Jump to content

Search the Community

Showing results for tags 'Trojan.Agent'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. What is ExtenBro?The Malwarebytes research team has determined that ExtenBro is adware. These adware applications display advertisements not originating from the sites you are browsing.This particular one blocks access to domains related to security software to hinder victims from installing a remediation.How do I know if my computer is affected by ExtenBro?Users may complain about being unable to reach malwarebytes.com and other AV related domains:You may see this type of task in your Scheduled Tasks:these changed DNS settings:and this entry in your list of Root certificates:How did ExtenBro get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed by a bundler.How do I remove ExtenBro?Our program Malwarebytes can detect and remove this potentially unwanted program. Due to the nature of this DNS changer you may have to change your DNS settings first. If you can't find the preferred settings on the website of your internet-service provider (ISP), you can follow the appropiate instructions on the OpenDNS site. When you are looking at the DNS settings, make sure to click Advanced and look at the DNS tab Make sure that only two of those entries are left and that they match the preferred settings that you found, before you close the Internet Connection settings menu's. Do not reboot your system yet, because the Scheduled Task will re-instate the malicious DNS settings. You may have to restart your browser to make it use the new settings. Now you should be able to reach the blocked sites again and you can continue with the instructions below. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ExtenBro? No, Malwarebytes removes ExtenBro completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the ExtenBro adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: Task: {50620101-C554-48D3-BAC6-0E9FF5466289} - System32\Tasks\Sk7661Pl => C:\Users\{username}\AppData\Local\prunld2088\he26091.exe [1387864 2019-07-10] ( ) [File not signed] Tcpip\..\Interfaces\{DCC6FDFC-344E-465D-A1F5-77B8161CA4FB}: [NameServer] 45.86.180.227,185.162.93.213,116.203.6.218,185.130.104.222,77.234.40.79 Tcpip\..\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}: [NameServer] 45.86.180.227,185.162.93.213,116.203.6.218,185.130.104.222 FF user.js: detected! => C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js [2019-07-10] C:\Windows\System32\Tasks\Sk7661Pl ( ) C:\Users\{username}\Desktop\dpo231.exe ( ) C:\Users\{username}\AppData\Local\prunld2088\he26091.exe Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\prunld2088 Adds the file he26091.exe"="7/10/2019 8:59 AM, 1387864 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default Adds the file user.js"="7/10/2019 8:59 AM, 53 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Sk7661Pl"="7/10/2019 8:59 AM, 3194 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\36509B8F624CE280E0C797F42F4A8F552A280313] "Blob"="REG_BINARY, .................. ................................................. .......................................... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters] "DisabledComponents"="REG_DWORD", 255 [HKEY_CURRENT_USER\Software\UniversalCadast] "InstRes"="REG_SZ", "1" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/10/19 Scan Time: 1:15 PM Log File: 0e88437a-a304-11e9-a395-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11482 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: METALLICA-PC\Metallica -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236345 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 5 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 Adware.ExtenBro, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\36509B8F624CE280E0C797F42F4A8F552A280313, Quarantined, [2068], [706129],1.0.11482 Adware.ExtenBro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\36509B8F624CE280E0C797F42F4A8F552A280313, Quarantined, [2068], [706129],1.0.11482 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sk9239Pl, Quarantined, [442], [698502],1.0.11482 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{03EAD71D-807C-49EE-922B-A4F7F554D25B}, Quarantined, [442], [698502],1.0.11482 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{03EAD71D-807C-49EE-922B-A4F7F554D25B}, Quarantined, [442], [698502],1.0.11482 Registry Value: 0 (No malicious items detected) Registry Data: 3 Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DCC6FDFC-344E-465D-A1F5-77B8161CA4FB}|NameServer, Replaced, [3068], [706134],1.0.11482 Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DCC6FDFC-344E-465D-A1F5-77B8161CA4FB}|NameServer, Replaced, [3068], [706135],1.0.11482 Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DCC6FDFC-344E-465D-A1F5-77B8161CA4FB}|NameServer, Replaced, [3068], [706136],1.0.11482 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\Sk9239Pl, Quarantined, [442], [698502],1.0.11482 Adware.DNSChanger, C:\USERS\METALLICA\APPDATA\LOCAL\PRUNLD8747\HE88127.EXE, Quarantined, [695], [706144],1.0.11482 Adware.DNSChanger, C:\USERS\METALLICA\DESKTOP\DPO231.EXE, Quarantined, [695], [706158],1.0.11482 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. Hi. I have high ram usage at times, I mean 70-90% and I think it's connected to malware and Malwarebytes can't pick it up, but when my windows has been up and running for few hours, it shows 2 malware threats are detected, but even if I quarantine them and delete them, nothing works, they just keep coming back. I have also tried to use ADW cleaner multiple times without any luck too since it's all come back a few minutes after windows has loaded. One thing to note is that Chrome is only using 4-5 GB of ram which is okay, but the task manager shows over 70% even at sometimes 90% so there might be something running in the background which is hidden. I really hope we can fix this since this really destroys my PC experience and I can't wait to get down to bussines. Thank you. FRST.txt Addition.txt
