Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Confirm System Clean


deneyed
 Share

Recommended Posts

I was asked to unzip and print something for an employee... unzipped and opened what I saw as a pdf... dumb. It was a .SCR double clicked. immediately ran AVG which found nothing, and got this when running Malwarebytes, went to file location and confirmed it was downloaded today to match the known plausible malicious file. Just want to confirm I don't have anything else to worry about. 
 
After I quarantined C:\Windows\ndLJVsesQRmWBwh.exe I noticed above that another similar file was listed that I didn't previously notice and wasn't detected by the scan, with a similar icon. The same file location, named lomctyiiwuhmdrs.exe which I manually deleted.  
 
 
I tried downloading the Farber Recovery Tool and received an error about not being a valid win32 application, I double checked to make sure it was the 64bit version. 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/2/2014
Scan Time: 12:32:49 PM
Logfile: mal log.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.12.02.06
Rootkit Database: v2014.12.02.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: twilson
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354965
Time Elapsed: 28 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
Backdoor.IRCBot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\googleupdate, Quarantined, [838bd787bcc01224e809aa6efc08718f], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
PUM.Hijack.Explorer, HKU\S-1-5-21-796845957-1409082233-1801674531-4725-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoToolbarCustomize, 1, Good: (0), Bad: (1),Replaced,[9e70d985f488221406ac83d5ea1bda26]
 
Folders: 0
(No malicious items detected)
 
Files: 1
Backdoor.IRCBot, C:\Windows\ndLJVsesQRmWBwh.exe, Quarantined, [838bd787bcc01224e809aa6efc08718f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

 

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.