Virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by atlantic546, Jan 12, 2017.

  1. atlantic546

    atlantic546 Private E-2

    Accidentally clicked on a bad link yesterday and my computer got infected with a trojan.

    I keep hearing sounds in the backround and I can't use the Edge browser because every-time I click anywhere more pop ups appear.


    Thanks.
     

    Attached Files:

    atlantic546, Jan 12, 2017
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run Hitman Pro again and activate the 30 day trial license. The use it to remove all the Malware and Potentially Unwanted Programs it reports. DO NOT remove the items reported on Suspicious programs because you probably want some of those items. After removing the items with Hitman, immediately reboot your PC.

    After reboot run RogueKiller again and have it remove any of the below items that still remain:

    ¤¤¤ Processes : 2 ¤¤¤
    [VT.Unknown] recalibration.exe(4668) -- C:\Program Files (x86)\hostiles\recalibration.exe[-] -> Found

    ¤¤¤ Registry : 36 ¤¤¤
    [PUP.Conduit|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found
    [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Conduit -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\IM -> Found
    [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Conduit -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\IM -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} -> Found
    [VT.malicious_confidence_62% (D)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | lott : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | lottlott : "C:\Program Files (x86)\Bensonhurst\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | donne : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | donnedonne : "C:\Program Files (x86)\Bensonhurst\stemware.exe" [-] -> Found
    [Adw.Wizzcaster|VT.not-a-virus:AdWare.MSIL.Agent.adac] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | MOYP58C1FT : "C:\Program Files\V61KNKT2ZA\DKWZTRUMB.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | albanians : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | albaniansalbanians : "C:\Program Files (x86)\Bensonhurst\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | begone : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | begonebegone : "C:\Program Files (x86)\Bensonhurst\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X64) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | munch : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [Adw.Wizzcaster|VT.not-a-virus:AdWare.MSIL.Agent.adac] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | MOYP58C1FT : "C:\Program Files\V61KNKT2ZA\DKWZTRUMB.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | albanians : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | albaniansalbanians : "C:\Program Files (x86)\Bensonhurst\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | begone : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | begonebegone : "C:\Program Files (x86)\Bensonhurst\stemware.exe" [-] -> Found
    [VT.malicious_confidence_62% (D)] (X86) HKEY_USERS\S-1-5-21-2447791340-2453849044-3119578917-1000\Software\Microsoft\Windows\CurrentVersion\Run | munch : "C:\Program Files (x86)\Jean\stemware.exe" [-] -> Found
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetUtils2016 (\??\C:\WINDOWS\system32\drivers\NetUtils2016.sys) -> Found

    ¤¤¤ Files : 25 ¤¤¤
    [PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Found
    [PUP.Gen0][File] C:\Windows\System32\drivers\NetUtils2016.sys -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\ObscurusOpus\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
    [PUP.Gen1][File] C:\Users\ObscurusOpus\AppData\Local\Temp\Search.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www-searching.com/?prd=set_epe&s=h1bztrmbl10bu,b98483aa-29fd-46b8-b9a0-8fe789779e51, -> Found
    [PUP.Gen1][Folder] C:\ProgramData\SearchModule -> Found
    [PUP.SearchModule][Folder] C:\Program Files\Common Files\Noobzo -> Found
    [Adw.Wizzcaster][File] C:\Program Files\V61KNKT2ZA\DKWZTRUMB.exe -> Found
    [PUP.Gen1][File] C:\Users\ObscurusOpus\Desktop\BrowserAir.lnk [LNK@] C:\Users\OBSCUR~1\AppData\Local\BROWSE~1\APPLIC~1\BROWSE~1.EXE -> Found
    [PUP.Gen1][File] C:\Users\ObscurusOpus\Desktop\Gmail.lnk [LNK@] C:\Users\ObscurusOpus\AppData\Local\BrowserAir\Application\BrowserAir.exe http://mail.google.com -> Found
    [PUP.Gen1][File] C:\Users\ObscurusOpus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www-searching.com/?prd=set_epc&s=h1bztrmbl10bu,b98483aa-29fd-46b8-b9a0-8fe789779e51, -> Found
    [PUP.Gen1][Folder] C:\Users\ObscurusOpus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir -> Found

    Then again reboot your PC.

    After this reboot, run new scans and save new logs with both RogueKiller and Hitman. Attach the new logs.

    How are things working?
     
    chaslang, Jan 13, 2017
    #2
    atlantic546 likes this.
  3. atlantic546

    atlantic546 Private E-2

    Everything seems to be back to normal now.

    I was not able to access Google for a while but I think I figured out that problem.

    Thank again for your help.
     
    atlantic546, Jan 14, 2017
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. You forgot to attach the new logs I requested so I can double check to make sure we were able to remove what was necessary.
     
    chaslang, Jan 14, 2017
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds