Imminent Monitor log files found? More cleaning needed?

[JDTech]

Hello,

Hopefully, I have posted in the right place. So, some backstory. Couple days ago, several sites reported suspicious logins. I changed the passwords, thinking it was just somebody stole my password. Then, more suspicious activity. I was surprised, but just in case, I used only my Linux laptop for logging in. It stopped, so I run MalwareBytes to see if there's maybe a keylogger. Here's the logfile:

Quote

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-11-11
Scan Time: 3:01 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.11.09
Rootkit Database: v2016.10.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: dmjoe_000

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 447889
Time Elapsed: 2 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Ludashi, HKLM\SOFTWARE\WOW6432NODE\COMPUTERZ, , [37ce0bb4d8c29c9a750ed8f058ab6f91], 
PUP.Optional.DriverAgentPlus, HKU\S-1-5-21-558652057-855349725-1654120186-1004\SOFTWARE\ESUPPORT.COM\DriverAgent, , [0203f2cdb8e279bde20b24b8669cb54b], 

Registry Values: 1
PUP.Optional.Ludashi, HKLM\SOFTWARE\WOW6432NODE\COMPUTERZ|Setup Path, C:\Program Files (x86)\Ludashi, , [37ce0bb4d8c29c9a750ed8f058ab6f91]

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.StolenData, C:\Users\dmjoe_000\AppData\Roaming\Imminent\Logs, , [b64fbd02aaf01b1b61621b990ef4827e], 

Files: 4
Trojan.StolenData, C:\Users\dmjoe_000\AppData\Roaming\Imminent\Logs\01-11-2016, , [b64fbd02aaf01b1b61621b990ef4827e], 
Trojan.StolenData, C:\Users\dmjoe_000\AppData\Roaming\Imminent\Logs\02-11-2016, , [b64fbd02aaf01b1b61621b990ef4827e], 
Trojan.StolenData, C:\Users\dmjoe_000\AppData\Roaming\Imminent\Logs\03-11-2016, , [b64fbd02aaf01b1b61621b990ef4827e], 
Trojan.StolenData, C:\Users\dmjoe_000\AppData\Roaming\Imminent\Logs\29-10-2016, , [b64fbd02aaf01b1b61621b990ef4827e], 

Physical Sectors: 0
(No malicious items detected)

(end)

Searching online, I think I might have the Imminent Monitor backdoor trojan. I am not sure, so can somebody have a look at this?

Thanks in advance 

[JDTech]

Oh, and I forgot to mention, that was just a Hyper scan, I am running a normal (Threat scan) one and I'll post the logs here once it's done.

-J

[TwinHeadedEagle]

Hello and

 

https://forums.malwarebytes.org/topic/9573-im-infected-what-do-i-do-now/

[JDTech]

Oops, sorry. Attached is my FRST logs 

Addition.txt

FRST.txt

[TwinHeadedEagle]

Please download Zemana AntiMalware and save it to your  Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scanto begin.
• After the short scan is finished, if threats are detected press Next to remove them.
  

Note:

If restart is required to finish the cleaning process, you should click

Reboot

. If reboot isn't required, please restart your computer manually.

• Open Zemana AntiMalware again.
• Click on icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.
  

 

---

 

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner