Jump to content

backdoor.agent.wd keeps comming back HELP


Recommended Posts


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Tamara on Thu 06/16/2016 at  6:17:32.79.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tamara\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

6/16/2016 6:19:14 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Users\Tamara\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Tamara\AppData\Local\EmieSiteList deleted successfully
C:\Users\Tamara\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted

==== Chromium Look ======================


Facebook Customizer (by Adblock Plus) - Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm

==== Chromium Fix ======================

C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.funtvtabsearch.com_0.localstorage deleted successfully
C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.funtvtabsearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE08

==== Reset Google Chrome ======================

C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tamara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=11 folders=6 2913905 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tamara\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Tamara\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted

==== EOF on Thu 06/16/2016 at  6:30:35.20 ======================
 

Link to post
Share on other sites

Thanks for the update Tigerist, continue to clean up and remove tools etc...

To uninstall Zemana and Sophos use the following uninstaller...

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.