stephenj20 Posted April 16, 2017 ID:1117705 Share Posted April 16, 2017 Wondering what file this is Adware.DealPly.Generic | Registry Key | HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\CURRENTVERSION\RUNONCE | PAMEHOC Adware.DealPly.Generic | File | C:\Users\#####\Appdata\Roaming\184A0D246AB9BD6630C52F8A6A6AE7CD\Nitim.dat I have no clue what this has I looked it up and found nothing. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/14/17 Scan Time: 7:35 PM Logfile: Report.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1264 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: DESKTOP-KPDFFCU\Wicked -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 362772 Time Elapsed: 2 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|PAMEHOC, Quarantined, [3126], [367966],1.0.1264 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.DealPly.Generic, C:\USERS\WICKED\APPDATA\ROAMING\184A0D246AB9BD6630C52F8A6A6AE7CD\NITIM.DAT, Quarantined, [3126], [367966],1.0.1264 Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 17, 2017 Staff ID:1117807 Share Posted April 17, 2017 Hi, This doesn't look like a false positive though. Latest variants of DealPly (which uses random names, hence why you can't find anything in Google), now sets up a runonce key pointing to a random file as well, launched via a wscript.exe/vbs.exe argument. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now