Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Virus Is Keeping Me From Installing AV/MBAM


  • Please log in to reply
7 replies to this topic

#1 CleepingBomputer

CleepingBomputer

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 11 May 2015 - 01:09 PM

Hello all, I'm very new here and have only browsed in the past, as I am usually pretty good at fixing these things on my own, but this one has me stumped.  Several days ago my laptop started acting up.  My network seemed bogged down, load times increased and fan noise started to fluctuate.  Yesterday it came to a peak and I opened task manager to see a bunch of randomly named processes alternating between taking up 99%-100% CPU and 99%-100% Memory.  I ended them and upon doing so my laptop sped back up and acted normal for a bit.  This made me start to think I may have some sort of virus or malware on my laptop.  I have just gotten this laptop recently, so I have yet to install the antivirus software I generally have on my computers, so I went online and found downloads for avast and malwarebytes to try and remove any malicious software present.  Both installers downloaded perfectly but I cannot run either.  I have a snapshot of the errors I get below.  I have also tried avira and AVG to only receive either the same or similar messages.  I have tried loading them from a USB pre-installed, I have tried safe mode, I have made sure I have security clearance for all these files and yet it still is freaking out on me.  Any ideas?  If you need more information please allow me to gather it for you, I really need to get this solved so I can securely start looking for another job.  Thanks for any and all help!

 

Here are sorta the highlights of what is happening overall, except my CPU and Memory have not spiked in a bit so I did not get a capture of that, however you can see several of the oddly named processes, error messages are from double-clicking both the Mbam setup application and the Avast installer:

Highlights.jpg

 

Another Mbam error, trying to run as adminastrator: 

 

Probleems.jpg

 

 

Annnnd another Mbam error, upon trying to delete it:

 

Problems2.jpg

 

 

Laptop: http://www.amazon.com/Toshiba-Satellite-S55-B5280-Laptop-Windows/dp/B00LKAD9SO (THIS IS NOT AN ADVERTISEMENT, MERELY A DESCRIPTION OF MY CURRENT SETUP)



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:11 PM

Posted 11 May 2015 - 01:13 PM

Hello, and welcome :)

Let's try something to get past these.

Rkill by Grinler

Please download Rkill by Grinler and save it to your desktop.
Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
    Vista/7/8 users right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
After that try this.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
If it does not work, let me know.

Regards,
Alex

Edited by Alexstrasza, 11 May 2015 - 01:17 PM.


#3 TheLaughingITMann

TheLaughingITMann

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 11 May 2015 - 01:41 PM

I would also recommend running ADWCleaner.

 

http://www.bleepingcomputer.com/download/adwcleaner/

 

Run it, click "Scan", click "Cleaning" (confirm your choice when the window pops up), let it run. It'll then pop up with two windows, insisting that the program's not a recommended AV, and it'll have to reboot your PC. When it reboots, re-run it and click "Uninstall", then confirm when it says it'll clear out the quarantine. It'll then remove the .exe and vanish.

 

Emsisoft and Rkill are definitely useful. Just make sure you run Rkill BEFORE you do any types of virus/malware scans, just in case.



#4 CleepingBomputer

CleepingBomputer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 11 May 2015 - 03:10 PM

Thanks to both of you for very friendly, effective and timely help!

I ran everything you all suggested with RKill being first, which ended all the weird processes (27 in total).  I then ran ADWCleaner and it picked up nothing so I went to EEK and did a scan that presented a number of infections, mostly listed as trojan or gen, a little over 100 in total.  I deleted them all but it said that it couldnt remove the helper.exe it detected as a high risk and to see advice online.  I then rebooted like prompted and noticed the only weird process running was the helper.exe and I ran rkill and it terminated the process.  How should I go about removing this?  I still get errors when trying to install mbam.

