Possible Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by theremotedr, Oct 29, 2018.

  1. theremotedr

    theremotedr Master Sergeant

    Hi,
    I was advised to run some tools then post the logs here.

    This is the post in question,
    https://forums.majorgeeks.com/threads/windows-7-right-click.319456/#post-2020942

    should any of the following appear in the logs then please do not advise to delete them as i use these all the time with no problems.
    Jzip
    CN 900 MINI
    HANDY BABY
    LIGHT ROOM

    I am not sure of the name no but one advised me to hit the big blue button to delete etc,there was only the option to quarantine it,please advise
     

    Attached Files:

    theremotedr, Oct 29, 2018
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please remove the following:
    ADW:
    PUP.Optional.Conduit HKCU\Software\Conduit
    PUP.Optional.Conduit HKLM\Software\Conduit

    Hitman:
    HKLM\SOFTWARE\Conduit\ (Conduit)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
    HKU\S-1-5-21-2052246637-699227346-1952638870-1001\Software\Conduit\ (Conduit)

    RogueKiller:
    [PUP.Conduit|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Conduit -> Found
    [PUP.Conduit|PUP.Gen1] HKEY_USERS\S-1-5-21-2052246637-699227346-1952638870-1001\Software\Conduit -> Found

    Reboot and rerun all three and attach the new logs. Let me know how things are running.
     
    TimW, Oct 29, 2018
    #2
  3. theremotedr

    theremotedr Master Sergeant

    Hi,
    To remove them so I run the tools again and select them to be deleted ?

    Then reboot and run these 3 again ?
     
    theremotedr, Oct 29, 2018
    #3
  4. theremotedr

    theremotedr Master Sergeant

    Morning,
    I have deleted the two files using ADW as advised then restarted pc as software advised.
    I then run Hitman but the two files you mention i then did not see.
    I then run RogueKiller and the same issue.

    I have attached the 3 log files for you to check & advise.

    Thanks very much
     

    Attached Files:

    theremotedr, Oct 30, 2018
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please remove these:
    RogueKiller:
    Potential Unwanted Programs _________________________________________________

    HKLM\SOFTWARE\Classes\f\ (Funmoods)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

    You didn't tell me how things are running.
     
    TimW, Oct 30, 2018
    #5
  6. theremotedr

    theremotedr Master Sergeant

    Hi,
    The above post advised to run RogueKiller & remove the 2 x HKLM items.
    It ran for nearly 2 hours but these 2 items were not in its list ?

    However i do see it in the Hit Man list.
    Hit Man is now running so will delete it from there once finished.

    Whilst i have supplied you with this new report please advise if ok.
    I did not advise if things were better as i thought i was supposed to do that later ha ha.

    My original issue on the other post is still the same.
     

    Attached Files:

    • RK3.txt
      File size:
      18.8 KB
      Views:
      4
    theremotedr, Oct 30, 2018
    #6
  7. theremotedr

    theremotedr Master Sergeant

    Hi,
    Hit Man has just finished but i am unable to delete the 2 items you advise as it shows my license has expired 2015-11-04
     
    theremotedr, Oct 30, 2018
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Other than this junk, there is no malware in your system. I suggest you return to your original post for further assistance.
     
    TimW, Oct 30, 2018
    #8
  9. theremotedr

    theremotedr Master Sergeant

    Do i include the REGEDIT4 also ?
     
    theremotedr, Oct 30, 2018
    #9
  10. theremotedr

    theremotedr Master Sergeant

    Ok done.

    I see ok message.
     

    Attached Files:

    theremotedr, Oct 30, 2018
    #10
  11. theremotedr

    theremotedr Master Sergeant

    Hi,
    I have restarted pc then run Hitman again.
    Just to confirm that the 2 items i copied to notepad as in post#8 are no longer seen in the scan results.

    I should now go back to the other post to continue correct ?

    Many thanks
     
    theremotedr, Oct 30, 2018
    #11
  12. theremotedr

    theremotedr Master Sergeant

    TimW
    I have been advised to ask for the final clean up steps when you are ready.
    Thanks.
     

    Attached Files:

    theremotedr, Oct 30, 2018
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Oct 30, 2018
    #13
  14. theremotedr

    theremotedr Master Sergeant

    Now done,many thanks
     
    theremotedr, Oct 30, 2018
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem. :)
     
    TimW, Oct 30, 2018
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds