Results 1 to 3 of 3

Thread: win32.downloader.com

  1. 2013-03-29, 14:13 #1
    bearman
    bearman is offline
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default win32.downloader.com

    spybot found but cannot get rid of win32.downloader.com in my windows 7. I found and deleted search protect by conduit in programs and features and re-booted. the following is the result of running AdWcleaner, please tell me if there is anymore I need to do to get rid of this malware. thank you.

    # AdwCleaner v2.115 - Logfile created 03/29/2013 at 08:51:56
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\owner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\AVH1135A\AdwCleaner[1].exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\END
    Folder Found : C:\Program Files\Common Files\AVG Secure Search
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Coupon Companion Plugin
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\owner\AppData\Local\Conduit
    Folder Found : C:\Users\owner\AppData\LocalLow\Conduit
    Folder Found : C:\Users\owner\AppData\LocalLow\MixiDJ_V1
    Folder Found : C:\Users\owner\AppData\LocalLow\PriceGong

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{67097627-FD8E-4F6B-AF4B-ECB65E50112E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67097627-FD8E-4F6B-AF4B-ECB65E50112E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\StartNow Toolbar
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3285873
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5066BEE4-93A5-4251-9EC6-C8A24A85A4A9}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78282BB8-E67C-4BF7-A833-CC05918BAC25}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\Software\MixiDJ_V1
    Key Found : HKLM\Software\StartNow Toolbar
    Key Found : HKLM\Software\Tarma Installer
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{67097627-FD8E-4F6B-AF4B-ECB65E50112E}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [5204 octets] - [29/03/2013 08:51:56]

    ########## EOF - C:\AdwCleaner[R1].txt - [5264 octets] ##########
    Last edited by tashi; 2013-03-29 at 15:44. Reason: Moved topic from Spybot-S&D support as Spybot scan results not presented. :)
  2. 2013-03-29, 15:35 #2
    bearman
    bearman is offline
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default win32.downloader.gen

    spybot found but cannot get rid of win32.downloader.com in my windows 7. I found and deleted search protect by conduit in programs and features and re-booted. the following is the result of running AdWcleaner, please tell me if there is anymore I need to do to get rid of this malware. thank you.

    # AdwCleaner v2.115 - Logfile created 03/29/2013 at 08:51:56
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\owner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\AVH1135A\AdwCleaner[1].exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\END
    Folder Found : C:\Program Files\Common Files\AVG Secure Search
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Coupon Companion Plugin
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\owner\AppData\Local\Conduit
    Folder Found : C:\Users\owner\AppData\LocalLow\Conduit
    Folder Found : C:\Users\owner\AppData\LocalLow\MixiDJ_V1
    Folder Found : C:\Users\owner\AppData\LocalLow\PriceGong

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{67097627-FD8E-4F6B-AF4B-ECB65E50112E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67097627-FD8E-4F6B-AF4B-ECB65E50112E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\StartNow Toolbar
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3285873
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5066BEE4-93A5-4251-9EC6-C8A24A85A4A9}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78282BB8-E67C-4BF7-A833-CC05918BAC25}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\Software\MixiDJ_V1
    Key Found : HKLM\Software\StartNow Toolbar
    Key Found : HKLM\Software\Tarma Installer
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{67097627-FD8E-4F6B-AF4B-ECB65E50112E}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [5204 octets] - [29/03/2013 08:51:56]

    ########## EOF - C:\AdwCleaner[R1].txt - [5264 octets] ##########
    Last edited by tashi; 2013-03-29 at 15:44. Reason: Merged new topic in malware forum
  3. 2013-03-29, 15:42 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello bearman,

    Please see the sticky which includes guidelines for this forum in post #1 and instructions in post #2 on how to provide the preliminary DDS and aswMBR logs used for analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then start a new topic providing the DDS and aswMBR logs, a volunteer analyst will advise when available.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules