Jump to content

Threats found


Recommended Posts

Hi, new user here. I just downloaded Malwarebytes and ran a scan. It found quite a lot of stuff as I was expecting it too after I stupidly downloaded some free software from a bad website. It detected 75 threats (by the way, Spybot didn't find any) and I know they were real threats because because they related to malware with the same name that I had already removed manually in the registry and from the Program Files. When I clicked "Remove" however, it could only quarantine 72 of the 75 items. I then ran the program again in Safe Mode and it found another 5 threats, but this time could only quarantine 2 of 5. Any ideas???

 

I saved a copy of the original threat list it found if this helps?

 

Thanks

Link to post
Share on other sites

Update: I just went back to the computer where I ran the scan in Safe Mode. The quarantine screen has now changed from "2 threat(s) successfully quarantined" to "5 threat(s) successfully quarantined". I didn't realize the quarantine process was still working while that screen was displayed! I'll run the scan again and see if any others are left. Great program!

Link to post
Share on other sites

Hello yeknodano and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Hi,

 

further to my previous post (https://forums.malwarebytes.org/index.php?/topic/168106-not-all-threats-quarantined/), I was advised by user Maniac to start a new thread here and to copy and paste the MBAM report. Unfortunately I made a few changes before I saw the recommendations. I've already used MBAM to quarantine the items, but here's the log anyway. Doesn't look great, so I'm worried I may still have infections. I'm posting this from a different PC:

 

 

 

Processes: 1
PUP.Optional.Elex, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1828, , [5c46820db9d1eb4b48b57203a25ebd43]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 12
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [5c46820db9d1eb4b48b57203a25ebd43], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [acf67b14bcce56e02f4471de2fd49070], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [acf67b14bcce56e02f4471de2fd49070], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [acf67b14bcce56e02f4471de2fd49070], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [acf67b14bcce56e02f4471de2fd49070], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [acf67b14bcce56e02f4471de2fd49070], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [acf67b14bcce56e02f4471de2fd49070], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, , [317176195c2e6fc784ed05d60ff457a9], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, , [356dc9c63a50a69079abe8670ef75ca4], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, , [8e1488077f0b0c2a178afdf2a65d3ac6], 
PUP.Optional.IHProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [544e8c03167449ed3b356f6ca75c916f], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [faa8454a1f6be056a8d061848380f709], 
 
Registry Values: 14
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.oursurfing.com/web/?type=dspp&ts=1430381026&z=359f6ade42b4c72e295d259g2z2cfe7c6bbg5e3gbb&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&q={searchTerms},, [d9c91b748dfd1b1bb0a41949d82dc63a]
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, , [a8fac8c7a2e860d6a3b13d25eb1a50b0]
PUP.Optional.SafeSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4B51C980-C6B0-11E1-9136-AED16088709B}|FaviconUrl, http://www.safesearch.net/favicon.ico, , [aaf8a7e86e1c0a2c022882dfaf5603fd]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, 2sq, , [8e1488077f0b0c2a178afdf2a65d3ac6]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [9b07444bb5d5b97db0a393cf0bfa33cd]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1CB75BFB-0F90-4483-8B5C-C89DF0130869}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [960c2d629ded4de9ed66cf93ee17a858]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [a5fdf699b6d4cc6a312200622fd6a45c]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, http://www.oursurfing.com//favicon.ico, , [ebb7c4cb4c3efe38d380b9a982839d63]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4B51C980-C6B0-11E1-9136-AED16088709B}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [9c06058a39510f2787cc4022dc29e61a]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{95B7759C-8C7F-4BF1-B163-73684A933233}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [663cd1be79111e1866ed9cc67491c23e]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{96616373-A120-42B9-BD9A-F09D53D4356E}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [6b37800f2961270fe271e082927350b0]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A6DA14AE-E810-4129-BFD8-B05B6EFC8155}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [9e0466291c6ec76fe66d4e1410f52ed2]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [31710e81bbcfe5519fb4c0a2f41128d8]
PUP.Optional.OurSurfing.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT&ts=1430381034&type=default&q={searchTerms},, [abf7bcd38109fb3bde752a387f866997]
 
Registry Data: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[554d5a35563443f3a754858ba660da26]
PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-3480954930-20225399-1665059895-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.oursurfing.com/?type=hppp&ts=1430381026&z=359f6ade42b4c72e295d259g2z2cfe7c6bbg5e3gbb&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hppp&ts=1430381026&z=359f6ade42b4c72e295d259g2z2cfe7c6bbg5e3gbb&from=2sq&uid=TOSHIBAXMK2552GSX_9833CR7JTXX9833CR7JT),,[5151dcb3048651e5ffa3c83c82847789]
 
Folders: 7
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [fda5d4bbe3a77eb8a4ba97150af9ba46], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [fda5d4bbe3a77eb8a4ba97150af9ba46], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [cbd7ace3b5d550e643ae14ada55efc04], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [cbd7ace3b5d550e643ae14ada55efc04], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code, , [5e4426690288fa3c4afee2e8946f23dd], 
 
Files: 36
PUP.Optional.Elex, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [5c46820db9d1eb4b48b57203a25ebd43], 
PUP.Optional.Browserwatch, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\BrowerWatchCH.dll, , [455dcdc2157591a5a74e966d40c606fa], 
PUP.Optional.Browserwatch, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\BrowerWatchFF.dll, , [22803c534248da5c26cfdb286f97ba46], 
PUP.Optional.SearchProtect, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\BrowserAction.dll, , [70322e611d6d67cf8795eb5901011ce4], 
PUP.Optional.Giner, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\CmdShell.exe, , [732feaa50c7e75c1e586df6dea1c2bd5], 
PUP.Optional.ELEX, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\HPNotify.exe, , [edb57e11820887af9606e54f9f63758b], 
PUP.Optional.SearchProtect, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\IeWatchDog.dll, , [a4fe6e215c2e4ee8839a9170f51138c8], 
PUP.Optional.XTab.A, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\ProtectService.exe, , [e3bfd0bf98f2eb4b0bae4ac9de241ae6], 
PUP.Optional.SupTab.A, C:\$RECYCLE.BIN\S-1-5-21-3480954930-20225399-1665059895-1000\$RMVHXY2\SupTab.dll, , [f4ae553ae0aa7bbbc3d41027ca368b75], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [fda5d4bbe3a77eb8a4ba97150af9ba46], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\573.json, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\MessageBox.xml, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\uninstallDlg2.xml, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\UninstallManager.exe, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\bg.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\bg1.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\bk_shadow.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\button.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\button1.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\checkbox.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\checkbox_select.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\checked.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\close.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\loading_bg.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\loading_light.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\min.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\scrollbar.bmp, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\Thumbs.db, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\unchecked.png, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code\code1.jpg, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code\code2.jpg, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code\code3.jpg, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code\code4.jpg, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code\code5.jpg, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code\code6.jpg, , [5e4426690288fa3c4afee2e8946f23dd], 
PUP.Optional.OurSurfing.A, C:\Users\Daniel\AppData\Roaming\oursurfing\images\code\Thumbs.db, , [5e4426690288fa3c4afee2e8946f23dd], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

Link to post
Share on other sites

Hello yeknodano and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

 

 

Hi Borislav,

 

Thanks for replying. I've started another thread as you suggested, where I've pasted the MBAM report.

 

Thanks

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.