Jump to content

Cannot Remove Infection - Requesting Help


Recommended Posts

Hi,

 

I've been working on trying to remove some malware that Malwarebytes is finding when I run a scan as a user with regular permissions.  I choose to remove them and then reboot and scan again and they are still there.  I do not find any signs of infection with our usual antivirus software and I also tried a live linux CD scan and no results with that either.

 

I should note that the users utilize roaming profiles for VMs and so far I have only received these results when logging in as a regular user vs. an admin account.  I am a bit reluctant to log into the machines as an admin at this point to try and scan again under those privilegas.  I'm attaching the logs per the "I'm infected - What do I do now?" instructions.  Any help would be greatly appreciated.  I'm not concerned with the PUM in the scan results image.

 

 

Thank you.

 

 

Addition.txt

FRST.txt

post-194246-0-78467400-1445276945_thumb.

Link to post
Share on other sites

  • Staff

Yes, because this isn't in accordance with MalwareBytes EULA:

 

(b) Free License. If you are using a free version of the Software, then conditioned upon your compliance with the terms and conditions of this Agreement, Malwarebytes grants you a non-exclusive and non-transferable license to Execute (as defined herein) a single copy of the Software solely in executable form on a single computer or virtual machine (a “Computer”), solely for your personal, non-commercial purposes (i.e., not on Computers used in a business).

 

MalwareBytes EULA

Link to post
Share on other sites

No but I'll give that a shot.  The folder they're in will not even let a domain admin in so I'll have to figure out how to get to the .exe files and try it.  One of my biggest obstacles here is that I have to be careful what I put up on a publicly available site like that since I don't yet know what the file actually contains.  I guess by reaching out to the Malwarebytes forum I hoped these could actually be false positives someone might recognize but being they are executables that seems like a reach.  A lot of the PUMs that Malwarebytes flags are not a concern for us but that is because we intentionally modify certain behavior in our environment, home pages and such.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.