Jump to content

Confirm System Clean

Recommended Posts

I was asked to unzip and print something for an employee... unzipped and opened what I saw as a pdf... dumb. It was a .SCR double clicked. immediately ran AVG which found nothing, and got this when running Malwarebytes, went to file location and confirmed it was downloaded today to match the known plausible malicious file. Just want to confirm I don't have anything else to worry about. 
After I quarantined C:\Windows\ndLJVsesQRmWBwh.exe I noticed above that another similar file was listed that I didn't previously notice and wasn't detected by the scan, with a similar icon. The same file location, named lomctyiiwuhmdrs.exe which I manually deleted.  
I tried downloading the Farber Recovery Tool and received an error about not being a valid win32 application, I double checked to make sure it was the 64bit version. 
Malwarebytes Anti-Malware
Scan Date: 12/2/2014
Scan Time: 12:32:49 PM
Logfile: mal log.txt
Administrator: Yes
Malware Database: v2014.12.02.06
Rootkit Database: v2014.12.02.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: twilson
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354965
Time Elapsed: 28 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
Backdoor.IRCBot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\googleupdate, Quarantined, [838bd787bcc01224e809aa6efc08718f], 
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUM.Hijack.Explorer, HKU\S-1-5-21-796845957-1409082233-1801674531-4725-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoToolbarCustomize, 1, Good: (0), Bad: (1),Replaced,[9e70d985f488221406ac83d5ea1bda26]
Folders: 0
(No malicious items detected)
Files: 1
Backdoor.IRCBot, C:\Windows\ndLJVsesQRmWBwh.exe, Quarantined, [838bd787bcc01224e809aa6efc08718f], 
Physical Sectors: 0
(No malicious items detected)


Link to post
Share on other sites

  • 3 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.