Malware Detected Requesting Specialist Assistance Please

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Acusteve, Jun 5, 2021.

Tags:
  1. Acusteve

    Acusteve Private E-2

    Hi, I received an email from some I trusted but, I always scan with Windows Defender every download before opening it. It came back with two potential concerns:
    PUA:Win32/InstallCore and
    App: Systweak

    I followed the Majorgeeks malware removal protocol and I'm attaching the logs. I greatly appreciate your assistance!

    Thank you,
    Acusteve
     

    Attached Files:

    Acusteve, Jun 5, 2021
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please re-run ADWCleaner and remove these ( it's optional to remove all other PUP's if you wish)
    PUP.Optional.Conduit HKCU\Software\AppDataLow\Software\Conduit
    PUP.Optional.Conduit HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    PUP.Optional.Conduit HKCU\Software\Conduit
    PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\DOMStorage\app.mam.conduit.com
    PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
    PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.mam.conduit.com
    PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
    PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fastcontent.conduit.com
    PUP.Optional.Conduit HKLM\Software\Conduit

    In Hitman:
    Malware remnants ____________________________________________________________

    HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
    HKU\S-1-5-21-3708671979-3471065719-608419365-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com\ (SuperFish)

    And In RogueKiller:
    [PUP.Conduit (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Conduit -- N/A -> Found
    [PUP.Conduit (Potentially Malicious)] HKEY_USERS\S-1-5-21-3708671979-3471065719-608419365-1000\Software\Conduit -- N/A -> Found
    [PUP.Conduit (Potentially Malicious)] HKEY_USERS\S-1-5-21-3708671979-3471065719-608419365-1000\Software\AppDataLow\Software\Conduit -- N/A -> Found
    [PUP.Conduit (Potentially Malicious)] (folder) Conduit -- C:\Program Files\Conduit -> Found

    Once done, reboot and rescan with all three and attach the new logs.
     
    TimW, Jun 6, 2021
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds