Jump to content

does anyone know what this is?


Recommended Posts

Category: SONAR Activity

Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename

 

6/1/2014 06:32:30,High,tmp438e.exe (SONAR.Heuristic.112) detected by SONAR,Restart Required,You must restart your computer.,c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe

16/12/2013 20:23:40,High,tmp64d6.exe

 

 (SONAR.Heuristic.112) detected by SONAR,Quarantined,Resolved - No Action Required,c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp64d6.exe

 

12/12/2013 23:23:11,High,tmp35f3.exe (SONAR.Heuristic.112) detected by SONAR,Quarantined,Resolved - No Action Required,c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp35f3.exe

 

i have a feeling this 'thing' on Bing is the source of repeated malware infection on my system. can someone help, please?

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.05.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Jame-DID :: USER-PC [administrator]

 

7/1/2014 21:23:38

mbam-log-2014-01-07 (21-23-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 275694

Time elapsed: 12 minute(s), 57 second(s)

 

Memory Processes Detected: 2

C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> 4748 -> Delete on reboot.

C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> 7444 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|crsscmgr (Trojan.FakeMS) -> Data: C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> Delete on reboot.

C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> Delete on reboot.

C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.05.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jame-DID :: USER-PC [administrator]
 
7/1/2014 21:23:38
mbam-log-2014-01-07 (21-23-38).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 275694
Time elapsed: 12 minute(s), 57 second(s)
 
Memory Processes Detected: 2
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> 4748 -> Delete on reboot.
C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> 7444 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|crsscmgr (Trojan.FakeMS) -> Data: C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> Delete on reboot.
C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> Delete on reboot.
C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
 
(end)



 
Link to post
Share on other sites

Hello madmanjp! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.