Jump to content

Help Multiple Trojans (filename).exe contained a virus and was deleted.


Recommended Posts

C:\Program Files\AutoComplete+ Personal\AutoComplete+ Personal.dll a variant of Win32/Toolbar.CrossRider.A application

 

C:\Program Files\AutoComplete+ Personal\Uninstall.exe Win32/Toolbar.CrossRider.B application

 

C:\System Volume Information\SystemRestore\FRStaging\Program Files\AutoComplete+ Personal\AutoComplete+ Personal.dll a variant of Win32/Toolbar.CrossRider.A application

 

C:\System Volume Information\SystemRestore\FRStaging\Program Files\AutoComplete+ Personal\Uninstall.exe Win32/Toolbar.CrossRider.B application

 

C:\Users\Sheila\Downloads\autoCompletePlus_ie_ie-installer.exe multiple threats

 

C:\Users\Sheila\Downloads\PicBadges.exe a variant of Win32/InstallCore.AZ application

 

C:\_Memeo\RecycleBin\Users\Sheila\Downloads\autoCompletePlus_ie_ie-installer.exe multiple threats

 

C:\_Memeo\RecycleBin\Users\Sheila\Downloads\PicBadges.exe a variant of Win32/InstallCore.AZ application 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v2.303 - Logfile created 07/01/2013 at 13:18:37

 

# Updated 08/06/2013 by Xplode

 

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

 

# User : Sheila - SHEILA-PC

 

# Boot Mode : Normal

 

# Running from : C:\Users\Sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7T49C6Y\adwcleaner.exe

 

# Option [Delete]

 

 

 

***** [services] *****

 

 

 

***** [Files / Folders] *****

 

 

File Deleted : C:\END

 

Folder Deleted : C:\Program Files\Conduit

 

Folder Deleted : C:\ProgramData\APN

 

Folder Deleted : C:\Users\Sheila\AppData\Local\APN

 

Folder Deleted : C:\Users\Sheila\AppData\Local\Conduit

 

Folder Deleted : C:\Users\Sheila\AppData\Local\Coupon Companion Plugin

 

Folder Deleted : C:\Users\Sheila\AppData\Local\Ilivid

 

Folder Deleted : C:\Users\Sheila\AppData\Local\PackageAware

 

Folder Deleted : C:\Users\Sheila\AppData\LocalLow\Conduit

 

Folder Deleted : C:\Users\Sheila\AppData\LocalLow\PriceGong

 

 

***** [Registry] *****

 

 

Key Deleted : HKCU\Software\APN DTX

 

Key Deleted : HKCU\Software\APN PIP

 

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

 

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

 

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

 

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

 

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

 

Key Deleted : HKCU\Software\Conduit

 

Key Deleted : HKCU\Software\InstallCore

 

Key Deleted : HKCU\Software\InstalledBrowserExtensions

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

Key Deleted : HKCU\Software\wecarereminder

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003915.BHO

 

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003915.BHO.1

 

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003915.Sandbox

 

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003915.Sandbox.1

 

Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

 

Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

 

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658

 

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282146

 

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

 

Key Deleted : HKLM\Software\Conduit

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD

 

Key Deleted : HKLM\Software\PIP

 

Key Deleted : HKLM\SOFTWARE\Software

 

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

 

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

 

 

***** [internet Browsers] *****

 

 

-\\ Internet Explorer v9.0.8112.16490

 

 

[OK] Registry is clean.

 

 

-\\ Google Chrome v27.0.1453.116

 

 

File : C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

 

[OK] File is clean.

 

 

*************************

 

 

AdwCleaner[R1].txt - [4523 octets] - [01/07/2013 13:17:44]

 

AdwCleaner[s1].txt - [4558 octets] - [01/07/2013 13:18:37]

 

 

########## EOF - C:\AdwCleaner[s1].txt - [46

Link to post
Share on other sites

  1. Results of screen317's Security Check version 0.99.68 

     

    Windows Vista Service Pack 2 x86 (UAC is enabled) 

     

    Internet Explorer 9 

     

    ``````````````Antivirus/Firewall Check:``````````````

     

    Windows Firewall Enabled! 

     

    McAfee Anti-Virus and Anti-Spyware  

     

    WMI entry may not exist for antivirus; attempting automatic update.

     

    `````````Anti-malware/Other Utilities Check:`````````

     

    Java SE Runtime Environment 6 Update 1

     

    Java version out of Date!

     

    Adobe Reader 8 Adobe Reader out of Date!

     

    Google Chrome 27.0.1453.110 

     

    Google Chrome 27.0.1453.116 

     

    ````````Process Check: objlist.exe by Laurent```````` 

     

    Trend Micro RUBotted RUBotSrv.exe 

     

    Trend Micro Web Protection Add-On TmProxy.exe 

     

    Trend Micro Web Protection Add-On TMWebProtect.exe 

     

    Trend Micro RUBotted RUBottedGUI.exe 

     

    Trend Micro Web Protection Add-On TMWebProtectTray.exe 

     

    iolo Common Lib ioloServiceManager.exe

     

    `````````````````System Health check`````````````````

     

    Total Fragmentation on Drive C: 1 %

     

    ````````````````````End of Log```
Link to post
Share on other sites

Results of screen317's Security Check version 0.99.68 

 

Windows Vista Service Pack 2 x86 (UAC is enabled) 

 

Internet Explorer 9 

 

``````````````Antivirus/Firewall Check:``````````````

 

Windows Firewall Enabled! 

 

McAfee Anti-Virus and Anti-Spyware  

 

WMI entry may not exist for antivirus; attempting automatic update.

 

`````````Anti-malware/Other Utilities Check:`````````

 

Java SE Runtime Environment 6 Update 1

 

Java version out of Date!

 

Adobe Reader 8 Adobe Reader out of Date!

 

Google Chrome 27.0.1453.110 

 

Google Chrome 27.0.1453.116 

 

````````Process Check: objlist.exe by Laurent```````` 

 

Trend Micro RUBotted RUBotSrv.exe 

 

Trend Micro Web Protection Add-On TmProxy.exe 

 

Trend Micro Web Protection Add-On TMWebProtect.exe 

 

Trend Micro RUBotted RUBottedGUI.exe 

 

Trend Micro Web Protection Add-On TMWebProtectTray.exe 

 

iolo Common Lib ioloServiceManager.exe

 

`````````````````System Health check`````````````````

 

Total Fragmentation on Drive C: 1 %

 

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Your system is all clean now! :)

 

 

 

Java update update


Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Reader update


Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools.
Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

Reading Material
How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.