Jump to content

Search the Community

Showing results for tags 'yelloader'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. Hello, So a couple of weeks ago I downloaded an unsafe torrent and got a virus. While I initially thought I got it fixed, yesterday I ran MWB and was informed my computer was infected with Trojan.Yelloader. I quarantined it and then restarted the PC as prompted. But after running a second scan, it seems like MWB was unable to delete. How can I get this off of my PC? Thank you, Unidirectional
  2. Hello, My name is Ethan and I'd like to request help with malware/rootkit/ad/etc removal. To give you some background, I recently got infected with THIS file. It changed my browser, redirected pages to "eatyellowmango. com", changed file names to ".bat", installed bitcoin miners, 100% CPU usage, and much worse. After 10+ hours of running every AV program I knew, it's mostly gone; but I'm still having issues with what I believe is "Adware.Yelloader" and rootkit(s). I've also gotten a BSOD message three times, saying "irql_not_less_or_equal", but that stopped now. So far, I've ran the following programs: Rkill, Malwarebytes, Chameleon, Zemana, AdwCleaner, HitmanPro, SUPERAntiSpyware, Webroot SecureAnywhere, AVG, Avast, ESET Online Scanner, Sophos, EmsisoftEmergencyKit, Defogger, MiniToolBox, FRST (Logs), and FixTDSS (Unsuccessful) - and I plan to run TronScript soon. (I also ran these programs in SafeMode w/ Network) Everything seems to be normal now, except that I'm having problems running TDSSkiller, JRT, ComboFix, Malwarebytes Anti-Rootkit (Missing DDA driver + "The system inaccessible seems inaccessible or encrypted. Scan cant continue"), BitDefender, and some other normal programs such as Razer Synapse. They ask for admin privileges, but they never open afterwords. While I'm not very experienced on this topic, I believe it may be a program/virus denying me access. I'm willing to simply wipe my drives (SSD w/ win10, HDD for storage), but that's the last resort. If you could help, I'd greatly appreciate it. Thank you to anyone who reads/replies to my thread! Addition.txt FRST.txt MB Scan.txt
  3. Note Updated on October 27, 2017 If you are trying to start Malwarebytes and you receive an error message that the resource is already in use then you may be infected with Adware.Yelloader. Please follow the instructions below to remove the infection. 1. Download version 1.10.3.1001of Malwarebytes Anti Rootkit (MBAR) https://malwarebytes.app.box.com/s/flmkkcawxhohv6jf6wlkentlvycq0f3z 2. Run the exe as administrator by right clicking and select run as administrator. Click ok to extract. If Mbar wont run please download the zip copy from this article and follow the instructions at the link to get running. Then Continue at Step 3. https://support.malwarebytes.com/docs/DOC-1267 3. After extraction MBAR should start. Click next. 4. Update by hitting the update button. After the update completes hit next. 5. Hit the scan button. Please let it finish the scan. This rootkit may slow your machine down and MBAR may look like it will freeze but it will continue to scan. Please allow it to do so. If you get the following error message: Click Yes and your computer will reboot. After the reboot, the MBAR window should automatically open. Note: If your Desktop is missing/black, do not worry. This is normal. Please proceed with the remaining instructions below. Click Next followed by Next. Click Scan. If the scan successfully completes, please skip to the Remediation bullet points below. If you receive the same message, "Could not load DDA driver", click Yes. Click OK. Your computer will automatically boot into the Recovery Environment. Proceed with the instructions below afterwards. If Windows did not boot into the recovery environment hold the SHIFT key and click restart computer while holding the shift key down. You should then boot into the boot options menu. Select repair your computer from the list and follow the instructions below. If still not successfull from a command prompt in normal windows run the following command: bcdedit.exe /set {bootmgr} displaybootmenu yes Windows 7: Select your desired keyboard layout and click Next. Select your user account, enter your user account password (leave blank if you don't have