Iexplore replicating: tojan found

[mikenowo]

Hmm I thought I already posted those results but here they are again:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by mike at 2015-03-14 04:39:54 Run:3
Running from C:\Users\mike\Downloads\Malware scanner tools\Trojan virus fix
Loaded Profiles: mike (Available profiles: mike & arathornv)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Acxworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll
2015-03-11 08:16 - 2015-03-11 08:16 - 00000480 ____H () C:\Users\mike\AppData\Roaming\麽鎒駓覜
C:\Users\mike\AppData\Roaming\麽鎒駓覜
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acxworks => value deleted successfully.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 58.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 04:40:15 ====

 

[mikenowo]

Here's the last rogue-results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by mike at 2015-03-14 04:39:54 Run:3
Running from C:\Users\mike\Downloads\Malware scanner tools\Trojan virus fix
Loaded Profiles: mike (Available profiles: mike & arathornv)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Acxworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll
2015-03-11 08:16 - 2015-03-11 08:16 - 00000480 ____H () C:\Users\mike\AppData\Roaming\麽鎒駓覜
C:\Users\mike\AppData\Roaming\麽鎒駓覜
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acxworks => value deleted successfully.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 58.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 04:40:15 ====

 

[Juliet]

OK
You've searched the computer and this is not found?
C:\Users\mike\AppData\Roaming\麽鎒駓覜"

Also, the last log you posted was the same fixlist and not the one for RogueKiller?

 

[mikenowo]

That's the last R post:

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mike [Administrator]
Started from : C:\Users\mike\Downloads\Malware scanner tools\Trojan virus fix\RogueKiller.exe
Mode : Scan -- Date : 03/14/2015 18:15:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADX-22TDHB0 ATA Device +++++
--- User ---
[MBR] 827b71a3dcd7830cf3758f133a5db68a
[BSP] d791f61362482ad634cec41db0842f07 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_03142015_104912.log - RKreport_SCN_03142015_053346.log - RKreport_SCN_03142015_104021.log

 

[Juliet]

Tell me what the computer is doing now.

 

[mikenowo]

Tell me what the computer is doing now.

purring like a kitten .. thanks for all your help ;-)

 

[Juliet]

DelFix

• Please download DelFix
  or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~~~~

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP
  

The following programmes come highly recommended in the security community.

• 
  AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• 
  CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
• 
  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• 
  Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• 
  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• 
  Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
• 
  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
• 
  Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom and learn how.

 

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.