PDA

View Full Version : Malware, 2yourface, Unknown ADS, No admin in ACL



Aaron John
2012-07-06, 03:58
Hello Safer-Networking Team,

I came across your website when I was searching for information on general malware removal. I have 2yourface FF extension installed on my computer. Also, I ran RootAlyzer and got the log below, does anything in the log look suspicious?

I have ran Malware Bytes, Avast boot time scan, & Super-AntiSpyware. The 1st 2 didn't find anything, the last one found some tracking cookies, 2yourface, and priceGong (I had SAS remove priceGong and the trackers).

Would you help me clean any additional malware off? I want to be absolutely certain it is clean because I am going to make a backup after this.

Thank you kindly in advance,
Aaron John


// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","F:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\81602.bpc"
File:"No admin in ACL","F:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\OPA12.BAK"
File:"No admin in ACL","F:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat"
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\89451.bpc"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20120630-0001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
Directory:"No admin in ACL","F:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA"
Directory:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA"
Directory:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"

tashi
2012-07-06, 05:05
Hello Aaron John,

In case you missed it please see the sticky which includes guidelines for this forum and instructions in post #2 on how to provide the preliminary "DDS" logs used for analysis. http://forums.spybot.info/showthread.php?t=288
(http://forums.spybot.info/showthread.php?t=288)
Then start a new topic providing the DDS logs as shown in that FAQ and a volunteer analyst will advise you when available. :)

Best regards.