Here is the log with the helper.exe highlighted:
 
 

Scan start: 5/11/2015 2:54:03 PM
Value: HKEY_USERS\S-1-5-21-1255661363-3999416903-35394835-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> SVCHOST  detected: Adware.Win32.StartPage (A)
C:\Program Files (x86)\R.G. Mechanics\Total War - Rome II\steam_api.dll  detected: Application.Hacktool.IK (B)
C:\ProgramData\127445\helpusyaer.exe  detected: Trojan.GenericKD.2311656 (B)
C:\ProgramData\249895\helper.exe detected: Gen:Variant.Kazy.600516 (B)
C:\ProgramData\249995\249898\234553.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\498ht48h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\38rf7h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\89h98h.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\ProgramData\249995\249898\847hgth.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\e8r7h4rh.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\9r8h48h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\4ZmIyrF.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\er7hf487h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\7h83h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\FTP Windows.exe  detected: Gen:Variant.Kazy.606933 (B)
C:\ProgramData\249995\249898\este.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\ProgramData\249995\249898\igf.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Idle Msconfig.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\r9fh4r8h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Mozilla.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Win Google Chrome.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\svh.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Window Server.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Window Dick.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Windows Dicks.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Windows Builder.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\291032\repair.exe  detected: Gen:Variant.Kazy.592682 (B)
C:\ProgramData\msovj.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msjwfg.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msodou.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msnbbs.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msrjcv.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\Windows Server\wserver.exe  detected: Gen:Variant.Kazy.608624 (B)
C:\Users\Jacob\AppData\Local\Temp\1020  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\1046  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\1192  detected: Trojan.GenericKD.2356848 (B)
C:\Users\Jacob\AppData\Local\Temp\1047  detected: Trojan.GenericKD.2311656 (B)
C:\Users\Jacob\AppData\Local\Temp\1525  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\1666  detected: Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\1773  detected: Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\1753  detected: Trojan.GenericKD.2257730 (B)
C:\Users\Jacob\AppData\Local\Temp\1910  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2145  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2067  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\2346  detected: Gen:Variant.Kazy.608624 (B)
C:\Users\Jacob\AppData\Local\Temp\2355  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2504  detected: Gen:Variant.Kazy.601648 (B)
C:\Users\Jacob\AppData\Local\Temp\2512  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\2608  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2887  detected: Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\3286  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\3472  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\3083  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\3505  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\3281  detected: Trojan.Generic.13257701 (B)
C:\Users\Jacob\AppData\Local\Temp\3532f4.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\3758  detected: Gen:Variant.Kazy.592682 (B)
C:\Users\Jacob\AppData\Local\Temp\3917  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\3952  detected: Trojan.GenericKD.2297081 (B)
C:\Users\Jacob\AppData\Local\Temp\4398579587.exe  detected: Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\5033  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\4781  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\5535  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\5270  detected: Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\5713  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\5478  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\598ug98u.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\6342  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\6184  detected: Gen:Variant.Kazy.378739 (B)
C:\Users\Jacob\AppData\Local\Temp\66904.exe  detected: Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\6668  detected: Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\7040  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\7485  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\7196  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\75455.exe  detected: Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\7577  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\7676  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\7889  detected: Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\7717  detected: Trojan.GenericKD.2257730 (B)
C:\Users\Jacob\AppData\Local\Temp\8142  detected: Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\8164  detected: Gen:Variant.Kazy.378739 (B)
C:\Users\Jacob\AppData\Local\Temp\8349  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8836  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8985  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\98fj98j333.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\98j98h.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\9hr48h3.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\Apex.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\conhost.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\conhosts.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\DBOVLZSSGSDOORLU.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\Console.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\er8v4h8r73h.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\er9vhe9h222.exe  detected: Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\eruiu3444.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\esetgui.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\firefox.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\Google Chrome.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\HIDFHRRJSDTEJEOJ.exe  detected: Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\HWU.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\HZSDRYHYSVCYTYJA.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\j2B25IMh\helper.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\KB108750156.exe  detected: Gen:Variant.Kazy.605503 (B)
C:\Users\Jacob\AppData\Local\Temp\KB669240140.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\KB761766375.exe  detected: Trojan.GenericKD.2328332 (B)
C:\Users\Jacob\AppData\Local\Temp\llasss.exe  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\Lols.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\msiqaunr.pif  detected: Gen:Variant.Kazy.219676 (B)
C:\Users\Jacob\AppData\Local\Temp\r09er0r9.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\rhvtryh333.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\Skype.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\stpos.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\Windows Dick.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\Downloads\GTA V CRACK SKIDROW.rar -> GTA V CRACK SKIDROW\GTAVLauncher.exe  detected: Gen:Heur.MSIL.Androm.3 (B)
C:\Users\Jacob\Downloads\GTA V CRACK SKIDROW.rar -> GTA V CRACK SKIDROW\PlayGTAV.exe  detected: Trojan.GenericKD.2297081 (B)
C:\Users\Jacob\Downloads\ninja-setup-3.0.6.exe  detected: Application.InstallAd (A)
C:\Windows\SysWOW64\clientsvr.exe  detected: Gen:Variant.Kazy.600516 (B)


