Spyware! I'm Not Sure If I Cleared It All.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Gunsae, Apr 29, 2018.

  1. Gunsae

    Gunsae Private E-2

    So to keep this short, I ran a random ADW cleaner scan today and I found 4 threats - trojan.stolendata and 3 "copies" of PUP.Optional.Legacy . I run ADW a few times and everything becomes clean. I search up trojen.stolendata and I found out that "presence of it on a system indicates that there has been a data theft." I do more digging on my system and I run a full scan of malwarebytes + hitmanpro and nothing comes up for MB, and 3 random tracking cookies are deleted by hitmanpro. I then run rkill, and I find 38 errors in my hostfiles. I clean my hostfiles, so rkill says there are no issues with my hostfiles. After all this, I don't know if I cleared everything and I dont know what to do. Any help is appreciated. I also run esetscanner and then nothing comes up.
     
    Gunsae, Apr 29, 2018
    #1
  2. Gunsae

    Gunsae Private E-2

    Here are some logs.
    Rkill 2.9.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2018 BleepingComputer.com More Information about Rkill can be found at this link:http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 04/29/2018 12:00:21 AM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    • No malware services found to stop.
    Checking for processes to terminate:

    • No malware processes found to kill.
    Checking Registry for malware related settings:

    • No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    • Windows Defender Disabled

      [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001
    Searching for Missing Digital Signatures:

    • No issues found.
    Checking HOSTS File:

    • HOSTS file entries found:

      0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com

      20 out of 38 HOSTS entries shown. Please review HOSTS file for further entries.
    Program finished at: 04/29/2018 12:00:33 AM Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
     
    Gunsae, Apr 29, 2018
    #2
  3. Gunsae

    Gunsae Private E-2

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 4/29/18
    Scan Time: 12:55 AM
    Log File: 94826a12-4b69-11e8-8a90-309c2328de06.json
    Administrator: Yes

    -Software Information-
    Version: 3.4.4.2398
    Components Version: 1.0.322
    Update Package Version: 1.0.4912
    License: Free

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Aaron-PC\Aaron

    -Scan Summary-
    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 333086
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 41 min, 7 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)
     
    Gunsae, Apr 29, 2018
    #3
  4. Gunsae

    Gunsae Private E-2

    Code:
    HitmanPro 3.8.0.292
www.hitmanpro.com

   Computer name . . . . : AARON-PC
   Windows . . . . . . . : 6.1.1.7601.X64/12
   User name . . . . . . : Aaron-PC\Aaron
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (Expired)

   Scan date . . . . . . : 2018-04-29 11:40:26
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 25s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1

   Objects scanned . . . : 1,252,975
   Files scanned . . . . : 46,600
   Remnants scanned  . . : 326,172 files / 880,203 keys

Cookies _____________________________________________________________________

   C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
     
    Gunsae, Apr 29, 2018
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach your logs. I would like to see the log from running RogueKiller as well as the log from running MGTools.exe.
     
    TimW, Apr 29, 2018
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds