Jump to content

AntiMalware Dr Infection


Recommended Posts

Hello,

I was infected with Antimalware Dr. cleaned with Malewarebytes in safe mode and now the computer seems to be operating fine expect Microsoft Security Center is disabled (I have not re-enabled it for fear that it might be compromised.)

Original MalewareBytes Log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6859

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

6/14/2011 11:28:13 PM

mbam-log-2011-06-14 (23-28-13).txt

Scan type: Full scan (C:\|)

Objects scanned: 350089

Time elapsed: 33 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 18

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 21

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{27DAE335-5892-4D9E-9210-9AE2717AFAAB} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adfamkcwpr.adfamkcwpr.1.0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adfamkcwpr.adfamkcwpr (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DAE335-5892-4D9E-9210-9AE2717AFAAB} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{27DAE335-5892-4D9E-9210-9AE2717AFAAB} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{27DAE335-5892-4D9E-9210-9AE2717AFAAB} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\brumamkcwgrm.brumamkcwgrm.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\brumamkcwgrm.brumamkcwgrm (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W1WIWQ1NPG (Trojan.Downloader) -> Value: W1WIWQ1NPG -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ECYTQ9SIC (Trojan.Downloader) -> Value: 4ECYTQ9SIC -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bagn70dol.exe (Trojan.FakeAlert.Gen) -> Value: bagn70dol.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Epirisohun (Trojan.Agent.U) -> Value: Epirisohun -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Value: bipro -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\Users\louis russo\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\Windows\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:

c:\Users\louis russo\AppData\Local\Temp\Fkt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Local\Temp\Fkw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Roaming\51aba4fb5622d84d5f25432ed0d3b702\bagn70dol.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Local\Temp\Fks.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Local\Temp\Fku.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Local\Temp\Fkv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Local\Temp\Fkx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Fluwia.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\louis russo\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Roaming\microsoft\Windows\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Local\Meuobdet.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

c:\Windows\$xntuninstall643$\ppjxq.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\Users\louis russo\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\Windows\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

c:\Windows\$xntuninstall643$\rhlqh.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

c:\Windows\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully.

Latest MBAM Log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6859

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/14/2011 11:54:37 PM

mbam-log-2011-06-14 (23-54-37).txt

Scan type: Quick scan

Objects scanned: 162249

Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log:

.

DDS (Ver_2011-06-12.02) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16

Run by Louis Russo at 23:37:28 on 2011-06-14

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4076.3222 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\AppleOSSMgr.exe

C:\Windows\system32\AppleTimeSrv.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Boot Camp\KbdMgr.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\PageRage\YontooIEClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: Registration = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{00992153-8410-4195-AE1F-EE260254B281} : DhcpNameServer = 192.168.3.1 69.64.220.102

TCP: Interfaces\{BE22D2B5-D2D3-42B9-926B-ECC305435890} : DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{BE22D2B5-D2D3-42B9-926B-ECC305435890}\75966696021436365637370205F696E647 : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\PageRage\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Louis Russo\AppData\Roaming\Mozilla\Firefox\Profiles\6hk4fpyb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: C:\Users\Louis Russo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]

R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]

R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]

R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]

R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]

R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]

R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]

R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 SaiH0460;SaiH0460;C:\Windows\system32\DRIVERS\SaiH0460.sys --> C:\Windows\system32\DRIVERS\SaiH0460.sys [?]

S3 SaiH075C;SaiH075C;C:\Windows\system32\DRIVERS\SaiH075C.sys --> C:\Windows\system32\DRIVERS\SaiH075C.sys [?]

S3 SaiH0763;SaiH0763;C:\Windows\system32\DRIVERS\SaiH0763.sys --> C:\Windows\system32\DRIVERS\SaiH0763.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-06-15 02:47:24 -------- d-----w- C:\Program Files (x86)\PageRage

2011-06-15 02:47:23 -------- d-----w- C:\ProgramData\Tarma Installer

2011-06-15 02:46:57 -------- d-----w- C:\Users\Louis Russo\AppData\Roaming\51ABA4FB5622D84D5F25432ED0D3B702

2011-06-15 02:46:35 106496 --sha-r- C:\Windows\SysWow64\UIRibbong.dll

2011-06-15 02:46:35 106496 --sha-r- C:\Windows\SysWow64\icrav03W.dll

2011-06-15 02:46:35 106496 --sha-r- C:\Windows\SysWow64\fontext5.dll

2011-05-30 04:47:28 73216 ----a-w- C:\Windows\ST6UNST.EXE

2011-05-30 04:47:28 286720 ------w- C:\Windows\Setup1.exe

2011-05-30 04:45:26 306688 ----a-w- C:\Windows\IsUninst.exe

2011-05-29 07:59:55 -------- d-----w- C:\Users\Louis Russo\AppData\Roaming\Virtuali

2011-05-29 07:57:15 -------- d-----w- C:\ProgramData\Esellerate

2011-05-29 00:44:04 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-29 00:44:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-16 06:40:22 -------- d-----w- C:\Program Files (x86)\vasfmc-2.1

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 23:38:35.12 ===============

I appreciate your assistance in verifiying that I am clean!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.