Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HitmanPro_20170402_1726.log


  • Please log in to reply
3 replies to this topic

#1 WuZiheng

WuZiheng

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 02 April 2017 - 04:30 PM

I've searched several of these files and some are supposeduly BitDefender files, others are firewall rules.
 
Completed a restart five times already and these files remain. Please advise. Thank you.
 
Malware remnants ____________________________________________________________
 
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsw.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsw.exe\ (Trojan.FakeAV)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\ (Trojan.FakeAV)
 
Cookies _____________________________________________________________________
 
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2AK1XNUY.cookie
   C:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3066NQGF.cookie
   C:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\78W8EQE0.cookie
   C:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QANJUQHJ.cookie
 
 
[/code]

Attached Files


Edited by hamluis, 02 April 2017 - 06:16 PM.
Moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:39 PM

Posted 03 April 2017 - 08:58 AM

Those files are all Bit Defender files. Do you now or in the past had BD installed?

If you want to remove those files...one of the tools offered in the link below may help.

Uninstall Bitdefender

 

The cookies....Third Party cookies...can easily be blocked from installing in your browsers. Once blocked, use CCleaner to remove

the existing ones. How to disable third-party cookies in all major web browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 WuZiheng

WuZiheng
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 03 April 2017 - 12:14 PM

Those files are all Bit Defender files. Do you now or in the past had BD installed?

If you want to remove those files...one of the tools offered in the link below may help.

Uninstall Bitdefender

 

The cookies....Third Party cookies...can easily be blocked from installing in your browsers. Once blocked, use CCleaner to remove

the existing ones. How to disable third-party cookies in all major web browsers

Yes, I currently use BitDefender, but will probably pass on it once my license expire.

 

Thank you very much for your help. I really appreciate it.



#4 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:39 PM

Posted 03 April 2017 - 12:51 PM

You're welcome....and if you need a link and instructions for using CCleaner....which I omitted in my first post...

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users