  3. What is CPUID CPU-Z?The Malwarebytes research team has determined that CPUID CPU-Z is a trojan.This particular one injects downloaded JavaScript (JS) files into browser sessions and sets a proxy accompanied with a false SSL certificate to perform a man-in-the-middle (MITM) attack.How do I know if my computer is affected by CPUID CPU-Z?You may see this entry in your list of installed software:and this icon in your startmenu and on your desktop:How did CPUID CPU-Z get on my computer?Trojans use different methods for distributing themselves. This particular one was bundled with other software.How do I remove CPUID CPU-Z?Our program Malwarebytes can detect and remove this malware. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of CPUID CPU-Z? No, Malwarebytes removes CPUID CPU-Z completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the CPUID CPU-Z hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and it blocks the domains where the trojn was downloaded from by the bundler: and even if you should get infected it blocks the exploit that the trojan uses to perform the man-in-the-middle attack: Technical details for expertsPossible signs in FRST logs: (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe.bak (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe ProxyEnable: [S-1-5-21-{user GUID}] => Proxy is enabled. ProxyServer: [S-1-5-21-{user GUID}] => http=127.0.0.1:8080;https=127.0.0.1:8080 R2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [9875968 2018-04-10] (Microsoft Corporation) [File not signed] C:\Users\Public\Desktop\CPUID CPU-Z.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID C:\Program Files\CPUID CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) FirewallRules: [TCP Query User{D3E7F7AC-72C7-4000-8B93-DD0DA199AD56}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Allow) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe FirewallRules: [UDP Query User{79ED0071-EA4B-4214-BD80-E472E1505F7A}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Allow) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\CPUID\CPU-Z Adds the file cpuz.exe"="12/20/2017 1:10 PM, 3517688 bytes, A Adds the file cpuz.ini"="12/20/2017 1:15 PM, 594 bytes, A Adds the file cpuz_eula.txt"="8/12/2015 8:57 PM, 7651 bytes, A Adds the file cpuz_readme.txt"="12/20/2017 1:14 PM, 26325 bytes, A Adds the file unins000.dat"="4/10/2018 8:40 AM, 3245 bytes, A Adds the file unins000.exe"="4/10/2018 8:40 AM, 725157 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Audio Adds the file winamgr.exe"="4/10/2018 8:40 AM, 9875968 bytes, A Adds the file winamgr.exe.bak"="1/29/2018 2:03 PM, 9342976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\GPR\browser Adds the file svchostctl.exe"="4/10/2018 8:40 AM, 216576 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\GPR\func Adds the file ca.crt"="4/10/2018 8:40 AM, 1094 bytes, A Adds the file ca.key"="4/10/2018 8:40 AM, 887 bytes, A Adds the file cert8.db"="4/10/2018 8:40 AM, 65536 bytes, A Adds the file certutil.exe"="4/10/2018 8:40 AM, 103936 bytes, A Adds the file chrome.exe"="4/10/2018 8:40 AM, 140736 bytes, A Adds the file freebl3.dll"="4/10/2018 8:40 AM, 222208 bytes, A Adds the file key3.db"="4/10/2018 8:40 AM, 16384 bytes, A Adds the file libnspr4.dll"="4/10/2018 8:40 AM, 199680 bytes, A Adds the file libplc4.dll"="4/10/2018 8:40 AM, 14336 bytes, A Adds the file libplds4.dll"="4/10/2018 8:40 AM, 12288 bytes, A Adds the file libvlc.dll"="4/10/2018 8:40 AM, 87040 bytes, A Adds the file libvlcwk.dll"="4/10/2018 8:40 AM, 195072 bytes, A Adds the file msvcr100.dll"="4/10/2018 8:40 AM, 773968 bytes, A Adds the file nss3.dll"="4/10/2018 8:40 AM, 798720 bytes, A Adds the file nssckbi.dll"="4/10/2018 8:40 AM, 370176 bytes, A Adds the file nssdbm3.dll"="4/10/2018 8:40 AM, 108544 bytes, A Adds the file nssutil3.dll"="4/10/2018 8:40 AM, 93696 bytes, A Adds the file secmod.db"="4/10/2018 8:40 AM, 16384 bytes, A Adds the file smime3.dll"="4/10/2018 8:40 AM, 97792 bytes, A Adds the file softokn3.dll"="4/10/2018 8:40 AM, 172544 bytes, A Adds the file sqlite3.dll"="4/10/2018 8:40 AM, 423936 bytes, A Adds the file ssl3.dll"="4/10/2018 8:40 AM, 190976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\GPR\network Adds the file default_cse.js"="4/10/2018 8:40 AM, 5900 bytes, A Adds the file general.js"="4/10/2018 8:40 AM, 2252 bytes, A Adds the file svcnetwk.exe"="4/10/2018 8:40 AM, 11952128 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z Adds the file CPU-Z.lnk"="4/10/2018 8:40 AM, 893 bytes, A Adds the file Edit CPU-Z Config File.lnk"="4/10/2018 8:40 AM, 893 bytes, A Adds the file Uninstall CPU-Z.lnk"="4/10/2018 8:40 AM, 917 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file CPUID CPU-Z.lnk"="4/10/2018 8:40 AM, 869 bytes, A In the existing folder C:\Users\Public\Documents Adds the file {DE764086-1C0A-4DD3-90BA-0B93BDD794BE}"="4/10/2018 8:41 AM, 34 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail] "ChannelId"="REG_SZ", "icbusa20" [HKEY_LOCAL_MACHINE\SOFTWARE\CPUID\CPU-Z] "PATH"="REG_SZ", "C:\Program Files\CPUID\CPU-Z" "PRODUCT_NAME"="REG_SZ", "CPUID CPU-Z" "VERSION"="REG_SZ", "1.82.