Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Recommended Posts

I was asked to unzip and print something for an employee... unzipped and opened what I saw as a pdf... dumb. It was a .SCR double clicked. immediately ran AVG which found nothing, and got this when running Malwarebytes, went to file location and confirmed it was downloaded today to match the known plausible malicious file. Just want to confirm I don't have anything else to worry about. 


After I quarantined C:\Windows\ndLJVsesQRmWBwh.exe I noticed above that another similar file was listed that I didn't previously notice and wasn't detected by the scan, with a similar icon. The same file location, named lomctyiiwuhmdrs.exe which I manually deleted.  



I tried downloading the Farber Recovery Tool and received an error about not being a valid win32 application, I double checked to make sure it was the 64bit version. 


Malwarebytes Anti-Malware



Scan Date: 12/2/2014

Scan Time: 12:32:49 PM

Logfile: mal log.txt

Administrator: Yes



Malware Database: v2014.12.02.06

Rootkit Database: v2014.12.02.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled


OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: twilson


Scan Type: Threat Scan

Result: Completed

Objects Scanned: 354965

Time Elapsed: 28 min, 0 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 1

Backdoor.IRCBot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\googleupdate, Quarantined, [838bd787bcc01224e809aa6efc08718f], 


Registry Values: 0

(No malicious items detected)


Registry Data: 1

PUM.Hijack.Explorer, HKU\S-1-5-21-796845957-1409082233-1801674531-4725-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoToolbarCustomize, 1, Good: (0), Bad: (1),Replaced,[9e70d985f488221406ac83d5ea1bda26]


Folders: 0

(No malicious items detected)


Files: 1

Backdoor.IRCBot, C:\Windows\ndLJVsesQRmWBwh.exe, Quarantined, [838bd787bcc01224e809aa6efc08718f], 


Physical Sectors: 0

(No malicious items detected)







Link to post
Share on other sites

Hello and Welcome to Malwarebytes

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Thanks Firefox, but I fail to see the relevance of your reply. Did I post something incorrectly? 


The hope was that you would explain what I failed to do correctly, I read through the link, and from what I could ascertain, I did what it described. If something needs done prior to further assistance I'll gladly do so, what is that? 

Link to post
Share on other sites

The thing is you are seeking help for malware removal and to make sure your clean, that can only be done in the appropriate section of the forum, which is where I directed you to.

This section where we are now, is for issues related to the program Malwarebytes and any issues with it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.