To BC staff interested in this kind of stuff:
I was cleaning a computer that got infected in one shot by a multitude of Trojans. The owner claims he was trying to search for a PDF manual of a sort (he Googled it). So when he tried to open one of those "PDF" links the bad apps started installing themselves all over his Windows 7 Pro laptop that has IE, Chrome and Firefox installed. Thankfully he had MS Security Essentials installed and up to date, so a few got quarantined right away.
To clean it more thoroughly I unleashed a barrage of different tools known to mankind to get rid of the nasty stuff. This included Malwarebytes and popular Bleeping Computer downloads. All was well afterwards except that, unbeknown to me, the links he used to launch those browsers were also modified by this Trojan by incorporating a direct link appended to the original browser executable path from which a renewed attempt is made to re-infect the computer each time you'd click on it. At first I thought it was some kind of a sophisticated redirector or maybe a poisoned DNS cache. Nope, it was just a simple line that did the trick.
That's not all. While manually searching for files that I may have missed I came across the file containing the following original Trojan installation log, located in the system32 folder, named "tmplog.log". I don't know why the guys who created this stuff didn't clean it up, but here it is (attached) in all its glory, a testament to what they have done (or tried to do). There you have it now and I hope it will come useful to some when troubleshooting.
Have a nice day! You are
Edited by hamluis, 18 August 2016 - 11:42 AM.
Moved from MRL to Gen Security - Hamluis.