Scanned 376590
Found 117


Scan end: 5/11/2015 4:00:07 PM
Scan time: 1:06:04

Edited by CleepingBomputer, 11 May 2015 - 03:12 PM.


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:11 PM

Posted 11 May 2015 - 03:16 PM

Hi there,

Please post the full logs from Rkill and Emsisoft Emergency Kit - don't use any special formatting, just copy and paste them into your reply.

After that download Temp File Cleaner and run it to clear out all of your temporary files.

Then delete all existing copies of the MBAM installation files, re-run Rkill and follow the instructions below.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


When MBAM finishes scanning or if the installation continues to fail, let me know.

Regards,
Alex

#6 CleepingBomputer

CleepingBomputer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 11 May 2015 - 03:21 PM

EEK: (Have to format because it tells me I'm exceeding the emoticon limit due to all the B) there are)

 

Emsisoft Emergency Kit - Version 9.0
Last update: 5/11/2015 2:28:55 PM
User account: ATLUS-LAPTOP\Jacob


Scan settings:


Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\


Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off


Scan start: 5/11/2015 2:54:03 PM
Value: HKEY_USERS\S-1-5-21-1255661363-3999416903-35394835-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> SVCHOST  detected: Adware.Win32.StartPage (A)
C:\Program Files (x86)\R.G. Mechanics\Total War - Rome II\steam_api.dll  detected: Application.Hacktool.IK (B)
C:\ProgramData\127445\helpusyaer.exe  detected: Trojan.GenericKD.2311656 (B)
C:\ProgramData\249895\helper.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\ProgramData\249995\249898\234553.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\498ht48h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\38rf7h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\89h98h.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\ProgramData\249995\249898\847hgth.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\e8r7h4rh.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\9r8h48h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\4ZmIyrF.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\er7hf487h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\7h83h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\FTP Windows.exe  detected: Gen:Variant.Kazy.606933 (B)
C:\ProgramData\249995\249898\este.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\ProgramData\249995\249898\igf.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Idle Msconfig.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\r9fh4r8h.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Mozilla.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Win Google Chrome.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\svh.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Window Server.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Window Dick.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Windows Dicks.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Windows Builder.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\ProgramData\291032\repair.exe  detected: Gen:Variant.Kazy.592682 (B)
C:\ProgramData\msovj.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msjwfg.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msodou.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msnbbs.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\msrjcv.exe  detected: Trojan.Agent.BHSL (B)
C:\ProgramData\Windows Server\wserver.exe  detected: Gen:Variant.Kazy.608624 (B)
C:\Users\Jacob\AppData\Local\Temp\1020  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\1046  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\1192  detected: Trojan.GenericKD.2356848 (B)
C:\Users\Jacob\AppData\Local\Temp\1047  detected: Trojan.GenericKD.2311656 (B)
C:\Users\Jacob\AppData\Local\Temp\1525  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\1666  detected: Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\1773  detected: Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\1753  detected: Trojan.GenericKD.2257730 (B)
C:\Users\Jacob\AppData\Local\Temp\1910  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2145  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2067  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\2346  detected: Gen:Variant.Kazy.608624 (B)
C:\Users\Jacob\AppData\Local\Temp\2355  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2504  detected: Gen:Variant.Kazy.601648 (B)
