Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


FRST download attempts crashing browser repeatedly (see post "attack via windows

  • This topic is locked This topic is locked
1 reply to this topic

#1 MrHappyPants


  • Members
  • 33 posts
  • Gender:Male
  • Local time:05:22 PM

Posted 09 October 2017 - 03:36 PM

Original post mistakenly made to



I've completed up to the steps outlined here, in previous posts (was directed to begin new thread here)


However, my browser now crashes upon attempting to open any link promising a download of the FRST scan-from this site, as well as:








I'm literally unable to click the links without Firefox crashing immediately. It would seem obvious that malware's responsible.


Any ideas?


I've yet to delete the malware (trojans/rootkits/various PUPs) turned up by Malwarebytes. They are quarantined, however.


Help! Any other options as to how to proceed/get the FRST scan downloaded?

Existing scanlogs


-Log Details-
Scan Date: 9/29/17
Scan Time: 5:38 PM
Log File: f39e2f30-a566-11e7-8fe6-00ffcf58dc79.json
Administrator: Yes

-Software Information-
Components Version: 1.0.188
Update Package Version: 1.0.2917
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: CrappyPC\Mary

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316627
Threats Detected: 11
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\38207d93\SHELL\OPEN\COMMAND, No Action By User, [1378], [261826],1.0.2917
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\cqekijyt\SHELL\OPEN\COMMAND, No Action By User, [1378], [261826],1.0.2917

Registry Value: 4
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\38207d93\SHELL\OPEN\COMMAND|, No Action By User, [1378], [261826],1.0.2917
Rootkit.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001_Classes\cqekijyt\SHELL\OPEN\COMMAND|, No Action By User, [1378], [261826],1.0.2917
Trojan.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^PYOG, No Action By User, [364], [262349],1.0.2917
Trojan.Fileless.MTGen, HKU\S-1-5-21-1992209377-382255440-3143550161-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^AGEC, No Action By User, [364], [262349],1.0.2917

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.Converter, C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\jetpack\@Converter\simple-storage, No Action By User, [7828], [386988],1.0.2917

File: 3
PUP.Optional.Converter, C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\obg29jn7.default\jetpack\@Converter\simple-storage\store.json, No Action By User, [7828], [386988],1.0.2917
PUP.Optional.OpenCandy, C:\USERS\MARY\DESKTOP\M\MARCO\HIJACKTHIS-D2C.EXE, No Action By User, [520], [297667],1.0.2917

Physical Sector: 0
(No malicious items detected)

BC AdBot (Login to Remove)


#2 JSntgRvr


    Master Surgeon General

  • Malware Response Team
  • 11,929 posts
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:22 PM

Posted 10 October 2017 - 07:18 PM

Closing duplicate.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users