Jump to content

Recommended Posts

Wondering what file this is

Adware.DealPly.Generic | Registry Key | HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\CURRENTVERSION\RUNONCE | PAMEHOC

Adware.DealPly.Generic | File | C:\Users\#####\Appdata\Roaming\184A0D246AB9BD6630C52F8A6A6AE7CD\Nitim.dat

I have no clue what this has I looked it up and found nothing.

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/14/17
Scan Time: 7:35 PM
Logfile: Report.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1264
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-KPDFFCU\Wicked

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362772
Time Elapsed: 2 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|PAMEHOC, Quarantined, [3126], [367966],1.0.1264

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.DealPly.Generic, C:\USERS\WICKED\APPDATA\ROAMING\184A0D246AB9BD6630C52F8A6A6AE7CD\NITIM.DAT, Quarantined, [3126], [367966],1.0.1264

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
  • Staff

Hi,

This doesn't look like a false positive though. Latest variants of DealPly (which uses random names, hence why you can't find anything in Google), now sets up a runonce key pointing to a random file as well, launched via a wscript.exe/vbs.exe argument.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.