Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After malware removal, pc might have some infections or damage unresolved.


  • Please log in to reply
28 replies to this topic

#1 mapotofu

mapotofu

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 19 October 2016 - 04:31 AM

Previously, I'd some malware problems involving mylucky123. In the end, I removed it successfully using tools like Malware bytes, many other tools and refreshed my pc.

 

However, when I tried installing Intel drivers, they just wouldn't install, even if I used Asus or Intel drivers. So I was redirected here. 

 

Reference threads

http://www.geekstogo.com/forum/topic/365307-mylucky123-cant-be-removed-completely-from-google-chromesolved/

 

http://www.bleepingcomputer.com/forums/t/629316/after-refreshing-pc-unable-to-install-intel-software/



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:34 AM

Posted 19 October 2016 - 03:35 PM

Hi,

 

 

Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte/I Agree)
     
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 mapotofu

mapotofu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 19 October 2016 - 05:59 PM

Okay there are 2 logs 'cos I cleaned twice... 
 

 

And the mylucky thing just keeps coming back like a darn ghost... why! :( I found it on the 3rd time... 

 

However, still can't install Intell stuff... looks like I need to clean even more thoroughly. 

 

[spoiler]# AdwCleaner v6.030 - Logfile created 20/10/2016 at 06:27:30

# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : Sora - CLARA
# Running from : C:\Users\Sora\Downloads\adwcleaner_6.030.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  QMUdisk
Service Found:  softaal
Service Found:  tsnethlpx64
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Sora\AppData\Local\DriverToolkit
Folder Found:  C:\Users\Sora\AppData\Local\tencent
Folder Found:  C:\Users\Sora\AppData\Local\Tencent
Folder Found:  C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found:  C:\Program Files\Common Files\tencent
Folder Found:  C:\Program Files\Common Files\Tencent
Folder Found:  C:\Users\Sora\AppData\Local\VirtualStore\Program Files (x86)\tencent
Folder Found:  C:\Users\Sora\AppData\Local\VirtualStore\Program Files (x86)\Tencent
Folder Found:  C:\ProgramData\tencent
Folder Found:  C:\ProgramData\TXQMPC
Folder Found:  C:\ProgramData\Tencent
Folder Found:  C:\ProgramData\Application Data\tencent
Folder Found:  C:\ProgramData\Application Data\TXQMPC
Folder Found:  C:\ProgramData\Application Data\Tencent
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found:  C:\Users\Public\Documents\tencent
Folder Found:  C:\Users\Public\Documents\Tencent
Folder Found:  C:\Program Files (x86)\DriverToolkit
Folder Found:  C:\Program Files (x86)\tencent
Folder Found:  C:\Program Files (x86)\Tencent
Folder Found:  C:\Program Files (x86)\Common Files\tencent
Folder Found:  C:\Program Files (x86)\Common Files\Tencent
Folder Found:  C:\Users\Sora\AppData\Local\Temp\tencent
Folder Found:  C:\Users\Sora\AppData\Local\Temp\Tencent
Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
 
