Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Detected Trojan Malwarebytes and MSE


Recommended Posts

Hey whats going on, I just ran a scan on malwarebytes and it found 1 trojan called "Trojan.Agent.ED" deleted that and rescanned and luckily it didnt pop back up (For some reason it auto quarantined without me doing anything the first time.) After this I proceeded to do a full scan with MSE and found a trojan called Trojan:Win32/Peaac.gen!A!Plock and proceeded to delete that and rescan in MSE and everything came up clean. Are there any additional measures I should take or is that efficient enough to get rid of this? Thanks in advanced ! :)

Link to post
Share on other sites

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Can you please post the MBAM log?

Ppen MBAM and click on the History tab > Application Logs.

Double click on the latest Scan log and click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

 

Also please show me the history of Microsoft Security Essentials.

Open Microsoft Security Essentials.

Select the History tab, located on the Microsoft Security Essentials homepage.

Click on All detected items and click on the threat named Trojan:Win32/Peaac.gen!A!Plock and move the slider down so I can see the full description of the detection including the file path.

Take a screenshot of the window. Upload the screenshot at http://imgur.com/ and post the link in your next reply as well.

 

 

 

STEP 2

 

 

Next please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi

Link to post
Share on other sites

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/16/2014Scan Time: 12:08:50 PMLogfile: Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.11.16.03Rootkit Database: v2014.11.12.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: BobbyScan Type: Threat ScanResult: CompletedObjects Scanned: 333420Time Elapsed: 3 min, 58 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)

heres the MBAM log, I just rescanned before I sent this ^

 

and with MSE I accidentally removed Win/32Peaac.gemn!A!Plock from "All detected items" is there a way I can get the necessary info from even viewer or is that unnecessary?

 

and for some reason when I goto http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82 and try to download the smartscreen filter is telling me "this program might harm your computer" should I still proceed?

Thanks for your time

Link to post
Share on other sites

Hi,

 

I need to see the previous log from MBAM where MBAM detected the threat.

Can you post the scan results where MBAM detected it?

 

Oh...I wanted to see the detected entry by MSE as well. I don't think there is a way to undo the process.

Check if you can find the logs from MSE here:

 

C:\ProgramData\Microsoft\Microsoft Antimalware\Support
C:\ProgramData\Microsoft\Microsoft Security Essentials\Support

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

FRST is a safe program and it is safe to continue. :)

 

 

Regards,

Georgi

Link to post
Share on other sites

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/7/2014Scan Time: 12:40:32 AMLogfile: Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.11.07.01Rootkit Database: v2014.11.01.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: BobbyScan Type: Threat ScanResult: CompletedObjects Scanned: 333169Time Elapsed: 3 min, 58 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 1Trojan.Agent.ED, C:\Users\Bobby\AppData\Local\Temp\Low\tmpCBAA.exe, Quarantined, [846941f783f98aaccaa1ddffa45d45bb], Physical Sectors: 0(No malicious items detected)(end)

Sorry for the delay, attached is the MBAM log.

Link to post
Share on other sites

Hello,

 

I am sorry about the delay. For some reason I didn't receive notifications about your reply.

The logs are clean. There are only a few remnants that can be removed:

 

 

STEP 1

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 3

 

 

I'd like to scan your machine with ESET OnlineScan
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

Let me know for any remaining issues.

 

 

Regards,

Georgi

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.