Jump to content

Still finding remnants from march 26


Recommended Posts

Malwarebytes' Anti-Malware 1.11

Database version: 692

Scan type: Full Scan (C:\|)

Objects scanned: 56451

Time elapsed: 9 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\IDME\dimnet201.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IDME\TGbn1dll.exe (Adware.Trafficsol) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\usnv\pax89104.exe (Adware.TTC) -> Quarantined and deleted successfully.

dimnet201.exe

A-Squared Found nothing

AntiVir Found RKIT/544.A

ArcaVir Found nothing

Avast Found Win32:Trojan-gen {UPX}

AVG Antivirus Found Generic10.CLZ

BitDefender Found Rootkit.544

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found Troj/SpyCore-A

VirusBuster Found nothing

VBA32 Found nothing

pax89104.exe

A-Squared Found Adware.Win32.TTC.d

AntiVir Found DR/TTC.D

ArcaVir Found Adware.Ttc.D

Avast Found Win32:Adware-gen

AVG Antivirus Found nothing

BitDefender Found Dropped:Trojan.AdClick.DX

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.TTC.d (4, 1, 400)

Fortinet Found Adware/TTC

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found AdWare.Win32.TTC.d

TGbn1dll.exe

A-Squared Found nothing

AntiVir Found TR/Drop.Agen.139457

ArcaVir Found Adware.Trafficsol.Ai

Avast Found Win32:Agent-VZS

AVG Antivirus Found nothing

BitDefender Found Adware.Trafficsol.S

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.TrafficSol.ai (4, 1, 400)

Fortinet Found Virtum!tr

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found Troj/Virtum-Gen

VirusBuster Found nothing

VBA32 Found AdWare.Win32.TrafficSol.ai

Link to post
Share on other sites

I then sorted by date and saw another folder in the system 32 with the same time/date stamp

bz3/pnglft22.exe

A-Squared Found Trojan-Downloader.Win32.Small.tei

AntiVir Found TR/Crypt.ULPM.Gen

ArcaVir Found Adware.Agent.Bz

Avast Found Win32:Small-JMH

AVG Antivirus Found Downloader.Generic7.AUY

BitDefender Found Trojan.Retapu.D

ClamAV Found Trojan.Downloader-27654

CPsecure Found Troj.Downloader.W32.Aphex.020

Dr.Web Found Trojan.DownLoader.51158

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found Trojan-Downloader.Win32.Small.tei

Fortinet Found nothing

Ikarus Found Virus.Win32.Small.JMH

Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Small.tei

NOD32 Found Win32/TrojanDownloader.Small.IAW

Norman Virus Control Found W32/DLoader.GFES

Panda Antivirus Found Trj/Downloader.SZG

Sophos Antivirus Found Mal/DownLdr-O

VirusBuster Found Trojan.Matcash.Gen

VBA32 Found Trojan-Downloader.Win32.Small.tei

Link to post
Share on other sites

  • Staff

The issue is that this file is inside of a random named folder .

I am trying to find a way to keep the scan fast and catch these .

This malware is a setup file and does not get a start point so it is in effect dead .

The next update may have something that will catch this .

BTW the active protection of MBAM should not allow this file to run .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.