 
***** [ Files ] *****
 
File Found:  C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
File Found:  C:\WINDOWS\SysWOW64\drivers\TS888x64.sys
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  DRIVERTOOLKIT AUTORUN
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\metnsd
Key Found:  HKLM\SOFTWARE\Classes\qmgcfiles
Key Found:  HKLM\SOFTWARE\Classes\QQLive.qlv
Key Found:  HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper
Key Found:  HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\metnsd
Key Found:  [x64] HKLM\SOFTWARE\Classes\qmgcfiles
Key Found:  [x64] HKLM\SOFTWARE\Classes\QQLive.qlv
Key Found:  [x64] HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper
Key Found:  [x64] HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{754DF2CE-51E8-4895-B53C-6381418B84AE}]
Key Found:  HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\Software\DriverToolkit
Key Found:  HKCU\Software\DriverToolkit
Key Found:  [x64] HKCU\Software\DriverToolkit
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\duba.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hotnews.duba.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duba.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao.qq.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qq.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sisoft-sandra-lite.en.softonic.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.duba.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\duba.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hotnews.duba.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duba.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao.qq.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qq.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sisoft-sandra-lite.en.softonic.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.duba.com
Key Found:  HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found:  HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
Key Found:  HKEY_CLASSES_ROOT\.qmgc
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Web data] - anidb.net
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Web data] - pomodairo.en.softonic.com
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Web data] - downloadninja.en.softonic.com
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Web data] - mangameeya.en.softonic.com
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mylucky123.com/?type=hp&ts=1475207946&z=d8809940daca0a02b9f9498gdzem3w6odeam5taz7w&from=uvc0929&uid=ST1000L
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4904 Bytes] - [30/09/2016 22:49:26]
C:\AdwCleaner\AdwCleaner[C2].txt - [2071 Bytes] - [30/09/2016 22:55:36]
C:\AdwCleaner\AdwCleaner[C3].txt - [1854 Bytes] - [30/09/2016 23:31:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [4683 Bytes] - [30/09/2016 22:48:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [2103 Bytes] - [30/09/2016 22:54:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1955 Bytes] - [30/09/2016 23:31:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [7430 Bytes] - [20/10/2016 06:27:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [7503 Bytes] ##########
 
 
 
 
Second log
 
 
# AdwCleaner v6.030 - Logfile created 20/10/2016 at 06:44:26
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : Sora - CLARA
# Running from : C:\Users\Sora\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[#] Folder deleted on reboot: C:\Users\Sora\AppData\Local\tencent
[#] Folder deleted on reboot: C:\Users\Sora\AppData\Local\Tencent
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4904 Bytes] - [30/09/2016 22:49:26]
C:\AdwCleaner\AdwCleaner[C2].txt - [2071 Bytes] - [30/09/2016 22:55:36]
C:\AdwCleaner\AdwCleaner[C3].txt - [1854 Bytes] - [30/09/2016 23:31:57]
C:\AdwCleaner\AdwCleaner[C4].txt - [8371 Bytes] - [20/10/2016 06:31:06]
C:\AdwCleaner\AdwCleaner[C5].txt - [1173 Bytes] - [20/10/2016 06:44:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [4683 Bytes] - [30/09/2016 22:48:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [2103 Bytes] - [30/09/2016 22:54:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1955 Bytes] - [30/09/2016 23:31:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [7638 Bytes] - [20/10/2016 06:27:30]
C:\AdwCleaner\AdwCleaner[S4].txt - [1798 Bytes] - [20/10/2016 06:38:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1611 Bytes] ##########
 
[/quote]

Edited by mapotofu, 19 October 2016 - 06:23 PM.


#4 boooliyooo

boooliyooo

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 19 October 2016 - 10:52 PM

Hello,

 

Can you show the error when you were installing?



#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:34 AM

Posted 20 October 2016 - 04:15 AM

Hi,

 

Please run Adwclean again run only a Scan and post the new log.

 

Do you have your Google bookmarks, etc. synchronized/backup to google servers?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 mapotofu

mapotofu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 20 October 2016 - 06:47 AM

Err... yes, I do, oops?

 

# AdwCleaner v6.030 - Logfile created 20/10/2016 at 19:07:20
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : Sora - CLARA
# Running from : C:\Users\Sora\Downloads\adwcleaner_6.030.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Sora\AppData\Local\tencent
Folder Found:  C:\Users\Sora\AppData\Local\Tencent
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mylucky123.com/?type=hp&ts=1475207946&z=d8809940daca0a02b9f9498gdzem3w6odeam5taz7w&from=uvc0929&uid=ST1000L
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4904 Bytes] - [30/09/2016 22:49:26]
C:\AdwCleaner\AdwCleaner[C2].txt - [2071 Bytes] - [30/09/2016 22:55:36]
C:\AdwCleaner\AdwCleaner[C3].txt - [1854 Bytes] - [30/09/2016 23:31:57]
C:\AdwCleaner\AdwCleaner[C4].txt - [8371 Bytes] - [20/10/2016 06:31:06]
C:\AdwCleaner\AdwCleaner[C5].txt - [1690 Bytes] - [20/10/2016 06:44:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [4683 Bytes] - [30/09/2016 22:48:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [2103 Bytes] - [30/09/2016 22:54:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1955 Bytes] - [30/09/2016 23:31:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [7638 Bytes] - [20/10/2016 06:27:30]
C:\AdwCleaner\AdwCleaner[S4].txt - [1798 Bytes] - [20/10/2016 06:38:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [2117 Bytes] - [20/10/2016 06:57:48]
C:\AdwCleaner\AdwCleaner[S6].txt - [2038 Bytes] - [20/10/2016 19:07:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2111 Bytes] ##########

