Jump to content

MEM Trojan:Win32 cometer.gen

MDM

By MDM
in Resolved Malware Removal Logs

 Share

Recommended Posts

MDM

MDM

Posted
  • Author
Posted

Here is the folder that they use. Look at the 15th and 21st scan. I got hit twice. I don't know how to open the enc1 to see what it says. My ISP contacted me to let me know that I was spamming emails and to find out why. I ran AVG Business and Malwarebytes 3.3.1 and found nothing. I found 2 new tools to use. Sophos Virus Removal Tool and it said I had something in memory but couldn't remove it. Next I tried Kaspersky Virus Removal Tool 2015 and it did the trick to remove it. It came in through the windows browser so I set all the settings as high as it allowed me to and the payload stopped coming in.

The Trojan came in through the browser, extracted to memory and deleted the file to cover its tracks.

KVRT_Data.zip

Link to post
Share on other sites
  • Staff
Atribune

Atribune

Posted
  • Staff
Posted (edited)

Not wanting to step on Ron's toes but I suspect something is still being missed. The detection of MEM Trojan:Win32 cometer.gen by KVRT began October 25th, and has been "removed" several times since then according to the log files you sent in. There needs to be something on disk that loads MEM Trojan:Win32 cometer.gen  into memory or when you rebooted it would die and be gone as MEM indicates that it is only in memory. Unfortunately from the logs we can't be sure what exactly Kaspersky is seeing that they are calling MEM Trojan:Win32 cometer.gen.

Could you please follow the instructions found here:

 Please attach the logs here.

Edited by Atribune
Link to post
Share on other sites
MDM

MDM

Posted
  • Author
Posted

It came in through the windows browser several times so I set all the settings as high as it allowed me to and the payload stopped coming in.  I've been free of this Trojan now for over a week. I'm just disappointed that Malwarebytes didn't catch it.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Why we'd like to help you but what you've provided so far is not an infection. It's a trace of an old infection. If you like we can run some scans to see if there really is something on the system, but basically so far it does not look to be like the computer has an actual infection. If you ran 20 different antivirus tools on the computer each may or may not find traces of old left over infections because often times the infection is not 100% removed of all traces. The main infection has been removed that actually does the harm, but some file or registry entry may be left over.

The complexity of finding, preventing, and cleanup from malware


If you'd like me to assist you in scanning your computer further for any possible infection please let me know.

Thank you

Ron

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept