How to get rid of Voluumtrk.horizon-trading.com

[galiper]

I have the above malware in my Windows 8 laptop.

Malwarebytes blocks it Outbound, but how do I rid myself of it entirely?

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/13/17
Protection Event Time: 7:14 AM
Log File: 278986ba-987d-11e7-aae0-b888e3fdac64.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2793
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 9tevj.voluumtrk.com
IP Address: 34.197.200.120
Port: [61849]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

(end)

[kevinf80]

Hello galiper and welcome to Malwarebytes, Follow the instructions at this link and post the requested logs: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Thank you, Kevin galiper

[galiper]

Here is what the scan shows:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/19/17
Scan Time: 11:06 AM
Log File: 6f7b850b-9d54-11e7-853d-b888e3fdac64.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2841
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: GALESSAMSUNG\gale

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367768
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 13 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

[kevinf80]

Do you also have logs from FRST...

[galiper]

No.  That's my next step?  Download and run that program?

[kevinf80]

Ok, thankyou for update....

[galiper]

Here are the FRST & Additions files:

 

 

Addition.txt

FRST.txt

[kevinf80]

Hello galiper,

Thanks for those logs, to help make our work easier UNinstall SpyBot S & D from your system, reboot when complete: https://www.safer-networking.org/faq/how-to-uninstall-2/ Next, Make a "Clean" install Firefox: Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks: https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer Next, Remove all synced data from Firefox to stop possible re-infection or exploitation. https://support.mozilla.org/t5/Sync-and-Save/How-do-I-set-up-Sync-on-my-computer/ta-p/21417 Next, Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later... Next, Lets totally remove Firefox and start over. Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions... Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present): (32-bit Windows) C:\Program Files\Mozilla Firefox (64-bit Windows) C:\Program Files (x86)\Mozilla Firefox It is essential the installation folder is removed. Re-boot your system when that is completed.... Next, To remove all remaining data and profile information... Press "Windows key + R" to open the Run box In the Run box, type in or copy and paste %APPDATA% Click OK. A Windows Explorer window will appear. In this window, choose/open in succession Mozilla > Firefox > Profiles. Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete. Re-boot your system when complete! Next, Use the Mozilla Firefox installer to reinstall your Browser.... When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc.... Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens... Next, Download RogueKiller and save it on your desktop, ensure to download correct version.. RogueKiller (X86) RogueKiller (x64)   Exit all running applications. Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Start Scan" to begin the analysis. This may take some time. Once the scan is complete, click the "Open TXT" button to display the scan report. Copy/Paste it's content in your next reply. Do not use the delete function on any found entries, let me see the log for analysis first..... Thank you, Kevin...

[galiper]

OK, I've followed all your instructions up to installing & running RogueKiller.

But now RogueKiller64.exe is complaining that there is no disk in drive E:. 

And doesn't seem to let me bypass it.

????????

[kevinf80]

That is very strange,  can you open E:\ drive then try RogueKiller again..

[galiper]

Am I doing this right? It says 4 things found.

 

RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : gale [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/20/2017 11:09:48 (Duration : 00:42:45)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2620583142-3316455340-3143807552-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2620583142-3316455340-3143807552-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2620583142-3316455340-3143807552-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2620583142-3316455340-3143807552-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] a09d58c945fb6d90457ad46d78c53d67
[BSP] 71da4e2843847ed185728c5302ee318a : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1026048 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1640448 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1902592 | Size: 452715 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 929062912 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 929984512 | Size: 21822 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 974675968 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK

 

[kevinf80]

Those entries found with RogueKiller are harmless... How is your PC responding, do you have any remaining issues or concerns...?

[galiper]

I've kinda stayed away from it while running these programs.

I will use it today and let you know if it's still acting up.

Should I delete/remove those harmless things RogueKiller found?

[kevinf80]

You can remove those entries if you wish.... Let me know how your PC is responding, also if any remaining issues or concerns...

[galiper]

So far, so good.  Haven't seen the Voluumtrk again.  Not the fastest in the world, but better so far.  Thank you for your help!!!

[kevinf80]

Thanks for the update, if no issues etc we can clean up:

Uninstall RogueKiller http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked:   Remove disinfection tools <----- this will remove tools we may have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[kevinf80]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!