Hello,

 

Can you show the error when you were installing?

Hi I really appreciate your help. The problem is very small though and is almost being fixed. :) 



#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:34 AM

Posted 20 October 2016 - 08:27 AM

Hi,

 

Try the following steps in order (important)

- reset the information that is syncing to google https://support.google.com/chrome/answer/6386691?hl=en

- run adwCleaner, Scan and make sure it clean the entry related to mylucky123.com

- run adwCleaner Scan to make sure the line is gone

- set Chrome to sync the settings again with your account


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 mapotofu

mapotofu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 21 October 2016 - 06:19 PM

Okay I've done sync stop+ scan and it works! The Lucky123 entry is gone. 

 

Only things Adaware found were these which are just shortcuts: 

 

 

 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Sora\AppData\Local\tencent
Folder Found:  C:\Users\Sora\AppData\Local\Tencent
 
Btw, are either Avast or Bitdefender antivirus free decent antivirus software? 
 
Also, still can't install Intel software. 

Edited by mapotofu, 21 October 2016 - 06:38 PM.


#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:34 AM

Posted 23 October 2016 - 03:04 PM

 

Okay I've done sync stop+ scan and it works! The Lucky123 entry is gone.

 

 

Good. Lets run another scan please.

 

 

Btw, are either Avast or Bitdefender antivirus free decent antivirus software?

 

Both programs are good and from trusted companies.

 

  • Please download Malwarebytes' Anti-Malware from here
  • Double Click the mbam-setup-2.x.x MBAM2.jpg to install the application.
  • On the last step of installation make sure you uncheck the box Enable free trial of Malwarebytes Anti-Malware Premium then click Finish.
    MBAM2_Trial.png
  • If an update is found, it will download and install the latest updates automatically if not click Update Now »
    MBAM2_Updating.png
  • Click the Settings tab, and check the box next to Scan for rootkits:
    MBAM2_Settings.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM2_Scan.png
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, it will show the results:
    MBAM2_threat-detected.jpg
  • Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    Failure to reboot normally will prevent Malwarebytes from removing all the malware.
    MBAM2_RestartPrompt.png
  • After restarting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information


  • The log is automatically saved by MBAM and can be viewed by going to the History tab, clicking on Application Logs:
    MBAM2_Log.png
  • Select (check) the box next to Scan Log. Choose the most current scan, and click on the View button:
  • In the bottom of the Scanning History Log window that opens, click on Export > Save to Text file (*.txt) button. Save the report to your Desktop.
  • Copy & Paste the entire contents of the report log in your next reply.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#10 mapotofu

mapotofu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 24 October 2016 - 05:43 AM

Adaware scan found nothing. 

 

Okay, there are 2 malwarebytes ogs. First scan found 3 PUPs which were removed. Second scan found nothing.

 

 

First scan: 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/10/2016
Scan Time: 6:00 PM
Logfile: malware1.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.24.01
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sora
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300714
Time Elapsed: 14 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.SpyHunter, C:\Users\Sora\Downloads\SpyHunter-Installer.exe, Quarantined, [5aa7debf7723082ec9b2f017c342af51], 
PUP.Optional.Plumbytes, C:\Users\Sora\Downloads\antimalwaresetup.exe, Quarantined, [42bfd9c46c2e9c9a1158756d68995ca4], 
PUP.Optional.Bundler, C:\Users\Sora\Downloads\avira-free-antivirus.exe, Quarantined, [da27811c891191a5b54d06b206fe55ab], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Second scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/10/2016
Scan Time: 6:25 PM
Logfile: malware2.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.24.01
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sora
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300216
Time Elapsed: 14 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by mapotofu, 24 October 2016 - 05:44 AM.