C:\Users\Jacob\AppData\Local\Temp\2512  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\2608  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2887  detected: Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\3286  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\3472  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\3083  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\3505  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\3281  detected: Trojan.Generic.13257701 (B)
C:\Users\Jacob\AppData\Local\Temp\3532f4.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\3758  detected: Gen:Variant.Kazy.592682 (B)
C:\Users\Jacob\AppData\Local\Temp\3917  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\3952  detected: Trojan.GenericKD.2297081 (B)
C:\Users\Jacob\AppData\Local\Temp\4398579587.exe  detected: Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\5033  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\4781  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\5535  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\5270  detected: Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\5713  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\5478  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\598ug98u.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\6342  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\6184  detected: Gen:Variant.Kazy.378739 (B)
C:\Users\Jacob\AppData\Local\Temp\66904.exe  detected: Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\6668  detected: Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\7040  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\7485  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\7196  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\75455.exe  detected: Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\7577  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\7676  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\7889  detected: Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\7717  detected: Trojan.GenericKD.2257730 (B)
C:\Users\Jacob\AppData\Local\Temp\8142  detected: Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\8164  detected: Gen:Variant.Kazy.378739 (B)
C:\Users\Jacob\AppData\Local\Temp\8349  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8836  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8985  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\98fj98j333.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\98j98h.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\9hr48h3.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\Apex.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\conhost.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\conhosts.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\DBOVLZSSGSDOORLU.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\Console.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\er8v4h8r73h.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\er9vhe9h222.exe  detected: Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\eruiu3444.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\esetgui.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\firefox.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\Google Chrome.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\HIDFHRRJSDTEJEOJ.exe  detected: Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\HWU.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\HZSDRYHYSVCYTYJA.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\j2B25IMh\helper.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\KB108750156.exe  detected: Gen:Variant.Kazy.605503 (B)
C:\Users\Jacob\AppData\Local\Temp\KB669240140.exe  detected: Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\KB761766375.exe  detected: Trojan.GenericKD.2328332 (B)
C:\Users\Jacob\AppData\Local\Temp\llasss.exe  detected: Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\Lols.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\msiqaunr.pif  detected: Gen:Variant.Kazy.219676 (B)
C:\Users\Jacob\AppData\Local\Temp\r09er0r9.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\rhvtryh333.exe  detected: Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\Skype.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\stpos.exe  detected: Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\Windows Dick.exe  detected: Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\Downloads\GTA V CRACK SKIDROW.rar -> GTA V CRACK SKIDROW\GTAVLauncher.exe  detected: Gen:Heur.MSIL.Androm.3 (B)
C:\Users\Jacob\Downloads\GTA V CRACK SKIDROW.rar -> GTA V CRACK SKIDROW\PlayGTAV.exe  detected: Trojan.GenericKD.2297081 (B)
C:\Users\Jacob\Downloads\ninja-setup-3.0.6.exe  detected: Application.InstallAd (A)
C:\Windows\SysWOW64\clientsvr.exe  detected: Gen:Variant.Kazy.600516 (B)


