Safe to Remove System Files?

[dakshshah]

I just performed a quick scan using the 'Malwarebytes Anti-Malware software's pro version.

 

12 malicious objects were detected at the end of the scan. Some of the supposedly malicious contents included system files such as 'explorer.exe' and 'iexplorer.exe'.

 

Here is the log of the scan (my computer name has been removed for security reasons):

Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.25.06Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Daksh Shah :: <removed by me> [administrator]Protection: Enabled25-01-2014 10:45:21MBAM-log-2014-01-25 (10-53-55).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 292356Time elapsed: 7 minute(s), 7 second(s)Memory Processes Detected: 1C:\Users\Daksh\Systeminfo\explorer.exe (Spyware.Password) -> 4368 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPLORER.EXE (Spyware.Password) -> No action taken.HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.Registry Values Detected: 2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Explorer (Spyware.Password) -> Data: C:\Users\Daksh\Systeminfo\iexplorer.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Explorer (Spyware.Password) -> Data: C:\Users\Daksh\Systeminfo\iexplorer.exe -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 7C:\Users\Daksh\Systeminfo\explorer.exe (Spyware.Password) -> No action taken.C:\Users\Daksh\Systeminfo\iexplorer.exe (Spyware.Password) -> No action taken.C:\Users\Daksh\AppData\Local\Temp\utt9312.tmp (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Daksh\AppData\Local\Temp\uttE3CB.tmp (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Daksh\Downloads\9DBB.tmp (PUP.Optional.GoForFiles.A) -> No action taken.C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> No action taken.C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.(end)

Kindly advice at the earliest whether I should remove all the malware detected above or only some of them. Will it be safe to do so?

[kevinf80]

Hello and

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

The entries shown in the Malwarebytes log are malicious and can be removed. Also run the following diagnostic scan and post the produced logs:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!