Jump to content

what to do with these malware? thank you in advance!

Recommended Posts

Malwarebytes Anti-Malware



Database version: v2013.11.16.07


Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

natasha :: WIN7-PC [administrator]


11/17/2013 10:03:25 AM

MBAM-log-2013-11-17 (13-30-50).txt


Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 550086

Time elapsed: 3 hour(s), 22 minute(s), 54 second(s)


Memory Processes Detected: 0

(No malicious items detected)


Memory Modules Detected: 0

(No malicious items detected)


Registry Keys Detected: 17

HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> No action taken.

HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> No action taken.

HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> No action taken.

HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.

HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.

HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.


Registry Values Detected: 0

(No malicious items detected)


Registry Data Items Detected: 0

(No malicious items detected)


Folders Detected: 3

C:\Users\natasha\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\natasha\AppData\Roaming\OpenCandy\0696CB3A2639485A81672CD591135AC6 (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\natasha\AppData\Local\Temp\CT3296340 (PUP.Optional.Conduit.A) -> No action taken.


Files Detected: 17

C:\$Recycle.Bin\S-1-5-21-834847096-2813537670-1836102182-1003\$R1D65YA.exe (PUP.Optional.Somoto) -> No action taken.

C:\dzh2\layout-default.exe (Trojan.Exploit.JS) -> No action taken.

C:\dzh2\UPGRADE\layout-default.exe (Trojan.Exploit.JS) -> No action taken.

C:\Users\natasha\AppData\Local\Temp\dlm9113.tmp\FreeVideoConverterInstall.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\natasha\AppData\Local\Temp\nsw8F21.tmp\BI.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\natasha\AppData\Local\Temp\nsw8F21.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\natasha\AppData\Roaming\OpenCandy\0696CB3A2639485A81672CD591135AC6\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> No action taken.

C:\Users\natasha\Downloads\media.player.codec.pack.v4.2.8.setup.exe (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\natasha\Downloads\NexusDDL_downloader_by_NexusDDL (1).exe (PUP.Optional.Somoto) -> No action taken.

C:\Users\Win7\Desktop\shortcut\software\QQLive8.21.5165.0.exe (Backdoor.Pcclient) -> No action taken.

C:\Users\natasha\Templates\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> No action taken.

C:\Users\natasha\AppData\Local\Temp\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> No action taken.

C:\ProgramData\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> No action taken.

C:\Users\natasha\AppData\Local\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> No action taken.

C:\Users\natasha\AppData\Roaming\OpenCandy\0696CB3A2639485A81672CD591135AC6\3596.ico (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\natasha\AppData\Roaming\OpenCandy\0696CB3A2639485A81672CD591135AC6\TuneUpUtilities2013-2200319-p3v0.exe (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\natasha\AppData\Local\Temp\CT3296340\ddt.csf (PUP.Optional.Conduit.A) -> No action taken.




Link to post
Share on other sites

Re-run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.