Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A random icon pop up on my desktop.


  • Please log in to reply
1 reply to this topic

#1 MelisaWu

MelisaWu

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 20 November 2015 - 05:14 PM

A random icon pop up on my desktop. it calls aitaobao, there are 2 files i could find in C:Local:user:admin:Appdata:Local:software and C:Local:user:admin:Appdata:Roaming.

 

avira full scan didnt find anything, Malwarebytes full scan didnt find anything, so i used EEK=emsisoft emergency kit and found 26 of them, and i dont know what are these...

 

Emsisoft Emergency Kit - Version 10.0
Last update: 11/20/2015 4:13:33 PM
User account: Admin

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:        11/20/2015 4:15:00 PM
C:\Users\Public\qiyi         detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}         detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}         detected: Application.Toolbar (A)
C:\Program Files (x86)\baidu         detected: Application.AppInstall (A)
C:\Users\Admin\AppData\Roaming\baidu         detected: Application.AppInstall (A)
C:\Users\Admin\AppData\Local\baidu         detected: Application.AppInstall (A)
C:\Users\Admin\AppData\Local\software         detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI.1         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1         detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{95B7759C-8C7F-4BF1-B163-73684A933233}         detected: Application.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{4FBBF769-ECEB-420A-B536-133B1D505C36}         detected: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}         detected: Application.AdUpd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}         detected: Application.AppInst (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}         detected: Application.AdUpd (A)

Scanned        74053
Found        26

Scan end:        11/20/2015 4:24:12 PM
Scan time:        0:09:12

 

If i removed them, will there be any problems?


Edited by MelisaWu, 20 November 2015 - 05:25 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:38 AM

Posted 21 November 2015 - 08:56 AM

Random icon on desktop, toolbar-  A installation took place on your machine.  You can have Emsisoft remove them.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users