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\483A0ECB697A7E8FE5FB5DBCA52C7F82D70D8239] "Blob"="REG_BINARY, ................ ...........................................................................................................................................................................................................K........................................................................................................................................................................................ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\CPUID\CPU-Z\cpuz.exe" "DisplayName"="REG_SZ", "CPUID CPU-Z 1.82.1" "DisplayVersion"="REG_SZ", "1.82.1" "EstimatedSize"="REG_DWORD", 4166 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\CPUID\CPU-Z" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "CPUID\CPU-Z" "Inno Setup: Language"="REG_SZ", "default" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180410" "InstallLocation"="REG_SZ", "C:\Program Files\CPUID\CPU-Z\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 82 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\CPUID\CPU-Z\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\CPUID\CPU-Z\unins000.exe"" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 82 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CPUZ] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winamgr] "Description"="REG_SZ", "Windows Audio Manager" "Display"="REG_SZ", "Windows Audio Manager" "DisplayName"="REG_SZ", "Windows Audio Manager" "ErrorControl"="REG_DWORD", 0 "ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe" -s" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"= REG_DWORD, 1 "ProxyServer"="REG_SZ", "http=127.0.0.1:8080;https=127.0.0.1:8080" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/10/18 Scan Time: 8:54 AM Log File: fdd2c3b4-3c8b-11e8-87ee-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4674 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 245556 Threats Detected: 46 Threats Quarantined: 46 Time Elapsed: 2 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe, Quarantined, [1117], [505207],1.0.4674 Module: 3 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\WINDOWS\AUDIO\WINAMGR.EXE, Quarantined, [383], [489320],1.0.4674 Registry Key: 2 Trojan.Egguard.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [1117], [-1],0.0.0 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\winamgr, Quarantined, [383], [489320],1.0.4674 Registry Value: 6 Trojan.Egguard.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.FakeMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINAMGR|IMAGEPATH, Quarantined, [3025], [506363],1.0.4674 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\GPR, Quarantined, [1117], [505207],1.0.4674 File: 29 Trojan.Egguard.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\GPR\NETWORK\GENERAL.JS, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\ca.crt, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\ca.key, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\cert8.db, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\certutil.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\chrome.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\freebl3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\key3.db, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libnspr4.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libplc4.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libplds4.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libvlc.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libvlcwk.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\msvcr100.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nss3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nssckbi.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nssdbm3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nssutil3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\secmod.db, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\smime3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\softokn3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\sqlite3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\ssl3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\default_cse.js, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\WINDOWS\AUDIO\WINAMGR.EXE, Quarantined, [383], [489320],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\USERS\{username}\DESKTOP\CPU-Z.EXE, Quarantined, [1117], [505199],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\DOWNLOADS\CPU-Z.EXE, Quarantined, [1117], [505199],1.0.4674 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. Hi, MBAM has failed to quarantine/remove three identified trojan viruses several times today. I checked some sources and saw that it was recommended that I try MBAM Anti-Rootkit Beta to solve this, so I installed and ran it. It located the files and I selected to clean them and restarted my laptop, but if I run Anti-Rootkit or MBAM again it still detects the same files and MBAM still fails to quarantine them. I also tried running the scans and quarantining from Safe Mode, but that did not change the results. Any suggestions? Addition.txt FRST.txt Threat Scan Log.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.