

Scan end: 11/24/2014 10:36:16 AM
Scan time: 0:30:11

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A66011AC-E6B2-E79A-2985-5D60896EB5EE}-acofi.exe Quarantined Gen:Variant.Kazy.491365 (B)
Value: HKEY_USERS\S-1-5-21-156844327-1427955894-274932498-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-156844327-1427955894-274932498-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)

Quarantined 3

 

-__________________________________________________________________________________

 Results of screen317's Security Check version 0.99.90 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader XI 
 Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 



#22 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 24 November 2014 - 11:02 AM

Things look good. Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#23 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 November 2014 - 11:24 AM

Not that we are aware of, we were just looking to make sure we completely removed this Trojan horse and anything else that might have been working in the background. The computer has not given us any issues.



#24 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 24 November 2014 - 11:27 AM

Would you like to give it a day of testing before we part ways or do you think you are all set?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#25 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 November 2014 - 11:41 AM

If you think the scans look good we are probably all set. Should I remove all of these programs from the PC?



#26 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 24 November 2014 - 11:43 AM

Very good. Here is some information for you.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#27 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 November 2014 - 12:17 PM

Is there a tutorial on how to remove these programs from the PC (must not be as simple as deleting from the desktop)? I can't find the JRT, FRST or Emsisoft program in the uninstall programs



#28 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 24 November 2014 - 02:02 PM

For JRT and FRST just delete the icon. For Emsisoft all you have to do is delete the icon on the desktop and the folder C:\EEK. None of the programs are permanently installed on your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#29 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 26 November 2014 - 01:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users