Scanned 376590
Found 117


Scan end: 5/11/2015 4:00:07 PM
Scan time: 1:06:04


C:\Windows\SysWOW64\clientsvr.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\Downloads\ninja-setup-3.0.6.exe Deleted Application.InstallAd (A)
C:\Users\Jacob\Downloads\GTA V CRACK SKIDROW.rar Deleted Trojan.GenericKD.2297081 (B)
C:\Users\Jacob\AppData\Local\Temp\Windows Dick.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\stpos.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\Skype.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\rhvtryh333.exe Deleted Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\r09er0r9.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\Lols.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\llasss.exe Deleted Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\KB761766375.exe Deleted Trojan.GenericKD.2328332 (B)
C:\Users\Jacob\AppData\Local\Temp\KB669240140.exe Deleted Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\KB108750156.exe Deleted Gen:Variant.Kazy.605503 (B)
C:\Users\Jacob\AppData\Local\Temp\j2B25IMh\helper.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\HZSDRYHYSVCYTYJA.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\HWU.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\HIDFHRRJSDTEJEOJ.exe Deleted Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\Google Chrome.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\firefox.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\esetgui.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\eruiu3444.exe Deleted Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\er9vhe9h222.exe Deleted Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\er8v4h8r73h.exe Deleted Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\Console.exe Deleted Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\DBOVLZSSGSDOORLU.exe Deleted Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\conhosts.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\conhost.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\Apex.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\9hr48h3.exe Deleted Trojan.GenericKD.2389383 (B)
C:\Users\Jacob\AppData\Local\Temp\98j98h.exe Deleted Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\98fj98j333.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8985 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8836 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8349 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\8164 Deleted Gen:Variant.Kazy.378739 (B)
C:\Users\Jacob\AppData\Local\Temp\8142 Deleted Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\7717 Deleted Trojan.GenericKD.2257730 (B)
C:\Users\Jacob\AppData\Local\Temp\7889 Deleted Gen:Variant.Kazy.608895 (B)
C:\Users\Jacob\AppData\Local\Temp\7676 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\7577 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\75455.exe Deleted Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\7196 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\7485 Deleted Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\7040 Deleted Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\6668 Deleted Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\66904.exe Deleted Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\6184 Deleted Gen:Variant.Kazy.378739 (B)
C:\Users\Jacob\AppData\Local\Temp\6342 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\598ug98u.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\5478 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\5713 Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\5270 Deleted Trojan.GenericKD.2306674 (B)
C:\Users\Jacob\AppData\Local\Temp\5535 Deleted Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\4781 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\5033 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\4398579587.exe Deleted Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\3952 Deleted Trojan.GenericKD.2297081 (B)
C:\Users\Jacob\AppData\Local\Temp\3917 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\3758 Deleted Gen:Variant.Kazy.592682 (B)
C:\Users\Jacob\AppData\Local\Temp\3532f4.exe Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\3281 Deleted Trojan.Generic.13257701 (B)
C:\Users\Jacob\AppData\Local\Temp\3505 Deleted Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\3083 Deleted Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\3472 Deleted Gen:Variant.Kazy.602889 (B)
C:\Users\Jacob\AppData\Local\Temp\3286 Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\2887 Deleted Trojan.GenericKD.2363345 (B)
C:\Users\Jacob\AppData\Local\Temp\2608 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2512 Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\2504 Deleted Gen:Variant.Kazy.601648 (B)
C:\Users\Jacob\AppData\Local\Temp\2355 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\2346 Deleted Gen:Variant.Kazy.608624 (B)
C:\Users\Jacob\AppData\Local\Temp\2067 Deleted Trojan.GenericKD.2325515 (B)
C:\Users\Jacob\AppData\Local\Temp\2145 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\1910 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\1753 Deleted Trojan.GenericKD.2257730 (B)
C:\Users\Jacob\AppData\Local\Temp\1773 Deleted Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\1666 Deleted Trojan.GenericKD.2321948 (B)
C:\Users\Jacob\AppData\Local\Temp\1525 Deleted Gen:Variant.Kazy.600516 (B)
C:\Users\Jacob\AppData\Local\Temp\1047 Deleted Trojan.GenericKD.2311656 (B)
C:\Users\Jacob\AppData\Local\Temp\1192 Deleted Trojan.GenericKD.2356848 (B)
C:\Users\Jacob\AppData\Local\Temp\1046 Deleted Gen:Variant.Kazy.598795 (B)
C:\Users\Jacob\AppData\Local\Temp\1020 Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\Windows Server\wserver.exe Deleted Gen:Variant.Kazy.608624 (B)
C:\ProgramData\msrjcv.exe Deleted Trojan.Agent.BHSL (B)
C:\ProgramData\msnbbs.exe Deleted Trojan.Agent.BHSL (B)
C:\ProgramData\msodou.exe Deleted Trojan.Agent.BHSL (B)
C:\ProgramData\msjwfg.exe Deleted Trojan.Agent.BHSL (B)
C:\ProgramData\msovj.exe Deleted Trojan.Agent.BHSL (B)
C:\ProgramData\291032\repair.exe Deleted Gen:Variant.Kazy.592682 (B)
C:\ProgramData\249995\249898\Windows Builder.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Windows Dicks.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Window Dick.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Window Server.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\svh.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Win Google Chrome.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Mozilla.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\r9fh4r8h.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\Idle Msconfig.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\igf.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\este.exe Deleted Gen:Variant.Kazy.602889 (B)
C:\ProgramData\249995\249898\FTP Windows.exe Deleted Gen:Variant.Kazy.606933 (B)
C:\ProgramData\249995\249898\7h83h.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\er7hf487h.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\4ZmIyrF.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\9r8h48h.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\e8r7h4rh.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\847hgth.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\89h98h.exe Deleted Gen:Variant.Kazy.602889 (B)
C:\ProgramData\249995\249898\38rf7h.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\498ht48h.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\249995\249898\234553.exe Deleted Gen:Variant.Kazy.598795 (B)
C:\ProgramData\127445\helpusyaer.exe Deleted Trojan.GenericKD.2311656 (B)
Value: HKEY_USERS\S-1-5-21-1255661363-3999416903-35394835-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> SVCHOST Deleted Adware.Win32.StartPage (A)


