Possible infection with Vawtrak/Pony trojan.

[banshee]

EXCEL PASSWORD RECOVERY
This is something you downloaded either to get a password or a cracked copy....can't tell.
If it's a cracked copy I have to tell you it should be uninstalled, leave that up to you since it is against forum policy to have illegal programs on your computer.

This was to recover a password on an old excel file I had done several years ago, nothing to do with a cracked copy of Excel. Once I got the password I removed the program but apparently not all of the registry keys were removed.

I'll download ADWCleaner and run it again.

 

[banshee]

Here is latest logfile

# AdwCleaner v5.201 - Logfile created 11/07/2016 at 12:32:54
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-10.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Antec-179 - PROGRAMMING
# Running from : C:\Users\Antec-179\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [804 bytes] - [11/07/2016 12:32:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [962 bytes] - [11/07/2016 09:56:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [948 bytes] ##########

 

[Juliet]

gotcha!

Tell me how the computer is now.

 

[banshee]

PC seems fine, then again it did before, it was just the email that had me concerned. I don't know how I would tell if that trojan was still installed and sending out usernames and p/w's so I guess I'll just wait and see.

Thanks for the help.

 

[Juliet]

I think anything that was malware has been removed.

What you can do is
From a known clean computer:
change passwords to all sites used with sensitive information.

You can call your bank and have an alert placed on your accounts for a while...I really didn't see anything that made me think you had any kind of a backdoor trojan but, it's still a precaution you can take.

 

[Juliet]

Let's remove tools used with the quarantine folders.

DelFix

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialized tools we used to disinfect your system.
  Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

 

[banshee]

Done.

Thanks for the help Juliet.

 

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.