Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall blocking file trojan.generickd.4451061 and more


  • Please log in to reply
9 replies to this topic

#1 zimmer46

zimmer46

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 01 March 2017 - 06:16 AM

Hi there.   Time to seek the help of the good friends here at Bleeping Computer.

 

Problem on my wifes PC.    Used pretty much only for playing Everquest II.

PC runs Windows 10 and has F-Secure Safe Antivirus and Firewall running and up to date.

 

Last few evenings while playing EQ II, F-Secure has popped up saying that it blocked the download of a file on the network.  File is "trojan.generic.KD.4451061.

Searched on Google and it looked like it may be a false positive.  Ran MalwareBytes which found nothing.

 

However, looked in F-Secure's event log and found a number of entries dating back months which I have posted below.
Would appreciate some help in making sure the PC is clean.

 

Thanks in anticipation

 

Andrew

 

=========================================================

 

Mod Edit:  Removed all  links marked as potentially malicious.  Please...do not include such in a post unless requested by the person who is attempting to assist you.  If you provide the data actually requested by those trying to assist you, that will be sufficient for proper advice to be given you - Hamluis.


Edited by hamluis, 01 March 2017 - 08:00 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 01 March 2017 - 12:38 PM

FROM THE WEB: Trojan.Generic.KD got on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker. This Potentially Unwanted Program is also bundled within the custom installer on many download sites (examples: CNET, Brothersoft or Softonic), so if you have downloaded a software from these websites, chances are that Trojan.Generic.KD was installed during the software setup process.

 

Would be a good idea to scan using the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply

Since that piece of malware is known to have rootkit capability.....

 

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 06 March 2017 - 11:07 AM

Thanks for your assistance.

Log files attached below

 

# AdwCleaner v6.044 - Logfile created 06/03/2017 at 12:32:01
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Carol - RAINBOW2
# Running from : C:\Users\Carol\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Carol\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\ProgramData\Yahoo! Companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBar
[-] Key deleted: HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBHO
[-] Key deleted: HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBHO.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBHO
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FSSafeSearch.SafeSearchBHO.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-3389879355-3638455258-2838451143-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3389879355-3638455258-2838451143-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3389879355-3638455258-2838451143-1000\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}]
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}]
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{d9284e50-81fc-11da-a72b-0800200c9a66}]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{d9284e50-81fc-11da-a72b-0800200c9a66}]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{d9284e50-81fc-11da-a72b-0800200c9a66}]
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [17007 Bytes] - [06/03/2017 12:32:01]
C:\AdwCleaner\AdwCleaner[R0].txt - [8536 Bytes] - [17/10/2014 17:21:37]
C:\AdwCleaner\AdwCleaner[R1].txt - [1282 Bytes] - [18/11/2014 21:47:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [8152 Bytes] - [17/10/2014 17:22:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [1351 Bytes] - [18/11/2014 21:50:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [16126 Bytes] - [06/03/2017 12:30:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [17447 Bytes] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64 
Ran by Carol (Administrator) on 06-Mar-17 at 12:39:35.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\ProgramData\1387031512.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1407852915.bdinstall.bin (File) 
Successfully deleted: C:\Users\Carol\AppData\Roaming\wyupdate au (Folder) 
Successfully deleted: C:\Program Files (x86)\GUTDB03.tmp (File) 
 
Deleted the following from C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\10ybs5xu.default\prefs.js
user_pref(extensions.foxstart-cck@extensions.foxstart.com.install-event-fired, true);
user_pref(extensions.foxstart-cck@extensions.foxstart.com.version, 1.1);
user_pref(extensions.installedDistroAddon.foxstart-cck@extensions.foxstart.com, true);
user_pref(extensions.xpiState, {\app-profile\:{\foxstart-cck@extensions.foxstart.com\:{\d\:\C:\\\\Users\\\\Carol\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profi
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06-Mar-17 at 12:42:16.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Zemana AntiMalware 2.72.179.101 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017-3-6
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-2500K CPU @ 3.30GHz
BIOS Mode              : Legacy
CUID                   : 12912DFA33632ECDC4224D
Scan Type              : System Scan
Duration               : 20m 59s
Scanned Objects        : 154233
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : MCCABENETWORK,0,2
 
Detected Objects
-------------------------------------------------------
 
Security Center Disabled
Status             : Scanned
Object             : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart = disabled
 
Splashtop Connect
Status             : Scanned
Object             : %programfiles%\splashtop\splashtop connect for firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Splashtop Connect
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 
 
 
 
MBAR did not find any malware


#4 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 06 March 2017 - 11:46 AM

Do another scan using AdwCleaner and be sure to click on Clean when scan finishes. It often finds more during the second scan.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

After completing the above scans ...do this:

  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 07 March 2017 - 12:14 PM

# AdwCleaner v6.044 - Logfile created 07/03/2017 at 14:35:11
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-07.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Carol - RAINBOW2
# Running from : C:\Users\Carol\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [17723 Bytes] - [06/03/2017 12:32:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [819 Bytes] - [07/03/2017 14:35:11]
C:\AdwCleaner\AdwCleaner[R0].txt - [8536 Bytes] - [17/10/2014 17:21:37]
C:\AdwCleaner\AdwCleaner[R1].txt - [1282 Bytes] - [18/11/2014 21:47:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [8152 Bytes] - [17/10/2014 17:22:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [1351 Bytes] - [18/11/2014 21:50:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [16126 Bytes] - [06/03/2017 12:30:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [1577 Bytes] - [07/03/2017 14:35:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1330 Bytes] ##########
 
 
ESET found and removed

C:\Program Files (x86)\Safari\Plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Users\Carol\Downloads\PS_AIO_07_B110_USW_Full_Win_WW_140_126-4.exe a variant of Win32/Adware.Coupons.AA application
 
 
 
 
 
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 07.03.2017 17:10:07
Path starting: C:\Users\Carol\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Carol
VersionXML: 3.98is-04.03.2017
___________________________________________________________________________
 
Windows 10(6.3.14393) (x64) Professional Lang: English(0409)
Installation date OS: 21.08.2016 10:48:09
LicenseStatus: Office 15, OfficeO365ProPlusR_Subscription1 edition Timebased activation will expire :28713 minutes
LicenseStatus: Windows®, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
SystemDrive: C: FS: [NTFS] Capacity: [931 Gb] Used: [255.3 Gb] Free: [675.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Automatically download and schedule installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service is running
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.7015.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Antivirus by F-Secure (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Antivirus by F-Secure (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
F-Secure v.2.76.211.0
F-Secure CCF Reputation v.2.1.1342.0
F-Secure SafeSearch 1.11.101.0 (release) v.1.11.101.0
F-Secure CCF Scanning 1.73.275.1078 (release) v.1.73.275.1078
F-Secure Network CCF 1.04.214 v.1.04.214
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.72.101
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.30 (64-bit) v.5.30.0 Warning! Download Update
Microsoft Silverlight v.5.1.50901.0
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.5.5
QuickTime 7 v.7.78.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.3.0.3650 Warning! Download Update
Adobe Flash Player 16 NPAPI v.16.0.0.235 Warning! Download Update
Adobe Reader XI (11.0.19) v.11.0.19
------------------------------- [ Browser ] -------------------------------
Google Chrome v.56.0.2924.87
Mozilla Firefox 42.0 (x86 en-GB) v.42.0 Warning! Download Update
Safari v.5.34.57.2 Warning! This software is no longer supported.
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.56.0.2924.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.72.0.101
---------------------------- [ UnwantedApps ] -----------------------------
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
F-Secure SafeSearch 1.11.101.0 (release) v.1.11.101.0 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
 
 
 
 
 


#6 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 07 March 2017 - 01:24 PM

UNinstall or update these programs:

Java 8 Update 111 v.8.0.1110.14

Mozilla Firefox 42.0

 

Uninstall these programs:

QuickTime 7 v.7.78.80.95

Safari v.5.34.57.2

F-Secure SafeSearch 1.11.101.0

Adobe AIR v.3.3.0.3650

Adobe Flash Player 16

 

After doing the above and rebooting...please let me know if F-Secure is still giving the same warning.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 09 March 2017 - 07:58 AM

F Secure event log contains this entry
 
Harmful web site ##### blocked

Edited by Al1000, 09 March 2017 - 10:34 AM.
malicious link removed


#8 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 09 March 2017 - 08:42 AM

I downloaded the file after clicking on that link. It says it is DOS/Windows executable (application/x-ms-dos-executable)

Name of the file is projecte.dat

 

Suggest you start a new topic in the malware removal forum by following the directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


Edited by buddy215, 09 March 2017 - 08:46 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 buddy215

buddy215

  • Moderator
  • 13,097 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 09 March 2017 - 08:46 AM

I meant to add that the file is malicious as I had it scanned at Virus Total.

Results: Antivirus scan for 772153e6795f526bd7db2d3c3b7c7e0421d8fc509874cd6c3bb10e8072309495 at 2017-03-07 22:28:17 UTC - VirusTotal


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 20 March 2017 - 04:43 AM

I have created a new topic on the malware forum.  Link below.   Thanks again for your help.

 

https://www.bleepingcomputer.com/forums/t/642509/projectedat-executable-being-blocked-daily-by-antivirus/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users