Jump to content

Gadcom.exe Malwarebytes removes but it keeps coming back


Recommended Posts

It finds this registry:

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

I located it myself originally. No matter what I do it keeps rewriting itself when I try to delete it. Malwarebytes is the first software that has been able to pick it up. It says that it deletes it, but it just rewrites itself immediately.

When I run Malwarebytes in safe mode it doesn't even detect it.

Any suggestions?

Thanks.

Link to post
Share on other sites

O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Austin\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

This appears in the log when I run TM Hijack This. Any idea what that string of numbers is next to the name? This string is also present in the registry file name as well.

Link to post
Share on other sites

Greetings and welcome to the forum. Most likely there is some other component of the malware that is causing the trojan to regenerate. To get you fixed up please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.