one and click OK. Click Command Prompt. Windows 10: Click Troubleshoot. Click Advanced Options followed by Command Prompt. Select your account and enter your password if you have one. Command Prompt in Recovery Environment: Type the following text below into the Command Prompt and press Enter on the keyboard: C:\mbstart.cmd Note: If you encounter an error stating the command is not recognized, replace "C" with the letter "D" (e.g. D:\mbstart.cmd). Note: Repeat with each letter of the alphabet until the command successfully executes. Once the command is successfully executed, your computer will automatically boot back into Normal Mode. The MBAR window should automatically open. Click Next. Click update Click Scan Remediation: If threats are detected, click the Cleanup button. If you are prompted to restart, please hit Yes . Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop. Please attach both files in your next reply. 7. Malwarebytes functionality should be restored. You must run a Malwarebytes custom scan with rootkit on so any remaining detections are removed. This should remedy the rootkit. If you are still having issues please post in this forum or open a helpdesk ticket. Changelog: Made compatible if Malwarebytes 3 was already pre-installed. Updated bundled defintions to more recent package. Updated on 09-13-2017 for latest variants. Updated on 10-14-2017 for latest variant. Updated on 10-27-2017 for latest variant and better success with dda driver loading without Recovery environment.
  4. What is Save Serp Now? The Malwarebytes research team has determined that Save Serp Now is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Save Serp Now? You may see this entry in your list of installed programs: How did Save Serp Now get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Save Serp Now? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-{version}.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to: Launch Malwarebytes Anti-Malware Then click Finish. Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu. If an update is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Save Serp Now? No, Malwarebytes' Anti-Malware removes Save Serp Now completely. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Save Serp Now adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: () C:\Users\{username}\AppData\Roaming\ssn\ssn.exe HKCU\...\Run: [ssn] => C:\Users\{username}\AppData\Roaming\ssn\saveup.exe [29696 2016-09-21] () C:\Users\{username}\AppData\Roaming\ssn save serp now (HKCU\...\ssn) (Version: 1.22 - save serp now Corp) <==== ATTENTION Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\ssn Adds the file AccessibleMarshal.dll"="10/11/2014 3:30 AM, 11776 bytes, A Adds the file breakpadinjector.dll"="10/11/2014 3:31 AM, 66560 bytes, A Adds the file crashreporter.exe"="10/11/2014 3:31 AM, 107008 bytes, A Adds the file crashreporter.ini"="10/11/2014 2:31 AM, 4003 bytes, A Adds the file D3DCompiler_43.dll"="5/26/2010 11:41 AM, 2106216 bytes, A Adds the file d3dcompiler_46.dll"="8/2/2013 10:55 PM, 3231832 bytes, A Adds the file dependentlibs.list"="10/11/2014 3:37 AM, 118 bytes, A Adds the file freebl3.chk"="10/11/2014 3:51 AM, 899 bytes, A Adds the file freebl3.dll"="10/11/2014 3:23 AM, 323072 bytes, A Adds the file Geckofx-Core.dll"="10/16/2015 10:36 AM, 1315840 bytes, A Adds the file Geckofx-Winforms.dll"="10/16/2015 10:36 AM, 136704 bytes, A Adds the file gkmedias.dll"="10/11/2014 3:30 AM, 5001216 bytes, A Adds the file IA2Marshal.dll"="10/11/2014 3:30 AM, 30208 bytes, A Adds the file icudt52.dll"="10/11/2014 2:44 AM, 10388992 bytes, A Adds the file icuin52.dll"="10/11/2014 2:42 AM, 1015296 bytes, A Adds the file icuuc52.dll"="10/11/2014 2:40 AM, 792064 bytes, A Adds the file js.exe"="10/11/2014 3:24 AM, 3409408 bytes, A Adds the file js-gdb.py"="10/11/2014 3:24 AM, 254 bytes, A Adds the file libEGL.dll"="10/11/2014 3:27 AM, 30720 bytes, A Adds the file libGLESv2.dll"="10/11/2014 3:27 AM, 824832 bytes, A Adds the file LICENSE"="10/11/2014 2:11 AM, 389 bytes, A Adds the file mozalloc.dll"="10/11/2014 3:22 AM, 11264 bytes, A Adds the file mozglue.dll"="10/11/2014 3:22 AM, 133120 bytes, A Adds the file mozjs.dll"="10/11/2014 3:24 AM, 3357696 bytes, A Adds the file msvcp100.dll"="3/18/2010 8:15 AM, 421200 