Jump to content

Search the Community

Showing results for tags 'infection'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 20 results

  1. Hello, I've somehow managed to get an infection (or virus I'm not sure) by falling for a suprisingly realistic "free" scam. After they logged on to my Discord they sent messages and I was able to tell that this was clearly a virus so I deleted the files that I had downloaded and they didn't come back. Today they logged on once again threatening me that they might mess up my pc. I didn't belive they had access to my whole pc but after looking around in task manager I saw fontdrvhost.exe running off somewhere I didn't recognize so I searched it up. It lead me to a thread where somebody too had their pc infected by this. As of now they removed everything on my Discord account and I'm hoping they won't mess up my whole system. I'm pretty sure it would be different for every person so it would be really cool if you guys could help me out :)
  2. Hello. I'm just a layman in programming and whole this knowledge, so forgive me if I did something wrong or omitted any detail in describing my problem. I'll try to describe it as much precisely as I can. Two days ago MB started bombarding me with notifications like this: The problem is the notification window started to pop up very often, sometimes every 2 mins. Moreover, it seems unlikely that domain wpad.toya.net.pl would be infected with trojans (it's the tv & internet provider's website domain). All these connections concern different ports, but all the port numbers start from 49 (49704, 49728, etc.). As a result it occured to me that my computer must be infected. At the beginning I checked my task scheduler but I didn't find any suspicious task. Then I used rkill tool which found no threats, just terminated one process (see the attachment, please) and scanned the system with MB but the software found nothing. Even I used ADWCleaner and Hitman Pro with the same result. So I decided to ask you for a help. I ran FRST tool and you can find all the logs below. I hope my information will be helpful, if you have more questions, please let me know. P.S. Unfortunately all my uploads failed (I don't know why) so I had to insert the logs here: Addition.txt AdwCleaner[S02].txt FRST.txt HitmanPro_20190310_1705.log malwarebyteslog.txt MLBT report.txt Rkill.txt
  3. Hi, I detected an unwanted activity on my computer. it's cold KMS connection Broker.exe. I'm on windows 10. as mention in the topic: "I'm infected - What do I do now?" after scanning with Malwarebyte which found nothing I ran farbar recovery tools here is the results: Addition.txt FRST.txt hope someone will have tie to help me. best regards Addition.txt FRST.txt
  4. The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse. Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something. I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried. I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something. I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed. Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed. Thank you very much. If you know anything, anything, please let me know it's very urgent.
  5. I just did a threat scan on my computer and I wanted to make sure if this scan was accurate. I had done a full scan last night and didn't get any results, nothing flashed earlier on my real-time protection, and I haven't gone to any unsecured/ non-HTTPS sites (I've been to Zillow, Indeed, and Great Schools.org; literally the only websites I can think of where this trojan may have come from), so I'm not sure if this is a legitimate threat or not.The threat is labeled as Trojan.Emotet.Generic , found under the C:\WINDOWS\SYSWOW64\PID.DLL and found in the HKLM\SOFTWARE folders. I've attached the log file and screenshot of the report below. May I please get some help on this? Thank you! Results 2.txt
  6. I am running Windows 10 Home on a HP machine. I suspect that my machine has become infected in the recent past and I want to clean up the malware, either by a number of removal tools or by formatting. Before doing that, I need to back up my important data, but I don't want to back up any infected files as I will be restoring them after the malware removal process is done. Now, I only have this one machine, the possibly infected one, and an external HDD that I back up my data to. But I don't want my external HDD to get infected too when I plug it in via USB cable. Is there a relatively safer way to back up my recent data to my HDD from my infected computer? At this point, I'm considering using either a Live CD/USB to boot the computer and then copy my documents, photos, videos etc to my external HDD, or back up to a cloud storage. Which of these two options will be better and safer? I have around 250 gb of data on my hard drive, so please suggest a safe backup method accordingly. ALSO, I have read on online forums that I should refrain from backing up certain file formats like .exe, .ini, .xml etc. While I know what the executable and autorun file formats are and won't be backing them up, I do not understand what script files like .php and .xml are and which kinds of files are supposed to have them. Do normal word documents (.docx), picture, video and audio file formats have any script files attached to them that I may need to worry about? Any help and suggestions will be truly appreciated as I need it urgently. Thanks in advance.
