Jump to content

Infected with pum.hijack.startmenu


Recommended Posts

Hi

 

I started experiencing problems with hard drive "failures" that would go away when I re-booted.  Then I attempted to access the internet with Chrome and IE and neither would open to a web page.  I was able to access the internet through Firefox.  I tried to download the various files recommended on this forum and bleepingcomputer, but the files were cancelled and when I clicked to force a download, the file was empty (0 bytes), even though the file name appeared in the download file.  I purchased the premium version of malware and ran it on the computer.  It found the above malware, along with two other pup's, which I removed.  It took several re-boots but I was finally able to download Kapersky TDSS, which I ran, and it found nothing, and Rkill, which also found nothing.  I still cannot open a webpage in Chrome or IE and I'm concerned this malware is not really gone from the computer.  Upon looking at the introductory information, I tried to download the FRST file to post the log requested, and even though it downloads the file, it now says the application cannot be executed.  Is there still hope for this computer and what can I provide to help you understand what to do next?  I've included the log from the malwarebytes session for starters.

 

Thanks!

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.07.20.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17207
Owner :: OWNER-PC [administrator]

Protection: Disabled

7/20/2014 2:49:52 PM
mbam-log-2014-07-20 (14-49-52).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 593273
Time elapsed: 1 hour(s), 48 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} (PUP.Optional.FrostwireTB.A) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (PUP.Optional.FrostwireTB.A) -> Data: |ÔJf@¡­BCØt@ -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

Link to post
Share on other sites

Hello,

    

They call me TwinHeadedEagle around here, and I'll be working with you.

    

    

Before we start please read and note the following:

    

icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.

icon_arrow.gif Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.

icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.

icon_arrow.gif Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.

icon_arrow.gif Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.

icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_arrow.gif Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.

icon_arrow.gif If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

    

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!

icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

 

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;process;services-list;installedprogs;systemspecs;startupall;filesrcm;firefoxlook;chromelook;skipfix-iedefaults;ProxyEnable;a
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Attach report into your next reply.
Link to post
Share on other sites

Hi - Thanks for the reply.  I am unable to make this run.  When I open this file I get a variety of answers, from the application cannot be completed to my hard drive is corrupt, to my file downloader has failed.  Is there another way for me to access this program?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.