Deleted 113
 
 
RKill:
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/11/2015 04:03:58 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\249895\helper.exe (PID: 3828) [AU-HEUR]
 * C:\ProgramData\249895\helper.exe (PID: 4084) [AU-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\ProgramData\249895\helper.exe"
 


#7 CleepingBomputer

CleepingBomputer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 11 May 2015 - 03:53 PM

Alright, so I wasn't able to delete the old mbam files before downloading the new ones however it successfully ran this time and when scanned gave me this log: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/11/2015
Scan Time: 4:26:27 PM
Logfile: scan1.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jacob
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353181
Time Elapsed: 17 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe, Quarantined, [b1c8f0536d1d0c2a1150c7ac0afa7c84], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\win32.exe, Quarantined, [e29782c1b4d67bbb023ea3d6966e728e], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe, Quarantined, [5f1a9da65436ce689ac7264d996b53ad], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\win32.exe, Quarantined, [6019cd7690fab6804af6f0894eb6cb35], 
 
Registry Values: 4
PUM.UserWLoad, HKU\S-1-5-21-1255661363-3999416903-35394835-1001\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\Users\Jacob\LOCALS~1\Temp\msiqaunr.pif, Quarantined, [a4d578cbf397c6702b45e51833d07a86]
Trojan.Agent.Gen, HKU\S-1-5-21-1255661363-3999416903-35394835-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msconfig, C:\Users\Jacob\AppData\Local\Temp\Idle Msconfig.exe, Quarantined, [97e213301872df576aa836d964a144bc]
Trojan.Agent, HKU\S-1-5-21-1255661363-3999416903-35394835-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Isass, C:\Users\Jacob\AppData\Local\Temp\lsass.exe, Quarantined, [a2d721224b3f20160df86caff90be719]
Trojan.Agent, HKU\S-1-5-21-1255661363-3999416903-35394835-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchosts, C:\Users\Jacob\AppData\Local\Temp\svchost.exe, Quarantined, [a2d7241f424848ee80689b6fcb394db3]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.OpenCandy, C:\Users\Jacob\Downloads\PowerISO6-x64.exe, No Action By User, [05740b3843472f0797920efa53b3ef11], 
PUP.Optional.AZLyrics.A, C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, No Action By User, [79001a297317b77ffd003a7b9f6455ab], 
PUP.Optional.AZLyrics.A, C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, No Action By User, [3445f3503c4e86b043ba3a7b768d946c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I deleted all infected files (3 were PUP and false flags), none of which were helper.exe, restarted and was still unable to delete the old mbam files and then within the first few seconds malwarebytes gave me this message:
 
backdoor.jpg

Upon clicking it it showed the file was in quarantine and whenever deleted it pops back up after several minutes.

Any more ideas? 

Edited by CleepingBomputer, 11 May 2015 - 03:54 PM.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:11 PM

Posted 11 May 2015 - 03:59 PM

Hi there,

This is a serious issue and will require manual removal, as automated tools won't cut it. My apologies that I cannot help you further.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users