Jump to content

MBAM and navipromo (feedback)

Thanos
 Share

Recommended Posts

Thanos

Thanos

Posted
Posted

Hi :)

It's about MBAM dealing with navipromo infection. The infection is nuked as shown in the report >>

C:\Documents and Settings\BambiPanda\Local Settings\Application Data\lkigfd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\BambiPanda\Local Settings\Application Data\lkigfd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\BambiPanda\Local Settings\Application Data\lkigfd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\BambiPanda\Local Settings\Application Data\lkigfd.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.

Just to point out that there's a leftover that MBAM didn't get (from a RSIT log) >>

Favorit-->"c:\documents and settings\bambipanda\local settings\application data\lkigfd.exe" -uninstall

a regfix must be done to delete the key ([HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Favorit]) since it cannot be uninstalled normally.

My apologies if I posted in the wrong section :)

Link to post
Share on other sites
Mark

Mark

Posted
Posted

Hi guys :)

If I remember correctly, "Favorit" is still present in "Add/Remove" even after cleanup with Navilog as well. It's just an orphan. When you try to uninstall, it says it doesn't exist and then you simply remove the entry from the list.

HTH

Mark

Link to post
Share on other sites
Thanos

Thanos

Posted
  • Author
Posted

Hi :)

the following infections have been found on a user's pc >>

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\components\nsglobaladsolution.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cont_globaladsolution-remove.exe (Trojan.Agent) -> Quarantined and deleted successfully.

a rsit extra log shows this after MBAM's scan, which is linked to the infection>>

Contextual Application Bignetdaddy-->C:\WINDOWS\system32\3f7b840d-083a-c445-e34f-2817c7e8aaa2.exe

Contextual Platform Globaladsolution-->C:\WINDOWS\system32\bd396ed7-998a-acf5-74fd-cb516836facd.exe

I have a sample of this file if you need it >> 3f7b840d-083a-c445-e34f-2817c7e8aaa2.exe

result of a VT scan on it >> http://www.virustotal.com/fr/analisis/dcd8...6f32-1255300087

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.