Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible virus gmx?


  • This topic is locked This topic is locked
5 replies to this topic

#1 carefree042

carefree042

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 30 June 2015 - 11:45 AM

I ran the FARBAR Recovery Scan Tool

 

FRST and ADDITION notepad files are attached

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 01 July 2015 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
URLSearchHook: HKLM-x32 - PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll No File
URLSearchHook: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
Toolbar: HKLM-x32 - PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\assassin\AppData\Roaming\Mozilla\Firefox\Profiles\iyb7gdmm.default\searchplugins\duckduckgo.xml [2014-09-27]
U4 eabfiltr; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
Task: {73FB676F-5314-405A-B744-7898F0480100} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {93238AEC-76F0-4DEC-B496-6B3FFA2055A4} - System32\Tasks\5050 => Wscript.exe C:\Users\assassin\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\assassin\AppData\Local\Temp\launchie.vbs

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 carefree042

carefree042
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 01 July 2015 - 12:50 PM

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by assassin at 2015-07-01 10:33:46 Run:1
Running from C:\Users\assassin\Desktop
Loaded Profiles: assassin (Available Profiles: assassin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] =>
[X]
URLSearchHook: HKLM-x32 - PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll No File
URLSearchHook: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
Toolbar: HKLM-x32 - PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\tbPage.dll No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No
File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3989915655-812359490-2443386992-1000 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\assassin\AppData\Roaming\Mozilla\Firefox\Profiles\iyb7gdmm.default\searchplugins\duckduckgo.xml [2014-09-27]
U4 eabfiltr; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64;
\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
Task: {73FB676F-5314-405A-B744-7898F0480100} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {93238AEC-76F0-4DEC-B496-6B3FFA2055A4} - System32\Tasks\5050 => Wscript.exe C:\Users\assassin\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\assassin\AppData\Local\Temp\launchie.vbs

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
[X] => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{9565115d-c7d6-46d3-bd63-b67b481a4368} => value removed successfully
"HKCR\Wow6432Node\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}" => key removed successfully
HKU\S-1-5-21-3989915655-812359490-2443386992-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9ee802e8-c931-47ab-b570-aa8f791598ca} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => key removed successfully
"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9565115d-c7d6-46d3-bd63-b67b481a4368} => value removed successfully
HKCR\Wow6432Node\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368} => key not found.
HKU\S-1-5-21-3989915655-812359490-2443386992-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value removed successfully
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => key not found.
HKU\S-1-5-21-3989915655-812359490-2443386992-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-3989915655-812359490-2443386992-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3989915655-812359490-2443386992-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
HKU\S-1-5-21-3989915655-812359490-2443386992-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3989915655-812359490-2443386992-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} => value removed successfully
HKCR\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\assassin\AppData\Roaming\Mozilla\Firefox\Profiles\iyb7gdmm.default\searchplugins\duckduckgo.xml => moved successfully.
eabfiltr => Service removed successfully
MREMP50a64 => Service removed successfully
MREMPR5 => Service removed successfully
MRENDIS5 => Service removed successfully
MRESP50a64 => Service removed successfully
\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73FB676F-5314-405A-B744-7898F0480100}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73FB676F-5314-405A-B744-7898F0480100}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93238AEC-76F0-4DEC-B496-6B3FFA2055A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93238AEC-76F0-4DEC-B496-6B3FFA2055A4}" => key removed successfully
C:\Windows\System32\Tasks\5050 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5050" => key removed successfully
"C:\Users\assassin\AppData\Local\Temp\launchie.vbs" => File/Folder not found.
EmptyTemp: => 2.9 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 10:39:47 ====

 

 

MBAM Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/1/2015
Scan Time: 10:52 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.01.03
Rootkit Database: v2015.06.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: assassin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413898
Time Elapsed: 1 hr, 25 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.PageRage.A, HKU\S-1-5-21-3989915655-812359490-2443386992-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9565115D-C7D6-46D3-BD63-B67B481A4368}, , [7f18528a305ae94da4b7a0d223e051af],
PUP.Optional.PageRage.A, HKU\S-1-5-21-3989915655-812359490-2443386992-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9565115D-C7D6-46D3-BD63-B67B481A4368}, , [7f18528a305ae94da4b7a0d223e051af],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [1c7b2eaec9c146f06db227713dc8758b],
PUP.Optional.DesktopDockApp.A, HKU\S-1-5-21-3989915655-812359490-2443386992-1000\SOFTWARE\DesktopDockApp, , [2176fae2d3b763d3327156ba6c98847c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

AdwCleaner[S0].txt

# AdwCleaner v4.207 - Logfile created 01/07/2015 at 12:33:47
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : assassin - ACE
# Running from : C:\Users\assassin\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3DEFE44-9C8C-439F-96B4-DF6199C5A995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3DEFE44-9C8C-439F-96B4-DF6199C5A995}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{748C218B-36FB-44CA-B4D4-07D785E676CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PageRage
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PageRage
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PageRage Toolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [4057 bytes] - [01/07/2015 12:27:55]
AdwCleaner[S0].txt - [3246 bytes] - [01/07/2015 12:33:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3305  bytes] ##########

 

Well I noticed that there were 4 items named PUP something or another... so I'm wondering if that was my problem?

So far everything seems to be ok, but I will know more in a day or 2...

 

Thank you for taking your time to help me with this issue.
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 01 July 2015 - 01:36 PM

This was most likely the cause. It's gone.

Task: {73FB676F-5314-405A-B744-7898F0480100} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {93238AEC-76F0-4DEC-B496-6B3FFA2055A4} - System32\Tasks\5050 => Wscript.exe C:\Users\assassin\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 carefree042

carefree042
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 01 July 2015 - 01:55 PM

Thank you again for the help you have given me. You guys are awesome!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 02 July 2015 - 06:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users