bytes, A Adds the file msvcr100.dll"="3/18/2010 8:15 AM, 770384 bytes, A Adds the file Newtonsoft.Json.dll"="12/14/2014 6:58 PM, 498176 bytes, A Adds the file Newtonsoft.Json.xml"="12/14/2014 6:58 PM, 474581 bytes, A Adds the file nss3.dll"="10/11/2014 3:23 AM, 1528832 bytes, A Adds the file nssckbi.dll"="10/11/2014 3:23 AM, 404992 bytes, A Adds the file nssdbm3.chk"="10/11/2014 3:51 AM, 899 bytes, A Adds the file nssdbm3.dll"="10/11/2014 3:23 AM, 84480 bytes, A Adds the file omni.ja"="10/11/2014 3:51 AM, 11421544 bytes, A Adds the file platform.ini"="10/11/2014 3:31 AM, 141 bytes, A Adds the file plugin-container.exe"="10/11/2014 3:39 AM, 137216 bytes, A Adds the file plugin-hang-ui.exe"="10/11/2014 3:29 AM, 19968 bytes, A Adds the file precomplete"="10/11/2014 3:51 AM, 1123 bytes, A Adds the file README.xulrunner"="10/11/2014 2:33 AM, 578 bytes, A Adds the file redit.exe"="10/11/2014 3:38 AM, 8704 bytes, A Adds the file sandboxbroker.dll"="10/11/2014 3:24 AM, 212480 bytes, A Adds the file saveup.exe"="9/21/2016 6:23 PM, 29696 bytes, A Adds the file softokn3.chk"="10/11/2014 3:51 AM, 899 bytes, A Adds the file softokn3.dll"="10/11/2014 3:23 AM, 141824 bytes, A Adds the file ssn.exe"="9/21/2016 6:24 PM, 45056 bytes, A Adds the file Uninstall.exe"="10/7/2016 12:16 PM, 98623 bytes, A Adds the file updater.exe"="10/11/2014 3:31 AM, 252416 bytes, A Adds the file version.txt"="9/21/2016 12:30 PM, 3 bytes, A Adds the file xul.dll"="10/11/2014 3:37 AM, 23289856 bytes, A Adds the file xulrunner.exe"="10/11/2014 3:38 AM, 88576 bytes, A Adds the file xulrunner-stub.exe"="10/11/2014 3:38 AM, 80384 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ssn\dictionaries Adds the file en-US.aff"="10/11/2014 2:18 AM, 3274 bytes, A Adds the file en-US.dic"="10/11/2014 2:18 AM, 622982 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ssn\gmp-fake\1.0 Adds the file fake.dll"="10/11/2014 3:28 AM, 126464 bytes, A Adds the file fake.info"="10/11/2014 2:17 AM, 98 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ssn\Update Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ASP.NET_4.0.30319\Names] "XQwxRS4JODvEc9n4jMCxPVFimNTj219uiNWHScHSxgLEjE2IGJmFMwrGYtjBnVQ54EnnMIJRfkjE4m7VDZcW6OLYKUwBNGbo2UWrykkZ0IJPGU9loXS7QR"="REG_DWORD", 2080 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ssn"="REG_SZ", "C:\Users\{username}\AppData\Roaming\ssn\saveup.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ssn] "DisplayName"="REG_SZ", "save serp now" "DisplayVersion"="REG_SZ", "1.22" "EstimatedSize"="REG_DWORD", 70151 "Publisher"="REG_SZ", "save serp now Corp" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\ssn\uninstall.exe"" [HKEY_CURRENT_USER\Software\ssn] "ID"="REG_SZ", "fd82da4c151048d89a75" "inst"="REG_SZ", "successfull" "pid"="REG_SZ", "1" "sid"="REG_SZ", "55555" "version"="REG_SZ", "138" Malwarebytes Anti-Malware log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/7/2016 Scan Time: 12:39 PM Logfile: mbamSSN.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.07.03 Rootkit Database: v2016.09.26.02 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 323967 Time Elapsed: 9 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\ssn.exe, 2864, Delete-on-Reboot, [5906890d59415bdbcc161cd32dd619e7] Modules: 0 (No malicious items detected) Registry Keys: 6 PUP.Optional.SSN, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ssn, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SearchEngage, HKLM\SOFTWARE\MICROSOFT\TRACING\saveup_RASAPI32, Quarantined, [bfa026707e1ccc6ae3783fba17ec17e9], PUP.Optional.SearchEngage, HKLM\SOFTWARE\MICROSOFT\TRACING\saveup_RASMANCS, Quarantined, [1847f6a0c8d2f73f69f2dc1da261c43c], PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SSN_RASAPI32, Quarantined, [401fecaaafeb95a1381ead17778cf30d], PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SSN_RASMANCS, Quarantined, [510e2a6cb5e5b28493c37351bd46cd33], PUP.Optional.Yelloader, HKCU\SOFTWARE\ssn, Quarantined, [8cd3b9dd485241f54ab102d2778c9a66], Registry Values: 1 PUP.Optional.SSN, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ssn, C:\Users\{username}\AppData\Roaming\ssn\saveup.