Confirm clean

[deneyed]

I was asked to unzip and print something for an employee... unzipped and opened what I saw as a pdf... dumb. It was a .SCR double clicked. immediately ran AVG which found nothing, and got this when running Malwarebytes, went to file location and confirmed it was downloaded today to match the known plausible malicious file. Just want to confirm I don't have anything else to worry about. 

 

After I quarantined C:\Windows\ndLJVsesQRmWBwh.exe I noticed above that another similar file was listed that I didn't previously notice and wasn't detected by the scan, with a similar icon. The same file location, named lomctyiiwuhmdrs.exe which I manually deleted.  

 

 

I tried downloading the Farber Recovery Tool and received an error about not being a valid win32 application, I double checked to make sure it was the 64bit version. 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/2/2014

Scan Time: 12:32:49 PM

Logfile: mal log.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.12.02.06

Rootkit Database: v2014.12.02.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: twilson

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 354965

Time Elapsed: 28 min, 0 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

Backdoor.IRCBot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\googleupdate, Quarantined, [838bd787bcc01224e809aa6efc08718f], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 1

PUM.Hijack.Explorer, HKU\S-1-5-21-796845957-1409082233-1801674531-4725-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoToolbarCustomize, 1, Good: (0), Bad: (1),Replaced,[9e70d985f488221406ac83d5ea1bda26]

 

Folders: 0

(No malicious items detected)

 

Files: 1

Backdoor.IRCBot, C:\Windows\ndLJVsesQRmWBwh.exe, Quarantined, [838bd787bcc01224e809aa6efc08718f], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

[Firefox]

Hello and Welcome to Malwarebytes

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

[deneyed]

Thanks Firefox, but I fail to see the relevance of your reply. Did I post something incorrectly? 

[Firefox]

.... Just want to confirm I don't have anything else to worry about.

You mentioned you want to confirm your system is clean, the only way to do that is to follow the instructions I posted above...

[deneyed]

Thanks Firefox, but I fail to see the relevance of your reply. Did I post something incorrectly? 

 

The hope was that you would explain what I failed to do correctly, I read through the link, and from what I could ascertain, I did what it described. If something needs done prior to further assistance I'll gladly do so, what is that? 

[Firefox]

The thing is you are seeking help for malware removal and to make sure your clean, that can only be done in the appropriate section of the forum, which is where I directed you to.

This section where we are now, is for issues related to the program Malwarebytes and any issues with it.

[Firefox]

I see that you have now posted in the correct section and your topic is HERE, now just wait until one of the experts picks up your topic, do not reply or add additional info until instructed to do so, also do not bump your topic as this will only prolong you getting assisted.