Fake Bioshock 2 Download Downloading Adware and Trojans not found by Malwarebytes

Ant_Teh_Nee · July 28, 2016

Malwarebytes is not picking up the following files during scans. Hopefully this log helps them add it to their definitions. Got permission to post this from a person I was helping on Bleepingcomputer.com/forums.

   Scan date . . . . . . : 2016-07-28 16:00:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
 
   Threats . . . . . . . : 5
   Traces  . . . . . . . : 91
 
   Objects scanned . . . : 1,189,863
   Files scanned . . . . : 23,761
   Remnants scanned  . . : 237,015 files / 929,087 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe -> Quarantined
      Size . . . . . . . : 2,499,742 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 4A7457731775502A6C696FA102571F7CE0EBC9C3A9DE01DAADBA9F31A08CEDF7
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 111.0
      Forensic Cluster
         -7.6s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -0.6s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.0s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.3s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\appstart.exe -> Quarantined
      Size . . . . . . . : 5,236,472 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 218714F222C5099DEE7E5DD3C7C7286CDA23EAD30C39D22E0D2A63A7E3C6E5F4
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -7.0s C:\Users\Steven\AppData\Local\Temp\ads.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\appstart.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.6s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.9s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe -> Deleted
      Size . . . . . . . : 514,048 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:21)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 182075DC0DDB6B345CAD7695E9B55B5565314F5296BDEF65CFB986BFBABA3170
    > Bitdefender  . . . : Trojan.Agent.BWKB
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -8.4s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -1.4s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
         -0.8s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
         -0.0s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          3.5s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe -> Quarantined
      Size . . . . . . . : 378,880 bytes
      Age  . . . . . . . : 18.1 days (2016-07-10 13:59:56)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : AA40E64435087BADE85CE96E268A920CCEFE7ED53F2E6418CA1891C6C2266508
    > Bitdefender  . . . : Gen:Variant.Adware.Symmi.66748
      Fuzzy  . . . . . . : 109.0
      Startup
         C:\Windows\system32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
      Forensic Cluster
         -24.0s C:\Program Files\DAEMON Tools Lite\
         -24.0s C:\Program Files\DAEMON Tools Lite\DTAgent.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\DTLauncher.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\Engine.dll
         -23.5s C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
         -23.3s C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
         -23.2s C:\Program Files\DAEMON Tools Lite\DTHelper.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\imgengine.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
         -23.1s C:\Program Files\DAEMON Tools Lite\sptdintf.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DTLite.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
         -22.9s C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\Extractor.exe
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\
         -22.4s C:\Program Files\DAEMON Tools Lite\Profiles.ini
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\uninst.exe
         -21.3s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BGR.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BIH.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHT.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CSY.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\DEU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ESN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FIN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FRA.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HEB.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HUN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HYE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\IND.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\ITA.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\JPN.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PLK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PTB.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\RUS.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SRL.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SVE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\TRK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\UKR.dll
         -21.2s C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.inf
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.sys
         -21.1s C:\Windows\System32\drivers\dtlitescsibus.sys
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\
         -18.5s C:\Windows\Inf\oem7.inf
         -18.5s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.cat
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.PNF
         -18.5s C:\Windows\Inf\oem7.PNF
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.sys
         -18.4s C:\Windows\System32\drivers\dtliteusbbus.sys
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.inf
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.cat
         -18.3s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\
         -18.3s C:\Windows\Inf\oem8.inf
         -18.3s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.cat
         -18.2s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.PNF
         -18.2s C:\Windows\Inf\oem8.PNF
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
         -15.9s C:\Windows\Prefetch\DTAGENT.EXE-464D25E0.pf
         -15.2s C:\Users\Steven\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico
         -15.0s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
         -15.0s C:\Windows\System32\GroupPolicy\Machine\
         -15.0s C:\Windows\System32\GroupPolicy\User\
         -15.0s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
         -15.0s C:\Windows\System32\GroupPolicy\GPT.INI
         -14.9s C:\ProgramData\ntuser.pol
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\info.dat
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\ledo
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\nifa.txt
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat1
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat2
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\tolido
         -10.6s C:\Users\Public\Documents\Daemon Tools Images\
         -9.7s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\IconsCache\
          0.0s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe
          0.7s C:\Windows\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}.job
          0.7s C:\Windows\System32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
          0.7s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\config.dat
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx
 
   C:\Users\Steven\Downloads\[R.G. Mechanics] Bioshock 2\setup.exe -> Quarantined
      Size . . . . . . . : 2,141,964 bytes
      Age  . . . . . . . : 4.3 days (2016-07-24 09:53:03)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1D216480B0FBC1F04CE2EFB90AD1FE02D06B2B95F7CD801F19ED325D9B5B2A5A
      Product  . . . . . : BioShock 2                                                  
      Publisher  . . . . : tapochek.net                                                
      Description  . . . : BioShock 2                                                  
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Generic.15073150
      Fuzzy  . . . . . . : 110.0
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKU\S-1-5-21-3332964688-1481943379-240360241-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted

Link to fourms post: http://www.bleepingcomputer.com/forums/t/621398/chrome-keeps-opening-with-ads/#entry4051177

Hope this helps!

David H. Lipman · July 28, 2016

I'm sorry but it really doesn't help.

If you have some software that you believe to be a Potentially Unwanted Program ( PUP ) or Malware than you have to submit samples.

The submissions would be posted in; Newest Malware Threats after you have read the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected threats.

Malware hunters please read
Purpose of this forum
Malware Hunters group

Submitting samples within the guidelines... that would really help.

Thank You.

Ant_Teh_Nee · July 28, 2016

Sadly I don't have any samples as this was on another person's computer. Maybe you could put research into the website it came from: tapochek,net (Removed period so nobody clicks it) Sorry this doesn't help.

David H. Lipman · July 28, 2016

Thank you.

Sign In

Fake Bioshock 2 Download Downloading Adware and Trojans not found by Malwarebytes

Recommended Posts

Ant_Teh_Nee

Link to post

Share on other sites

David H. Lipman

Link to post

Share on other sites

Ant_Teh_Nee

Link to post

Share on other sites

David H. Lipman

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information