windowstime.exe infected?

VistaKing · 15 Aug 2013

Rescan the PC and once its complete make sure everything is checked when you click on Show Results then once everything is checked click on Remove Selected.

Upload the log .

Then run AdwCleaner and JRT

AdwCleaner

Click here AdwCleaner

Click on Download Now button

Save to the Desktop

Right-click on AdwCleaner.exe and choose

Click on Clean and confirm the prompt.

Upload the log : The log file is at C:\AdwCleaner[n].txt

Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file

lucasbuck · 15 Aug 2013

So tarma and Adobe Air should be removed? I thought tarma was an installer for some programs and of course Air is used by Adobe products.

VistaKing · 15 Aug 2013

This could be removed . No Adobe listed

Code:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Library :: LIBRARY-PC [administrator]

8/15/2013 12:05:05 PM
MBAM-log-2013-08-15 (19-25-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413442


Folders Detected: 3
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.

Files Detected: 6
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Library\AppData\Local\Temp\GBKlatAT.exe.part (PUP.Optional.AirInstaller) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.

(end)

lucasbuck · 15 Aug 2013

I may be wrong, but I'm pretty sure MB listed Airinstaller as Adobe Air. I can recheck.

VistaKing · 15 Aug 2013

That's not Adobe air. go ahead and place a checkmark next to everything that was found by Malwarebytes

AdwCleaner

Click here AdwCleaner

Click on Download Now button

Save to the Desktop

Right-click on AdwCleaner.exe and choose

Click on Clean and confirm the prompt.

Upload the log : The log file is at C:\AdwCleaner[n].txt

Download Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file

lucasbuck · 17 Aug 2013

Everything reported clean, thanks for the help!

VistaKing · 17 Aug 2013

Run

Farbar Recovery Scan Tool

64-Bit Version OS Farbar Recovery Scan Tool x64 <===== Download Link

Drag the FRST64.exe from the Downloads folder to your Desktop

Right click on FRST64.exe and choose

When the tool opens click Yes on the disclaimer window .

Press Scan button.

FRST will let you know when the scan is complete and has written the FRST.txt to file

Note

The first time Farbar Recovery Scan Tool is run, it makes also another log Addition.txt

Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

lucasbuck · 24 Aug 2013

It also reported as clean. Thanks again for the help!

VistaKing · 24 Aug 2013

Malwarebytes

Download Link

MalwareBytes

When the installation is done uncheck Enable free trial of Malwarebytes (see image below )

Update the definitions and do a full scan

On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Log looks like this : mbam-log-yyyy-mm-dd

Log located : C:\Users\{Your UserName}\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs or C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs