nextari
2012-12-07, 03:07
Hi,
This is an updated request for assistance in identifying remaining malware. Original post was Sunday, with no responses. After perfoming some registry edits my updated post is here:
http://forums.spybot.info/showthread.php?p=434380#post434380
My main concern is if there are any back doors open in the system presently or anything remaining that I'm not seeing.
Please continue to link to updated post, above.
Repeated from link:
I'm cleaning up the system for an SSD install. (2nd drive on HP dv7t-6000 / Win7) Any further suggestions before doing an SSD (w/HDD) install will be greatly appreciated.
Avast scan, Malwarebytes, and Kaspersky Virus Removal Tool 2011 (updated) found nothing even before I succeded in removing the threats.
Kaspersky Security Scan 2.0 says no malware on system, however lists 8 vulnerabilities, and 10 other issues. I will post them below after the requested logs.
I have sent the spybot scan results as an attached jpeg just in case, I hope that is not a waste of forum resources.
Should I go ahead with the SSD install at this point, or are there vulnerabilities remaining?
Thank You!
Malware removed:
process named: is-UEUMC.tmp 2128k (nothing on Google about that one)
MAsetupCleaner.exe 24kb in Windows\SysWOW84 (I deleted it, before it ever ran I believe)
Snap.do seems to be gone, terrible.
Easybits
WildTangent
magicdesktop
yontoo
"Wild search results",
and finally,
Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda was bundled with something and installed. I was continually getting warnings
that it was blocking 4 trojans >>
1) URL: xhttp://urlfilter.vmn.net/vmnsbf/data/121118112548-m.zip|121118112548-m.list (x added to disable the link)
PROCESS: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
INFECTION: JS:ScriptSH-inf [Trj]
also, 2 more same as above with, 121114080835, 121205002101
and one same as above with 121125002847 / INFECTION: HTML:Redirector-AE [Trj]
So I uninstalled visicom_antiphishing.exe by Panda and warnings stopped, as was suggested somewhere. But does this mean they are gone/ were never an actual threat?
This is an updated request for assistance in identifying remaining malware. Original post was Sunday, with no responses. After perfoming some registry edits my updated post is here:
http://forums.spybot.info/showthread.php?p=434380#post434380
My main concern is if there are any back doors open in the system presently or anything remaining that I'm not seeing.
Please continue to link to updated post, above.
Repeated from link:
I'm cleaning up the system for an SSD install. (2nd drive on HP dv7t-6000 / Win7) Any further suggestions before doing an SSD (w/HDD) install will be greatly appreciated.
Avast scan, Malwarebytes, and Kaspersky Virus Removal Tool 2011 (updated) found nothing even before I succeded in removing the threats.
Kaspersky Security Scan 2.0 says no malware on system, however lists 8 vulnerabilities, and 10 other issues. I will post them below after the requested logs.
I have sent the spybot scan results as an attached jpeg just in case, I hope that is not a waste of forum resources.
Should I go ahead with the SSD install at this point, or are there vulnerabilities remaining?
Thank You!
Malware removed:
process named: is-UEUMC.tmp 2128k (nothing on Google about that one)
MAsetupCleaner.exe 24kb in Windows\SysWOW84 (I deleted it, before it ever ran I believe)
Snap.do seems to be gone, terrible.
Easybits
WildTangent
magicdesktop
yontoo
"Wild search results",
and finally,
Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda was bundled with something and installed. I was continually getting warnings
that it was blocking 4 trojans >>
1) URL: xhttp://urlfilter.vmn.net/vmnsbf/data/121118112548-m.zip|121118112548-m.list (x added to disable the link)
PROCESS: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
INFECTION: JS:ScriptSH-inf [Trj]
also, 2 more same as above with, 121114080835, 121205002101
and one same as above with 121125002847 / INFECTION: HTML:Redirector-AE [Trj]
So I uninstalled visicom_antiphishing.exe by Panda and warnings stopped, as was suggested somewhere. But does this mean they are gone/ were never an actual threat?