Polda2018

need help pls... after scan, detect some pup pum then kms .. after all clean.. now my cd room drive is missing...

yes. everything looks good now... i just use new modem.. looks okay eventhough i install the software from new modem... so. whats next sir kevin?

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/10/18 Scan Time: 2:53 PM Log File: 840ce16c-9c72-11e8-aee4-00ff4f3a1f25.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6261 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: John-PC\John -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 245552 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 2 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 1 PUM.Optional.HomepageControl, HKU\S-1-5-21-3891046021-2157196841-152358785-1000\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HOMEPAGE, Replaced, [12965], [293330],1.0.6261 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

No.. its not about website blocking.... just detected another pum.optional.homepagecontrol. and also, i just bought my new portable modem lte... when i plug to this pc, panda usb vaccine crashed..

Today i turn on my pc again. Before i connect to modem portable. My mbam detect another pum... why this pup and pum keep comming back after clean scan.. when turn on pc and detect again.. so frustrating

final test: mbam : clean sophos av: clean panda: vacinated hitman pro 64 bit: HitmanPro 3.8.0.295 www.hitmanpro.com Computer name . . . . : JOHN-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : John-PC\John UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (31 days left) Scan date . . . . . . : 2018-08-09 09:53:38 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 1.326.758 Files scanned . . . . : 20.026 Remnants scanned . . : 237.425 files / 1.069.307 keys Malware _____________________________________________________________________ C:\ProgramData\KMSAutoS\KMSAuto Net.exe -> Quarantined Size . . . . . . . : 8.767.160 bytes Age . . . . . . . : 15.3 days (2018-07-25 01:40:30) Entropy . . . . . : 7.1 SHA-256 . . . . . : B8AEC57F7E9C193FCD9796CF22997605624B8B5F9BF5F0C6190E1090D426EE31 Needs elevation . : Yes Product . . . . . : KMSAuto Net Publisher . . . . : MSFree Inc. Description . . . : KMSAuto Net Version . . . . . : 1.4.9 RSA Key Size . . . : 1024 LanguageID . . . . : 0 Authenticode . . . : Self-signed > Kaspersky . . . . : not-a-virus:HEUR:RiskTool.MSIL.HackKMS.gen > HitmanPro . . . . : App/KMSActiv-A Fuzzy . . . . . . : 117.0 Startup C:\Windows\system32\Tasks\KMSAutoNet Forensic Cluster -0.4s C:\ProgramData\KMSAutoS\ -0.2s C:\ProgramData\KMSAutoS\bin\ -0.2s C:\ProgramData\KMSAutoS\bin\TunMirror2.exe -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.cat -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\OemVista.inf -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\ -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.cat -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.inf -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\devcon.exe -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.sys -0.0s C:\ProgramData\KMSAutoS\bin\driver\ -0.0s C:\ProgramData\KMSAutoS\bin\driver\oas_sert.cer -0.0s C:\ProgramData\KMSAutoS\bin\driver\tap0901.cer -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\ -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.inf -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\devcon.exe -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.sys -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WdfCoInstaller01009.dll -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.dll -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.sys -0.0s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\FakeClient.exe 0.0s C:\ProgramData\KMSAutoS\KMSAuto Net.exe 0.0s C:\ProgramData\KMSAutoS\kmsauto.ini 0.1s C:\Windows\System32\Tasks\KMSAutoNet Repairs _____________________________________________________________________ hosts C:\Windows\system32\drivers\etc\ Cookies _____________________________________________________________________ C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com

How do i know my portable modem infected with malware? Is it possible the malware infected my iphone if i plug the usb into the same slot that i used portable modem? Is there anything i should do more?

I ran mbam.. found pum end then i ran sophos .. all clean. Then i ran panda...

after download sophos , panda usb, then scan with mbam again.... got another pum.... here are the result Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/8/18 Scan Time: 6:47 PM Log File: d550e69b-9b00-11e8-b09c-00ff4f3a1f25.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6251 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: John-PC\John -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 245446 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 3 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 1 PUM.Optional.HomepageControl, HKU\S-1-5-21-3891046021-2157196841-152358785-1000\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HOMEPAGE, Replace-on-Reboot, [12960], [293330],1.0.6251 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 HackTool.KMS, C:\PROGRAMDATA\KMSAUTOS\BIN\KMSSS.EXE, Delete-on-Reboot, [5704], [542220],1.0.6251 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

i klik this link,, but somehow its not secure.. is it okay if i just download it? is this the link for sophos av https://secure2.sophos.com/en-us/products/free-tools/virus-removal-tool/free-download.aspx

i see.. ok i will buy a new one.. fresh open box.. then i will try again... if its detect pup and pum again... so this portable modem 100% cant use eevnthougt a new one.. correct? i have a bitdefender av and privatefirewall and also mbam premium... is there another security should i download? i will run sophos then post the log.. wait ya

i dont know how to do this ... as mention from https://www.psafe.com/en/blog/malware-can-infect-wi-fi-router/ "You can check to see if the router has been infected or not by verifying that the DNS settings are correct."

yes, kinda same like a usb flash drive.. very small.. i just use usb cable then connect to pc... so. what should i do now sir kevin? i allready quarantine those pup and pum.. shall i throw away this portable modem? do i need to fix again this pc / format again?

Oo i see.. no sir.. just leave it... lets stay on pup thread sir.. i allready post mbam and frst . I just curious why portable wifi has a malware software.. .. really need explanation about this.

hello there.. could you help me about this detection... sorry for bad english Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/7/18 Scan Time: 11:15 PM Log File: 27166a6c-9a5d-11e8-9328-c8f73367e8e0.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6241 License: Premium -System Information- OS: Windows 8 CPU: x64 File System: NTFS User: VAIO\john -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 297851 Threats Detected: 1 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 16 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 HackTool.KMS, C:\PROGRAMDATA\KMSAUTOS\BIN\KMSSS.EXE, No Action By User, [5706], [542220],1.0.6241 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)