Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some kind of pop-up saying my download is ready and chats


  • Please log in to reply
19 replies to this topic

#1 ngoegan

ngoegan

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 09 March 2015 - 02:55 AM

The other day I searched for ballet play lists and clicked on one that infected me. 

 

I'm getting pop ups on chrome for a chat and another saying your download is ready, install now, and I can't close the window without shutting chrome down through task manager. 

 

I'm running Windows 8 on a gateway nv570P09u laptop. 

 

I also uninstalled quicktime plugin on chrome around the same time - not sure if it's related.

 

I ran housecall and eset in regular mode and adwcleaner in safe mode and it cleaned a couple things but I'm still getting the pop ups. 

 

Please help, thank you.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:47 AM

Posted 11 March 2015 - 03:58 PM

Hi. I'm checking your log now and will reply with instructions soon.

#3 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 March 2015 - 06:12 PM

Great! Thank you :)



#4 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:47 AM

Posted 11 March 2015 - 09:05 PM

Please follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
CloseProcesses:
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
HKU\S-1-5-21-1070660219-1124215466-1966399662-1001\...\MountPoints2: {70420241-7226-11e3-be7b-48d224f14929} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\start.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
CustomCLSID: HKU\S-1-5-21-1070660219-1124215466-1966399662-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Naomi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Naomi\SkyDrive:ms-properties
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, this time click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the most recent report).
3.- Please download RogueKiller and Save to the desktop.
Note: Do NOT click the Delete button, unless otherwise instructed.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • Once the scan is done, click on Report.
  • A log file will open, please copy/paste the context of that file into your next reply.


#5 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 12 March 2015 - 02:22 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Naomi at 2015-03-11 23:48:06 Run:1
Running from C:\Users\Naomi\Desktop
Loaded Profiles: Naomi (Available profiles: Naomi)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
HKU\S-1-5-21-1070660219-1124215466-1966399662-1001\...\MountPoints2: {70420241-7226-11e3-be7b-48d224f14929} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\start.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
CustomCLSID: HKU\S-1-5-21-1070660219-1124215466-1966399662-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Naomi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Naomi\SkyDrive:ms-properties
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe not found.
"HKU\S-1-5-21-1070660219-1124215466-1966399662-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70420241-7226-11e3-be7b-48d224f14929}" => Key deleted successfully.
HKCR\CLSID\{70420241-7226-11e3-be7b-48d224f14929} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll not found.
cpuz136 => Unable to stop service
cpuz136 => Service deleted successfully.
"HKU\S-1-5-21-1070660219-1124215466-1966399662-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
C:\Users\Naomi\SkyDrive => ":ms-properties" ADS removed successfully.
EmptyTemp: => Removed 2.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:49:28 ====


#6 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 12 March 2015 - 02:50 AM

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 00:47:08
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Naomi - GOEGANFAM
# Running from : C:\Users\Naomi\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [2108 bytes] - [07/03/2015 02:40:17]
AdwCleaner[R1].txt - [865 bytes] - [07/03/2015 02:49:17]
AdwCleaner[R2].txt - [1725 bytes] - [08/03/2015 23:35:21]
AdwCleaner[R3].txt - [1099 bytes] - [08/03/2015 23:40:34]
AdwCleaner[R4].txt - [1218 bytes] - [12/03/2015 00:23:19]
AdwCleaner[S0].txt - [1743 bytes] - [07/03/2015 02:46:26]
AdwCleaner[S1].txt - [930 bytes] - [07/03/2015 03:20:28]
AdwCleaner[S2].txt - [1801 bytes] - [08/03/2015 23:37:16]
AdwCleaner[S3].txt - [1166 bytes] - [08/03/2015 23:42:23]
AdwCleaner[S4].txt - [1146 bytes] - [12/03/2015 00:47:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1205  bytes] ##########


#7 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 12 March 2015 - 03:06 AM

RogueKiller V10.5.3.0 (x64) [Mar 10 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Naomi [Administrator]
Started from : C:\Users\Naomi\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 03/12/2015  00:59:48
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15A3C939-CF68-4490-9BB5-74EE470690EC} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CEFBF6C3-B255-4479-9769-A0E50F988575} | DhcpNameServer : 10.0.1.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15A3C939-CF68-4490-9BB5-74EE470690EC} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CEFBF6C3-B255-4479-9769-A0E50F988575} | DhcpNameServer : 10.0.1.1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Microsoft OneDrive Auto Update Task-S-1-5-21-1070660219-1124215466-1966399662-1001 -- %localappdata%\Microsoft\OneDrive\OneDrive.exe -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVX-22JC3T0 +++++
--- User ---
[MBR] f0868fd858904d31322be0531dfae0a8
[BSP] ace95a39a90447d851712fe78fa0be3b : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 697190 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1429542912 | Size: 350 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1430259712 | Size: 17035 MB
User = LL1 ... OK
User = LL2 ... OK


#8 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 12 March 2015 - 03:09 AM

That should be it. I'll wait for your further instructions  :)



#9 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:47 AM

Posted 12 March 2015 - 02:18 PM

Please follow these steps:

1.- Download Malwarebytes Anti-Malware and save it to your desktop.

  • Please open Malwarebytes Anti-Malware

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.

Capture1_zps47821576.jpg

  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.

MBAM%20rootkit%20setting.jpg

  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
  • After viewing the results, please click on the Copy to Clipboard button > OK.
  • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

2.- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.

  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes and if it finds anything, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#10 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 12 March 2015 - 11:31 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/12/2015
Scan Time: 7:07:19 PM
Logfile: malwarebyteslog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.13.01
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Naomi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345740
Time Elapsed: 26 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)


#11 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 13 March 2015 - 01:52 AM

C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Users\Naomi\Documents\Naomi\Business Marketing Solutions\Citivest\web\mail\creativemarketingsolutionsthatwork.com\chris\new\1348351424.H530238P2185.gator1147.hostgator.com,S=3035 HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Naomi\Documents\Naomi\Business Marketing Solutions\Citivest\web\mail\creativemarketingsolutionsthatwork.com\chris\new\1350766135.H125880P3746.gator1147.hostgator.com,S=4568 HTML/Phishing.Agent.A trojan cleaned by deleting - quarantined


#12 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:47 AM

Posted 13 March 2015 - 09:06 AM

The Malwarebytes log is incomplete, please post the complete log.



#13 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 13 March 2015 - 06:37 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/12/2015
Scan Time: 7:07:19 PM
Logfile: malwarebyteslog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.13.01
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Naomi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345740
Time Elapsed: 26 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:47 AM

Posted 14 March 2015 - 07:52 AM

Your logs looks OK. How are things running?



#15 ngoegan

ngoegan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 14 March 2015 - 12:46 PM

I'm still getting pop ups in chrome
I'm still getting popups in chrome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users