Adrasteia
-
Posts
3 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Adrasteia
-
-
Hello. My sister is running Malware Bytes on her computer currently and so far has found:
Vendor
PUP.Optional.SweetPacks
Location
C:\Windows\System32\ljkb\lmrn.dll
There is 8 in that location. And 1 SweetPacks in location
C:\Windows\SysWOW64\jmdp\lmrn.dll
PUP.Optional.InstallBrain
Location 1:
C:\Windows\SysWOW64\ARFC\wrtc.exe
Location 2:
C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe
PUP.Optional.BrowseForTheCause
Location:
C:\system32\tasks\BrowseForTheCauseUpdate
There is also DMUninstaller in add/remove programs she tried to remove but receives an error to contact the computer administrator. Which the administrator account is her account. Could this be an infection too?
I'll post the full log as an attachment when it's done. Thanks in advance
-
Hello,
I've used Malware Bytes for a while now and normally don't have a problem with removing stuff... until now. I've never had Registry Keys come up as infected and have no clue if they're safe to remove. Most are from PUP.Optional.OpenCandy and PUP.Optional.ASK.Gen. I'm thinking they can be removed but second opinions are good since I'm unsure. Thanks for any help
Processes: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 19PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [48f93e644348af87300016f5cb37c937],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 1PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub, , [1f22435f5c2f979f54c3c4d938ca5ea2],Files: 10PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\install.1442192940.zip, , [bf82505292f965d138f857b4639ff60a],PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\3rdparty\OCComSDK.dll, , [48f93e644348af87300016f5cb37c937],PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYD226F.tmp.1442192940\HTA\3rdparty\OCSetupHlp.dll, , [98a94b57ed9ef83e128e7c11bc48e719],PUP.Optional.OpenCandy, C:\Users\Elizabeth\AppData\Local\Temp\HYDD312.tmp.1442125352\HTA\3rdparty\OCComSDK.dll, , [63dea2006229d85e032db655c73b28d8],PUP.Optional.Winsock.WnskRST, C:\Windows\System32\plsapp64.dll, , [162bb0f2c7c4eb4b166116ca14ef7f81],PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb0828e4ec-8e23-4d6b-9dc2-dd373ec7d3e6.log, , [1f22435f5c2f979f54c3c4d938ca5ea2],PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb30b9f026-d3a3-4056-9aa6-847a39cacf0d.log, , [1f22435f5c2f979f54c3c4d938ca5ea2],PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb7d3a7dc9-b407-45e1-ac35-bbe7ef84e59a.log, , [1f22435f5c2f979f54c3c4d938ca5ea2],PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stb9ebd4803-685e-4b6f-a6a9-29caaf3b6142.log, , [1f22435f5c2f979f54c3c4d938ca5ea2],PUP.Optional.ASK.Gen, C:\Users\Elizabeth\AppData\Local\Temp\APN-Stub\Stbed116ee1-a318-4965-b864-661435122d53.log, , [1f22435f5c2f979f54c3c4d938ca5ea2],Physical Sectors: 0(No malicious items detected)(end)
SweetPacks And Other Program Removal Issues
in Resolved Malware Removal Logs
Posted
2540 threats detected
MBytes 31216.txt