  7. The Following email is being sent from one user on an exchange server, I have run multiple scans and now running the Anti-Rootkit not picked up anything so far. Email: Please do not click the link: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Subject: Invoice is available No-046242 for month Afternoon, A invoice for you will be available on this link in your account during next 3 days. ==> hxxp://stafffinancial.com/For-Check/ Thank you, <Name of Sender> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Can Anyone help, I am actively looking into my self now: Kind Regards BluespotSam
  8. Hi I got infected and I am unable to launch farbar from normal desktop so I booted into windows recovery using a windows media USB. Then went to troubleshoot and opened Command Prompt I then than frst64.exe from command prompt and got the file i've attached I'm not sure what to do from here FRST.txt
  9. Please help me get rid of this infection. Thanks mbst-grab-results.zip
  10. Hello everyone. My computer seems to be infected by something that has turned out to be very difficult to eliminate. What happens is that a weird Japanese audio is played randomly, and when checking the audio mixer I see "Host Process for Windows Service". Of course, I can mute it there, but every time it starts to play again, I have to manually mute it, which is seriously getting on my nerves. I have scanned my computer with all the advanced options from Windows Defender, and with Malwarebytes several times, I've used the Adwcleaner tool, but none of this has been able to get rid of the problem. Upon reading the instructions in this community and attaching the log files created by the Farbar Recovery Scan Tool. I really hope somebody can help me. Thank you for your time Addition.txt FRST.txt
  11. hello i am working on windows 10 my CPU and memory are constantly working on 99% to 100% and they are highlighted in red when i open task manager nothing shows to have this huge impact ive tried virus scans , malware scans, and nothing seems to be working , i think it is some malicious malware please help mee i downloaded Malwarebytes anti malware and scanned my computer and it only found one threat which it eliminated but it didn t resolve my problem of very high cpu and memory now i am running another virus scan maybe it ll detect something PLEASE HELPPP i really need to fix my pc
  12. I have a laptop purchased in China. Has Drive the Life (flagged as malware) that I can't seem to get off my system. Any help would be appreciated. Addition.txt FRST.txt scanlogs.txt
  13. Attached are my logs. Am I infected? Can you help? 04012018 Malwarebytes Log.txt Addition.txt FRST.txt
  14. I have this problem, whenever I try to download my AMD drivers for my graphics card the Rx 480, my computer crashes during the display install. I thought that it might have been Malwarebytes thinking that what I was installing was malware, so I turn off Malwarebytes to install my drivers. It crashed anyway but I realize that Real-Time (web) Protection will not stay on and when I started up my computer, Real-Time (web) Protection and malware protection was off. I'm assuming that when I shut it down and tried to download the drivers that is when I got an infection and I need help to get rid of it. another thing that happened is that malware said that rootkit scanning was shut off Addition_04-03-2018 09.25.30.txt FRST_04-03-2018 09.25.30.txt mb-check-results.zip
  15. Hello there, So I have this malware that makes a popup to a porn site after I open Firefox browser (or possibly the computer) then disappears. I check the task manager. The popup opens a logo just like Firefox however the image is not the same and looks different. You can tell by the image I uploaded. I found out its location in my Appdata/Roaming/ComObj/update.exe Then I found out its also running a service which i will mention the name of it later after I give my laptop a restart Besides that I am assuming its a trojan of a sort as its simply is just running while your working or whatever. I disabled however it runs everytime i start up the laptop again. Now I will simply say that not one single anti-virus software or anti malware has detected it. I am sharing a copy of the file. I am an IT dude however I have no expertise when getting rid of something that cant be detected but I always do know when I am infected... I am new so please, If I have done anything wrong or posted this in the wrong place I apologize from now... Besides that any help on the matter would be greatly appreciated! Ur man THE RAGING IT dude update.7z
  16. I have this problem, whenever I try to download my AMD drivers for my graphics card the Rx 480, my computer crashes during the display install. I thought that it might have been Malwarebytes thinking that what I was installing was malware, so I turn off Malwarebytes to install my drivers. It crashed anyway but I realize that Real-Time (web) Protection will not stay on and when I started up my computer, Real-Time (web) Protection and malware protection was off. I'm assuming that when I shut it down and tried to download the drivers that is when I got an infection and I need help to get rid of it. another thing that happened is that malware said that rootkit scanning was shut off. Addition.txt FRST.txt mb-check-results.zip
  17. Recently my computer has been infected through I'm sure something I have downloaded yet I was not fast enough to catch it and my computer is suffering. This seems to be a similar situation to a forum post I read up on to find out what is happening to my computer. I have a fairly high end computer in which I should not have any lag whatsoever no matter what application(s) I am running but as of late my computer struggles simply with google chrome. I checked out my task manager to see what process was taking up almost 100% of my CPU and RAM and it was "Windows Process Manager (32 bit)" and when I expand it its about 6 processes all under the same name and when I open details it is a process sbaeouh.exe that cannot be stopped no matter what and when I try to open file location I am denied access. Screenshots are attatched below as are my FRST and Addition txts. Please help! Thanks! -Jarrod FRST.txt Addition.txt
