Jump to content

Fake Bioshock 2 Download Downloading Adware and Trojans not found by Malwarebytes


Recommended Posts

Malwarebytes is not picking up the following files during scans. Hopefully this log helps them add it to their definitions. Got permission to post this from a person I was helping on Bleepingcomputer.com/forums.

 

   Scan date . . . . . . : 2016-07-28 16:00:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
 
   Threats . . . . . . . : 5
   Traces  . . . . . . . : 91
 
   Objects scanned . . . : 1,189,863
   Files scanned . . . . : 23,761
   Remnants scanned  . . : 237,015 files / 929,087 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe -> Quarantined
      Size . . . . . . . : 2,499,742 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 4A7457731775502A6C696FA102571F7CE0EBC9C3A9DE01DAADBA9F31A08CEDF7
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 111.0
      Forensic Cluster
         -7.6s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -0.6s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.0s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.3s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\appstart.exe -> Quarantined
      Size . . . . . . . : 5,236,472 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 218714F222C5099DEE7E5DD3C7C7286CDA23EAD30C39D22E0D2A63A7E3C6E5F4
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -7.0s C:\Users\Steven\AppData\Local\Temp\ads.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\appstart.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.6s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.9s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe -> Deleted
      Size . . . . . . . : 514,048 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:21)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 182075DC0DDB6B345CAD7695E9B55B5565314F5296BDEF65CFB986BFBABA3170
    > Bitdefender  . . . : Trojan.Agent.BWKB
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -8.4s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -1.4s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
         -0.8s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
         -0.0s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          3.5s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe -> Quarantined
      Size . . . . . . . : 378,880 bytes
      Age  . . . . . . . : 18.1 days (2016-07-10 13:59:56)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : AA40E64435087BADE85CE96E268A920CCEFE7ED53F2E6418CA1891C6C2266508
    > Bitdefender  . . . : Gen:Variant.Adware.Symmi.66748
      Fuzzy  . . . . . . : 109.0
      Startup
         C:\Windows\system32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
      Forensic Cluster
         -24.0s C:\Program Files\DAEMON Tools Lite\
         -24.0s C:\Program Files\DAEMON Tools Lite\DTAgent.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\DTLauncher.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\Engine.dll
         -23.5s C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
         -23.3s C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
         -23.2s C:\Program Files\DAEMON Tools Lite\DTHelper.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\imgengine.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
         -23.1s C:\Program Files\DAEMON Tools Lite\sptdintf.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DTLite.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
         -22.9s C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\Extractor.exe
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\
         -22.4s C:\Program Files\DAEMON Tools Lite\Profiles.ini
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\uninst.exe
         -21.3s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BGR.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BIH.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHT.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CSY.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\DEU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ESN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FIN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FRA.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HEB.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HUN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HYE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\IND.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\ITA.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\JPN.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PLK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PTB.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\RUS.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SRL.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SVE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\TRK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\UKR.dll
         -21.2s C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.inf
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.sys
         -21.1s C:\Windows\System32\drivers\dtlitescsibus.sys
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\
         -18.5s C:\Windows\Inf\oem7.inf
         -18.5s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.cat
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.PNF
         -18.5s C:\Windows\Inf\oem7.PNF
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.sys
         -18.4s C:\Windows\System32\drivers\dtliteusbbus.sys
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.inf
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.cat
         -18.3s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\
         -18.3s C:\Windows\Inf\oem8.inf
         -18.3s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.cat
         -18.2s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.PNF
         -18.2s C:\Windows\Inf\oem8.PNF
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
         -15.9s C:\Windows\Prefetch\DTAGENT.EXE-464D25E0.pf
         -15.2s C:\Users\Steven\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico
         -15.0s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
         -15.0s C:\Windows\System32\GroupPolicy\Machine\
         -15.0s C:\Windows\System32\GroupPolicy\User\
         -15.0s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
         -15.0s C:\Windows\System32\GroupPolicy\GPT.INI
         -14.9s C:\ProgramData\ntuser.pol
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\info.dat
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\ledo
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\nifa.txt
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat1
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat2
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\tolido
         -10.6s C:\Users\Public\Documents\Daemon Tools Images\
         -9.7s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\IconsCache\
          0.0s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe
          0.7s C:\Windows\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}.job
          0.7s C:\Windows\System32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
          0.7s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\config.dat
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx
 
   C:\Users\Steven\Downloads\[R.G. Mechanics] Bioshock 2\setup.exe -> Quarantined
      Size . . . . . . . : 2,141,964 bytes
      Age  . . . . . . . : 4.3 days (2016-07-24 09:53:03)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1D216480B0FBC1F04CE2EFB90AD1FE02D06B2B95F7CD801F19ED325D9B5B2A5A
      Product  . . . . . : BioShock 2                                                  
      Publisher  . . . . : tapochek.net                                                
      Description  . . . : BioShock 2                                                  
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Generic.15073150
      Fuzzy  . . . . . . : 110.0
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKU\S-1-5-21-3332964688-1481943379-240360241-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted

Link to fourms post: http://www.bleepingcomputer.com/forums/t/621398/chrome-keeps-opening-with-ads/#entry4051177

Hope this helps!

Link to post
Share on other sites

I'm sorry but it really doesn't help.

If you have some software that you believe to be a Potentially Unwanted Program ( PUP ) or Malware than you have to submit samples.

The submissions would be posted in;  Newest Malware Threats  after you have read the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected threats.

Malware hunters please read
Purpose of this forum
Malware Hunters group

 

Submitting samples within the guidelines... that would really help.

Thank You.
 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.