Stolen.data

[300cpilot]

Long time paid user here and this is the first post ever in here, a testiment to the fine product you have. Tonight I was crusing the internet and all of a sudden all input from keyboard was being redirected. If you hit "g" it brought up windows search for instance. Was searching for JBoss stuff so be careful!

So I pulled the power and hoped to stop any writing to hard drive. IE10's temp folder is stored on a ram drive that is cleared upon reboot. Dataram software. Booted backup and ran MB and got this below, but it did not identify anything else. Forefront and Malwarebytes show nothing now. The file it created was full of UUID's from adobe and office? What good do these do anyone and does anyone know what the name of this malware/virus would be?

PC seams to run fine at the moment. Thanks for any input.

File contents:

######################################################

outofprocess-uuids time-stamp=40681

{00020802-0000-0000-C000-000785623046}

++++about 50 more UUID's +++++++

Scan Results:

######################################################

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.14.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

PCHere :: BACKUP [administrator]

Protection: Enabled

5/15/2013 5:25:38 PM

mbam-log-2013-05-15 (17-25-38).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 388894

Time elapsed: 1 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\PCHere\AppData\Roaming\SAS7_000.DAT (Stolen.Data) -> Quarantined and deleted successfully.

(end)

######################################################

[daledoc1]

Hello and welcome:

Please refer to this recent forum post earlier today by forum mod, Shadowwar, which might explain what you're seeing and how to resolve it: http://forums.malwar...ndpost&p=679765

HTH,

daledoc1

[300cpilot]

Many thanks, a FP on the UUID file I think is likely too. I just know that something else made my computer go nuts until I shut it off. Been making a living on fixing these things for 15 years and never seen anything like this one.