Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

4 threats found, rogue.defragmenter


Recommended Posts

Hello!! I'm very glad to have found this forum, it will surely help me out a lot. After reading the post about posting in this particular topic, I DL'd Malwarebytes and scanned my laptop. Dell Inspiron running windows 7. I think the next step is to post the logs. I have two, one from 12.05 and one from 12.11, I will post them both. Am I right in assuming that my next step is to DL Avira Antivir and run it, correct? And on down through the post...

Here's the log from 12.05::

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5221

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/5/2010 4:33:04 AM

mbam-log-2010-12-05 (04-33-04).txt

Scan type: Quick scan

Objects scanned: 164552

Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 10

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790573B2765F5734AF94 (Malware.Trace) -> Value: SRS_IT_E8790573B2765F5734AF94 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790571B7765D5A32AE94 (Malware.Trace) -> Value: SRS_IT_E8790571B7765D5A32AE94 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879057FB3765C5A31AA91 (Malware.Trace) -> Value: SRS_IT_E879057FB3765C5A31AA91 -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\programdata\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

Files Infected:

c:\$Recycle.Bin\s-1-5-21-1743676069-625996131-1259242927-1000\$R6KR4XJ.exe (Adware.Hotbar.Gen) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-1743676069-625996131-1259242927-1000\$R9UCSDT.exe (Adware.Hotbar.Gen) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-1743676069-625996131-1259242927-1000\$RCAV2HT.exe (Adware.Hotbar.Gen) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-1743676069-625996131-1259242927-1000\$RK7DFIW.exe (Adware.Hotbar.Gen) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-1743676069-625996131-1259242927-1000\$RR23UKE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-1743676069-625996131-1259242927-1000\$RZ94HKC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

AND the log from 12.11 (few minutes ago)

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5292

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/11/2010 12:53:36 AM

mbam-log-2010-12-11 (00-53-36).txt

Scan type: Quick scan

Objects scanned: 166649

Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\Users\JPJH\AppData\Roaming\microsoft\Windows\start menu\Programs\win defragmenter (Rogue.Defragmenter) -> Quarantined and deleted successfully.

Files Infected:

c:\Users\JPJH\AppData\Local\Temp\tmp3631.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\JPJH\AppData\Roaming\microsoft\Windows\start menu\Programs\win defragmenter\win defragmenter.lnk (Rogue.Defragmenter) -> Quarantined and deleted successfully.

c:\Users\JPJH\AppData\Roaming\microsoft\Windows\start menu\Programs\win defragmenter\uninstall win defragmenter.lnk (Rogue.Defragmenter) -> Quarantined and deleted successfully.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So there they are in all their loggy glory. I wish I knew how to diagnose these, I suppose I should try to learn and maybe be able to pass on the knowledge.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.