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7] Registry Data: 0 (No malicious items detected) Folders: 5 PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn, Delete-on-Reboot, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\dictionaries, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\gmp-fake, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\gmp-fake\1.0, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\Update, Quarantined, [5906890d59415bdbcc161cd32dd619e7], Files: 55 PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\README.xulrunner, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\Geckofx-Winforms.dll, Delete-on-Reboot, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\msvcr100.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\AccessibleMarshal.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\breakpadinjector.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\crashreporter.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\crashreporter.ini, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\D3DCompiler_43.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\d3dcompiler_46.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\dependentlibs.list, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\freebl3.chk, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\freebl3.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\Geckofx-Core.dll, Delete-on-Reboot, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\gkmedias.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\IA2Marshal.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\icudt52.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\icuin52.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\icuuc52.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\js-gdb.py, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\js.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\libEGL.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\libGLESv2.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\LICENSE, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\mozalloc.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\mozglue.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\mozjs.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\msvcp100.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\Newtonsoft.Json.dll, Delete-on-Reboot, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\Newtonsoft.Json.xml, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\nss3.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\nssckbi.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\nssdbm3.chk, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\nssdbm3.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\omni.ja, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\platform.ini, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\plugin-container.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\plugin-hang-ui.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\precomplete, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\redit.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\sandboxbroker.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\saveup.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\softokn3.chk, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\softokn3.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\ssn.exe, Delete-on-Reboot, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\Uninstall.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\updater.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\version.txt, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\xul.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\xulrunner-stub.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\xulrunner.exe, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\dictionaries\en-US.aff, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\dictionaries\en-US.dic, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\gmp-fake\1.0\fake.dll, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.SSN, C:\Users\{username}\AppData\Roaming\ssn\gmp-fake\1.0\fake.info, Quarantined, [5906890d59415bdbcc161cd32dd619e7], PUP.Optional.WMIHijacker.ClnShrt, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q7L336SQ.txt, Quarantined, [134c415554460e2847d4f00b9c6829d7], Physical Sectors: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.