What do you guys know about Strongvault.exe?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Snuffleupagus, Jan 29, 2013.

  1. Snuffleupagus

    Snuffleupagus Private E-2

    I wanted to run Malwarebytes, but had to download an updated version. I go a message that my Internet Security Settings prevented me from downloading (IE 8 on a WIN7-Pro 64-bit machine).

    So I tried downloading CCleaner TDSSKiller, RogueKiller, Combofix. Got the same message. So in the tool bar appearing on the bottom that allowed me to Save, Save as or Retry, I tried to save it to desktop and launch as Administrator, but no luck.

    In order to run the various malware/anti-virus software apps, I had to download the apps on a clean machine to a Flash Drive, copy the app from the Flash Drive and install it on the infected PC's desktop.

    Finally after running CCleaner, TDSSKiller, RogueKiller, I had some success with Combofix.

    After success with Combofix, which identified "strongvault.exe", I uninstalled that software. I have no recollection of conscientiously choosing to download StrongVault and I have no clue which software it may have piggybacked on downloading onto my PC.

    At any rate I think I am clean now.

    So maybe you folks can make heads/tails of the attached logs?!?!

    Cheers!
     

    Attached Files:

    Snuffleupagus, Jan 29, 2013
    #1
  2. Snuffleupagus

    Snuffleupagus Private E-2

    more files.
     

    Attached Files:

    Snuffleupagus, Jan 29, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to run our complete cleaning procedure and Combofix is not part of it and should not be run. Especially since recent version of ComboFix had been infected itself.

    So to be clear, you are missing logs from Malwarebytes, Hitman Pro and MGtools.

    Also note that you should not be trying to remove/fix things with RogueKiller. Re-read our instructions. You were attempting to delete normal settings on your PC.
     
    Last edited: Jan 29, 2013
    chaslang, Jan 29, 2013
    #3
  4. Snuffleupagus

    Snuffleupagus Private E-2

    Hitman Pro & MGlogs.zip. No Malwarebytes log, no Malwarebytes issues.
     

    Attached Files:

    Snuffleupagus, Feb 6, 2013
    #4
  5. Snuffleupagus

    Snuffleupagus Private E-2

    Found the Malwarebytes current log.
     

    Attached Files:

    Snuffleupagus, Feb 6, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below software:
    Coupon Companion Plugin
    Strongvault Online Backup
    Viewpoint Media Player

    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Files
c:\users\Kirk\AppData\Roaming\Strongvault
c:\users\Kirk\AppData\Local\Strongvault Online Backup
c:\users\Kirk\AppData\Local\Stronghold_LLC
c:\users\Kirk\AppData\Local\StrongVault
c:\program files (x86)\Strongvault Online Backup
c:\programdata\Strongvault Online Backup
c:\users\Kirk\AppData\Local\Updater21804
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
c:\program files (x86)\Coupon Companion Plugin
C:\Windows\TEMP\*.*
C:\Users\Kirk\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SMessaging"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"SMessaging"=-
[-HKEY_USERS\S-1-5-21-3188258625-1692374509-2887653538-1004\Software\InstalledBrowserExtensions\215 Apps]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 7, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds