Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Quarantined Heur.Adv.MLB - Am I still infected?


  • Please log in to reply
13 replies to this topic

#1 drews247

drews247

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 12 April 2017 - 07:56 PM

Hi, 

 

This evening I got an alert from Norton that it blocked the download of 44d5.tmp. When I went into Norton's security history I noticed that Heur.Adv.MLB was quarantined. I was curious if I was still infected.  I have since ran CC Cleaner to clean my cookies and MBAM (free). MBAM came back negative.  

 

Please let me know what steps I should take next to see if I am still infected.

 

I am on a Windows 10 machine if that helps.

 

Thanks so much in advance.

 

 



BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:05 PM

Posted 13 April 2017 - 09:48 AM

You can find removal instructions on Norton's website here. If these steps don't work, go ahead and update this forum thread.


Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda


#3 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 13 April 2017 - 09:00 PM

The Power Eraser removed 2 bad registry keys. What should I do next?

 

Thanks



#4 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:05 PM

Posted 14 April 2017 - 10:08 AM

Go ahead and download the Junkware Removal Tool and run a scan. A log file should pop up on your desktop called JRT.txt. Paste the contents into a post.

 

Download AdwCleaner. If you are using Windows Vista/7/8/10 right click it and select Run As Administrator. Click on "Scan", then once the scan is ready click on Clean. Click on OK to close programs and restart the computer.  A text file will appear after the restart. Paste the contents into a post.

 

Both these programs will scan for malware that may be remaining on your computer.


Edited by iMacg3, 14 April 2017 - 10:10 AM.

Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda


#5 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 April 2017 - 08:06 PM

Here are my logs. Did they contain anything malicious? Please let me know what I should do next. Thanks. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Drew (Administrator) on Fri 04/14/2017 at 19:12:37.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 14 
 
Successfully deleted: C:\Users\Drew\AppData\Local\{0CC9CF93-D6FE-4136-995A-8B2A4AB5F14C} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{1BC5C28B-C29A-4F7F-AA96-97FFFC04C79C} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{33F1330C-A4F4-4A81-A3B2-71657761A6FC} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{47B63E0B-36E2-4C50-9329-28B6D70BCA78} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{4DF63854-8372-42B5-B30F-56CABAD0C02C} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{5F1C3161-1357-4B5F-B39C-F2AF55B46849} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{61C7F352-E714-4619-BE21-590D98C438B1} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{6DCD1088-3260-4B32-BCAC-39FF3C8B8F6B} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{9DB00E2C-E862-4E95-BCCC-B9FB5EAC62A8} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{B5887B67-75DE-42BA-8F0E-544AAB017724} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{CC00DB7A-D6B9-43A8-9F84-5C90F600D5B1} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{D39799F1-21D9-4EE9-8180-F3F3502B463B} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{FC020B34-1C6D-4FB8-B674-A1242B6CE1EB} (Empty Folder)
Successfully deleted: C:\Users\Drew\AppData\Local\{FF7B6D86-3E06-44CA-9A19-3E4F0319B919} (Empty Folder)
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B65D3E38D05C40ACE692F407F5AA49F2 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/14/2017 at 19:18:09.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v6.045 - Logfile created 14/04/2017 at 20:43:17
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-14.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Drew - DREW-THINKPADX
# Running from : C:\Users\Drew\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [749 Bytes] - [14/04/2017 20:43:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [1140 Bytes] - [14/04/2017 20:41:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [894 Bytes] ##########
 


#6 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:05 PM

Posted 15 April 2017 - 10:15 AM

Download the ESET Online Scanner. Run a scan with it and delete any quarantined files. To view the log file, Show hidden files and folders must be enabled. The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt. Paste the log into a post. 

This will probably be the last scan you'll have to do on your computer.


Edited by iMacg3, 15 April 2017 - 10:19 AM.

Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda


#7 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 April 2017 - 11:04 AM

Are there any options I need to check? The can won't run.

 

Thanks



#8 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:05 PM

Posted 15 April 2017 - 11:55 AM

Select the option to "Enable detection of potentially unwanted applications."

Then click scan.

kb5665_EOS2_02_PUA.png


Edited by iMacg3, 15 April 2017 - 11:56 AM.

Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda


#9 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 April 2017 - 06:17 PM

Here is my ESET log.  It looks like it didn't find anything serious. Was what JRT and Adw found serious? Thanks.

 

C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Users\Drew\Downloads\couponprinter.exe a variant of Win32/Adware.Coupons.AA application
D:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\4d524817-8465-4bc4-a6d6-0c8c9d2aca97\20160421_230002_Drew1Inc390\C\AdwCleaner\FileQuarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir a variant of Win32/Adware.Coupons.AA application
D:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\4d524817-8465-4bc4-a6d6-0c8c9d2aca97\20160421_230002_Drew1Inc390\C\Users\Drew\Downloads\couponprinter.exe a variant of Win32/Adware.Coupons.AA application
D:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\4d524817-8465-4bc4-a6d6-0c8c9d2aca97\20161106_114833_Drew1Inc542\C\Users\Drew\Downloads\couponprinter.exe a variant of Win32/Adware.Coupons.AA application


#10 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:05 PM

Posted 17 April 2017 - 09:04 AM

What JRT and AdwCleaner found was not very serious. Your computer should be clean now. Go ahead and check your downloads folder for anything you didn't download just in case.


Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda


#11 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 April 2017 - 06:37 PM

Was what Norton quarantined very serious? 

 

Are there any additional scans I need to run, or anything I need to do to clear what we did?

 

Thanks so much for your help.



#12 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:05 PM

Posted 17 April 2017 - 06:40 PM

What Norton quarantined was probably not a huge threat, just one that was bad enough to quarantine.

 

No additional scans need to be run. Delete AdwCleaner and the Junkware Removal Tool from their location on your computer. Also, remove ESET. 

 

If you notice anything suspicious on your computer anytime, go ahead and post in the Am I Infected? forum.


Edited by iMacg3, 17 April 2017 - 06:41 PM.

Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda


#13 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 April 2017 - 08:04 PM

Thanks again!



#14 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:02:05 PM

Posted 18 April 2017 - 08:36 AM

Happy to help!


Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users