Adlice forum

General Category => Malware removal help => Topic started by: CasLei on January 15, 2016, 04:09:47 AM

Title: Need help for fixing viruses
Post by: CasLei on January 15, 2016, 04:09:47 AM

Hello,
The scan with Roguekiller attached show me  many  problems that I couldn't define what is the right solution: delete or not.
Please I need some help to select wich one I need to remove.

Thanks a lot in advance,
CasLei

Title: Re: Need help for fixing viruses
Post by: Curson on January 15, 2016, 04:02:22 PM

Hi CasLei,

Welcome to Adlice.com Forum.

The [VT.Detection] entries show up because the files were not present in VirusTotal database at the time of the scan. If you allowed the files to be uploaded, they won't appear anymore.
Please relaunch RogueKiller and select the following entries for deletion :

Quote

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Tarma Installer -> Não selecionado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Babylon -> Não selecionado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Iminent -> Não selecionado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SProtector -> Não selecionado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Uniblue -> Não selecionado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\V9 -> Não selecionado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\YourFileDownloader -> Não selecionado
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} (mscoree.dll) -> Não selecionado
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7} -> Não selecionado
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Não selecionado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Não selecionado
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-1991527096-4067816764-1087162926-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | 114_20264522260421 : "C:\Users\Cassia\AppData\Local\LMIR0001.tmp_r.bat" [-] -> Não selecionado
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST9500325AS_5VE91CGLXXXX5VE91CGL&ts=1372275205  -> Não selecionado
[Suspicious.Path] %WINDIR%\Tasks\MySearchDial.job -- C:\Users\Cassia\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Não selecionado
[Suspicious.Path] \4777 -- wscript.exe (C:\Users\Cassia\AppData\Local\Temp\launchie.vbs //B) -> Não selecionado
[Suspicious.Path] \MySearchDial -- C:\Users\Cassia\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Não selecionado
[PUP] \YourFile DownloaderUpdate -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe -> Não selecionado

Please download Farbar Recovery Scan Tool (x64) (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
  

Regards.