GeekPolice Tech TutorialsLog in

 

trojan disguised at 360 total security and MBAM has virus

Share

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
Do I still need to run the malwarebytes anti-rootkit?

Only if it finds something.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.04.12.03
rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Joey :: RECROOM-HP [administrator]

4/12/2015 5:26:43 PM
mbar-log-2015-04-12 (17-26-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 711465
Time elapsed: 54 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Joey\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe (Trojan.Downloader) -> Delete on reboot. [7c375b108604dd59a47d20b56998be42]
C:\Users\Joey\Downloads\adobe_flash_setup.exe (Trojan.Downloader) -> Delete on reboot. [ae0581ea4d3dea4cc55c1db810f1e818]
C:\Users\Janet L\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [d2e12a41f793d85e21346d968b7b7987]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
 main:    v2014.11.18.05
 rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Joey :: RECROOM-HP [administrator]

4/12/2015 6:53:47 PM
mbar-log-2015-04-12 (18-53-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 671993
Time elapsed: 1 hour(s), 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
hey dave I'll run the ESET scan tomorrow. I ran the malwarebytes anti-rootkit and did fixdamage.

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
Ok, I'll take a look at the ESET scan when you post it. We're on the homeward stretch.

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\background.js.vir Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\content.js.vir Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mysearchdial\1.8.29.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\genienext\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\background.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\content.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\BackupSetup.exe MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\MySearchDial.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\mysearchdial.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\mysearchdialEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\mysearchdialsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\uninstall.exe a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is1914646434\38929609_stp.EXE a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is1914646434\51466792_stp.EXE a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is1914646434\38930089_stp\BuzzSearchSetup.exe a variant of Win64/BrowseFox.BA potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\Downloads\BitZipperSetup [1].exe a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Jared\Desktop\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\Joey\AppData\Local\Temp\AdobeUpdateSetup.exe a variant of Win32/InstallCore.OJ potentially unwanted application deleted - quarantined
C:\Users\Joey\AppData\Local\Temp\icc.dll.171284324 a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\Users\Joey\AppData\Local\Temp\icc.dll.171408563 a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\Users\Joey\Downloads\BitZipperSetup.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
C:\Users\Joey\Downloads\VuzeSetup-3855260-zbsb.exe a variant of Win32/InstallCore.OJ potentially unwanted application deleted - quarantined

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
That looks good. How's your computer working now? Any other issues or questions before we clean up?

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
What do I do about the total 360 security do I just use eraser to get rid of it? It does not show up in control panel under programs

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
jcarp27 wrote:
What do I do about the total 360 security do I just use eraser to get rid of it?  It does not show up in control panel under programs

Yes, if it doesn't show up in Uninstall programs or it doesn't have its own uninstaller, delete it.

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
Hi Dave, my computer is running really slow now..can you do anything to help?

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
You will have to run all the scans that I suggested on the first page and post the logs.

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
AdwCleaner v4.207 - Logfile created 03/07/2015 at 11:38:51
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joey - RECROOM-HP
# Running from : C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DYYEJU6\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_0814tb
Folder Deleted : C:\ProgramData\Avg_Update_1114tb
Folder Deleted : C:\ProgramData\Avg_Update_1214tb
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Janet L\AppData\Local\PC_Drivers_Headquarters
Folder Deleted : C:\Users\recroom\AppData\Local\PC_Drivers_Headquarters
File Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaaaiabcopkplhgaedhbloeejhhankf
File Deleted : C:\prefs.js

***** [ Scheduled tasks ] *****

Task Deleted : 1214tbUpdateInfo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\AskToolbar
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Mobogenie
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1902}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.130

[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dnldstr0101&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0FtB0A0DyC0F0C0F0CyDtN0D0Tzu0CyByDtBtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=822196068&ir=
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [37796 bytes] - [03/04/2015 20:08:28]
AdwCleaner[R1].txt - [3394 bytes] - [03/07/2015 11:34:43]
AdwCleaner[S0].txt - [37050 bytes] - [03/04/2015 20:11:08]
AdwCleaner[S1].txt - [3242 bytes] - [03/07/2015 11:38:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3301 bytes] ##########

descriptionRe: trojan disguised at 360 total security and MBAM has virus

more_horiz
I just want to touch base with you again. What's happening now with your computer?
Permissions in this forum:
You cannot reply to topics in this forum