  18. I suspect my laptop may be infected. Over the past few days I have been detecting problems: ADWCleaner has detected: [-] [C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com Malwarebytes Anti-Malware [Premium] keeps popping up a message referring to: Ad.AdservePlus TDSS Killer has detected a bad “Configuration Setting.” I keep losing my internet connection with Netgear telling me that “The DNS server isn’t responding.” Could someone kindly advise me as to whether or not my laptop has been infected? Thank you
  19. Pulling my hair out. Somewhere some $*%^ is responsible for wasting my time. I wish I could give a swift kick to their nether-regions. Just had to get that out. I have what appears to be a rootkit infection that is prohibiting me from any type of malware/antivirus install, including malwarebytes, it's anti rootkit software, as well as executing mbar.exe or mbamdor.exe in the unzip package meant to bypass using the anti rootkit installer. I am at a standstill as this infection continues to pillage my machine. Please help. I would like to buy a subscription to malwarebytes but am at a standstill. Additional symptoms include: 1) In google chrome address bar once entering text for a google search a redirection to bing.com happens, momentarily I notice the following address ( extension.citypage.today/?affID=970801784&q=exporting ) 2) The following I exported from the ESET NOD32 scans that may be of interest <?xml version="1.0" encoding="UTF-8"?> -<ESET> -<LOG> -<RECORD> <COLUMN NAME="Time">9/3/2017 10:50:24 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/6/2017 5:19:10 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/6/2017 7:39:39 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://www.support.microsoft9002bfrmsclffc8275.com.s3-website.eu-central-1.amazonaws.com</COLUMN> <COLUMN NAME="Threat">HTML/FakeAlert.MD trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">761BEA759DAA7FB0BE22C3A57BABE6B0B6248F39</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">9/11/2017 8:18:39 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/14/2017 9:42:27 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/15/2017 9:00:23 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://rkrlroen.greenworldlp.com/install?vnpksbnm=rkrlroen&libfbfti=hsszzhdb&bohbakdm=mhabztzs</COLUMN> <COLUMN NAME="Threat">JS/Chromex.Submelius.D trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">4149272F85A262C85F8BBAFB0A21B7DBDD12EBD5</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">9/19/2017 10:53:46 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/26/2017 1:29:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/30/2017 5:05:13 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/8/2017 2:14:49 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/11/2017 7:42:25 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/16/2017 10:09:24 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/20/2017 8:02:47 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/23/2017 1:25:59 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/26/2017 7:51:11 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\0G52W29J\sam_IC[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQD trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">CA7EDF9F768F218254421D588C934E449604539E</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:14:28 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\4F7ZYHKL\sci0[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQH trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">4F93521E78FF089A3B7EC105EC0454547C3B1585</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:14:25 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:46 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\TVFWQJDO\sci1[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQD trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">33D4FEE23CEA73F97B5FDF007B5BB04EF2740D10</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:17:01 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/29/2017 8:07:25 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/7/2017 10:46:41 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/7/2017 12:22:16 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://screenaddict.thewhizproducts.com/?chid=307&oid=624&subid=OPsrUvAh-h0&pubid=93855</COLUMN> <COLUMN NAME="Threat">JS/Adware.AztecMedia.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">8E2AAC64EC36923E088EE83D766DE8F58E883FE2</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/9/2017 3:22:06 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=102bf61837baccc6a2fc670ca6cce1&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">E823E5F1D6EE760C236BC1B52EA8708E67580B12</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/10/2017 12:27:13 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/11/2017 2:40:41 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://computer-52ca2.stream/view?a=AZ&pagex=0&s1=qmHgUo4gNNywKrtSqmGfaN6Ycb7aeOH3pDC6EKpQR7sCaJl0dqJQ56grG94vYGBS2XGaWoQvdofcCD6BZWAAsA,,&os=Windows&browser=Chrome&isp=Mci Communications Services inc. Dba Verizon Business&ip=71.105.31.67</COLUMN> <COLUMN NAME="Threat">HTML/FakeAlert.MD trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">19392EDDE5C73BAAF4EE026DE507C782A889A918</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/12/2017 10:07:10 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=1020615d6a7f568ed7e5f2c4edf113&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">E0B281ABFF26B62047544EDEE3E8426704AD02F0</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/13/2017 4:08:56 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/13/2017 5:23:06 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=10278e43faf02ca461531c8465cb76&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">79A25F1E8939496AAD1E4F4A1951CB7650121CC6</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> </LOG> </ESET>
  20. Hi Guys Please accept my thanks in advance for any assistance you can possibly offer me. I have noticed that I get random 'g****.tmp.exe' files loading into my windows / temp directory. These same files reappear after a manual delete and want to autorun too. Appreciate your time.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.