Jump to content

Ant_Teh_Nee

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sadly I don't have any samples as this was on another person's computer. Maybe you could put research into the website it came from: tapochek,net (Removed period so nobody clicks it) Sorry this doesn't help.
  2. Malwarebytes is not picking up the following files during scans. Hopefully this log helps them add it to their definitions. Got permission to post this from a person I was helping on Bleepingcomputer.com/forums. Scan date . . . . . . : 2016-07-28 16:00:27 Scan mode . . . . . . : Normal Scan duration . . . . : 1m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 5 Traces . . . . . . . : 91 Objects scanned . . . : 1,189,863 Files scanned . . . . : 23,761 Remnants scanned . . : 237,015 files / 929,087 keys Malware _____________________________________________________________________ C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe -> Quarantined Size . . . . . . . : 2,499,742 bytes Age . . . . . . . : 5.9 days (2016-07-22 17:57:20) Entropy . . . . . : 7.9 SHA-256 . . . . . : 4A7457731775502A6C696FA102571F7CE0EBC9C3A9DE01DAADBA9F31A08CEDF7 Product . . . . . : Setup Factory Runtime Description . . . : Setup Application Version . . . . . : 9.5.0.0 Copyright . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation LanguageID . . . . : 1033 > Kaspersky . . . . : not-a-virus:AdWare.Win32.Amonetize.euew Fuzzy . . . . . . : 111.0 Forensic Cluster -7.6s C:\Users\Steven\AppData\Local\Temp\ads.exe -0.6s C:\Users\Steven\AppData\Local\Temp\appstart.exe -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll 0.0s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe 0.8s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe 0.8s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe 0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data 0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar 4.3s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe C:\Users\Steven\AppData\Local\Temp\appstart.exe -> Quarantined Size . . . . . . . : 5,236,472 bytes Age . . . . . . . : 5.9 days (2016-07-22 17:57:20) Entropy . . . . . : 8.0 SHA-256 . . . . . : 218714F222C5099DEE7E5DD3C7C7286CDA23EAD30C39D22E0D2A63A7E3C6E5F4 Product . . . . . : Setup Factory Runtime Description . . . : Setup Application Version . . . . . : 9.5.0.0 Copyright . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation LanguageID . . . . : 1033 > Kaspersky . . . . : not-a-virus:AdWare.Win32.Amonetize.euew Fuzzy . . . . . . : 106.0 Forensic Cluster -7.0s C:\Users\Steven\AppData\Local\Temp\ads.exe 0.0s C:\Users\Steven\AppData\Local\Temp\appstart.exe 0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe 0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll 0.6s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe 1.4s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe 1.4s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe 1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data 1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar 4.9s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe -> Deleted Size . . . . . . . : 514,048 bytes Age . . . . . . . : 5.9 days (2016-07-22 17:57:21) Entropy . . . . . : 6.9 SHA-256 . . . . . : 182075DC0DDB6B345CAD7695E9B55B5565314F5296BDEF65CFB986BFBABA3170 > Bitdefender . . . : Trojan.Agent.BWKB > Kaspersky . . . . : HEUR:Trojan.Win32.Generic > HitmanPro . . . . : Mal/Generic-S Fuzzy . . . . . . : 108.0 Forensic Cluster -8.4s C:\Users\Steven\AppData\Local\Temp\ads.exe -1.4s C:\Users\Steven\AppData\Local\Temp\appstart.exe -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll -0.8s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe -0.0s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe 0.0s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe 0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data 0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar 3.5s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe -> Quarantined Size . . . . . . . : 378,880 bytes Age . . . . . . . : 18.1 days (2016-07-10 13:59:56) Entropy . . . . . : 6.8 SHA-256 . . . . . : AA40E64435087BADE85CE96E268A920CCEFE7ED53F2E6418CA1891C6C2266508 > Bitdefender . . . : Gen:Variant.Adware.Symmi.66748 Fuzzy . . . . . . : 109.0 Startup C:\Windows\system32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49} Forensic Cluster -24.0s C:\Program Files\DAEMON Tools Lite\ -24.0s C:\Program Files\DAEMON Tools Lite\DTAgent.exe -23.8s C:\Program Files\DAEMON Tools Lite\DTLauncher.exe -23.8s C:\Program Files\DAEMON Tools Lite\Engine.dll -23.5s C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll -23.3s C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe -23.2s C:\Program Files\DAEMON Tools Lite\VDriveLib.dll -23.2s C:\Program Files\DAEMON Tools Lite\DTHelper.exe -23.2s C:\Program Files\DAEMON Tools Lite\imgengine.dll -23.1s C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe -23.1s C:\Program Files\DAEMON Tools Lite\sptdintf.dll -23.1s C:\Program Files\DAEMON Tools Lite\DTLite.exe -22.9s C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll -22.9s C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe -22.9s C:\Program Files\DAEMON Tools Lite\Extractor.exe -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\ -22.4s C:\Program Files\DAEMON Tools Lite\Profiles.ini -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\ -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll -22.4s C:\Program Files\DAEMON Tools Lite\uninst.exe -21.3s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\ -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BGR.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BIH.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHT.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CSY.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\DEU.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ESN.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FIN.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FRA.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HEB.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HUN.dll -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HYE.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\IND.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\ITA.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\JPN.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PLK.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PTB.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\RUS.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SRL.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SVE.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\TRK.dll -21.2s C:\Program Files\DAEMON Tools Lite\Lang\UKR.dll -21.2s C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\ -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.cat -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.inf -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.sys -21.1s C:\Windows\System32\drivers\dtlitescsibus.sys -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\ -18.5s C:\Windows\Inf\oem7.inf -18.5s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.cat -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.PNF -18.5s C:\Windows\Inf\oem7.PNF -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.sys -18.4s C:\Windows\System32\drivers\dtliteusbbus.sys -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.inf -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.cat -18.3s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\ -18.3s C:\Windows\Inf\oem8.inf -18.3s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.cat -18.2s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.PNF -18.2s C:\Windows\Inf\oem8.PNF -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\ -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini -15.9s C:\Windows\Prefetch\DTAGENT.EXE-464D25E0.pf -15.2s C:\Users\Steven\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico -15.0s C:\Windows\SysWOW64\GroupPolicy\gpt.ini -15.0s C:\Windows\System32\GroupPolicy\Machine\ -15.0s C:\Windows\System32\GroupPolicy\User\ -15.0s C:\Windows\System32\GroupPolicy\Machine\Registry.pol -15.0s C:\Windows\System32\GroupPolicy\GPT.INI -14.9s C:\ProgramData\ntuser.pol -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\ -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\info.dat -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\ -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\ledo -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\nifa.txt -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat1 -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat2 -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\tolido -10.6s C:\Users\Public\Documents\Daemon Tools Images\ -9.7s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\IconsCache\ 0.0s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe 0.7s C:\Windows\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}.job 0.7s C:\Windows\System32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49} 0.7s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\config.dat 2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx 2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx C:\Users\Steven\Downloads\[R.G. Mechanics] Bioshock 2\setup.exe -> Quarantined Size . . . . . . . : 2,141,964 bytes Age . . . . . . . : 4.3 days (2016-07-24 09:53:03) Entropy . . . . . : 8.0 SHA-256 . . . . . : 1D216480B0FBC1F04CE2EFB90AD1FE02D06B2B95F7CD801F19ED325D9B5B2A5A Product . . . . . : BioShock 2 Publisher . . . . : tapochek.net Description . . . : BioShock 2 Version . . . . . : 1.0.0.1 LanguageID . . . . : 0 > Bitdefender . . . : Trojan.Generic.15073150 Fuzzy . . . . . . : 110.0 Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted HKU\S-1-5-21-3332964688-1481943379-240360241-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted Link to fourms post: http://www.bleepingcomputer.com/forums/t/621398/chrome-keeps-opening-with-ads/#entry4051177 Hope this helps!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.