#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:34 AM

Posted 24 October 2016 - 12:33 PM

Hi,

 

Seems good. The problem with the installations continues?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 mapotofu

mapotofu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 25 October 2016 - 07:32 AM

Yes, the problems still persist. 

 

Thanks for all your help so far. :) 



#13 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:34 AM

Posted 25 October 2016 - 12:06 PM

You are welcome.

 

One last scan for malware...

 

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
ESET_Scan.png

  • UNCHECK the box's Remove found threats and Scan Archives.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#14 mapotofu

mapotofu
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 26 October 2016 - 01:03 AM

The log: 
 
C:\Users\Sora\AppData\Local\Temp\2S21A811.exe a variant of Win32/Tencent.G potentially unwanted application
C:\Users\Sora\Documents\MEGAsync Downloads\RootGenius_en_2.2.6 (1).exe a variant of Win32/RootGenius.B potentially unsafe application
C:\Users\Sora\Documents\MEGAsync Downloads\RootGenius_en_2.2.6.exe a variant of Win32/RootGenius.B potentially unsafe application
C:\Users\Sora\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sora\Downloads\ccsetup522.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sora\Downloads\rcsetup153.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sora\Downloads\spsetup129.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sora\Downloads\Programs\KingoRoot.exe a variant of Win32/InstallCore.AHH potentially unwanted application
C:\Users\Sora\Downloads\Programs\RootGenius_chrome_3.1.7_setup.exe a variant of Win32/RootGenius.B potentially unsafe application
C:\Users\Sora\Google Drive\Applications (1)\BearShareSetup-r0-n-bc.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Windows.old\Users\Sora\AppData\Local\Google\Chrome\User Data - Copy\Default\File System\026\t\00\00000001 a variant of Win32/RootGenius.B potentially unsafe application
C:\Windows.old\Users\Sora\AppData\Local\Google\Chrome\User Data - Copy\Default\File System\026\t\00\00000002 a variant of Win32/RootGenius.B potentially unsafe application
C:\Windows.old\Users\Sora\AppData\Local\Google\Chrome\User Data2\Default\File System\026\t\00\00000001 a variant of Win32/RootGenius.B potentially unsafe application
C:\Windows.old\Users\Sora\AppData\Local\Google\Chrome\User Data2\Default\File System\026\t\00\00000002 a variant of Win32/RootGenius.B potentially unsafe application
D:\0Windows backup]\Clara Downloads\uTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\0Windows backup]\Clara Downloads\Programs\ccsetup507_2.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\7\recup_dir.11\f1214376_netfilter2.sys a variant of Win64/NetFilter.A potentially unsafe application
D:\7\recup_dir.5\f0314408.exe Win64/HackKMS.C potentially unsafe application
D:\7\recup_dir.7\f0600528.dll Win64/HackKMS.D potentially unsafe application
D:\7\recup_dir.8\f0849648_KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application

 

 

Okay, this is sooo weird. Everything on this pc is legal. But I tend to go around downloading lots and lots of stuff and I'm afraid one of the sites/packages I downloaded from weren't legal. Anyways, "7" is a file recovery folder... weird, so weird. 

 

This has suddenly made me realise I've wayyy too many random files everywhere! My Download folder is over 20gb!!! Yikes... it's time to spring clean as much as I can. 
 



#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:34 AM

Posted 26 October 2016 - 01:20 PM


This has suddenly made me realise I've wayyy too many random files everywhere! My Download folder is over 20gb!!! Yikes... it's time to spring clean as much as I can.

 

:) You should start by deleting all the files on the ESET report, let me know if you need a script to remove the files.

 

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users