- Local time
- 5:12 AM
- Messages
- 62
My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
Solved Help with Firewall/Hacker
- Thread starter DigitalOctave
- Start date
- Local time
- 3:12 AM
- Messages
- 6,830
Run Farbar Recovery Scan Tool
64-Bit Version OS Farbar Recovery Scan Tool x64 <===== Download Link
Drag the FRST64.exe from the Downloads folder to your Desktop
Right click on FRST64.exe and choose
When the tool opens click Yes on the disclaimer window .
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please upload both logs in your reply.(FRST.txt and Addition.txt)
:note: FRST.txt and Addition.txt will be on the Desktop :note:
Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
And run this program below
Farbar Service Scanner
Click here :ar: Farbar Service Scanner to DOWNLOAD
Place file into your desktop
Place a check mark next to the following options
Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
Drag the FRST64.exe from the Downloads folder to your Desktop
Right click on FRST64.exe and choose
When the tool opens click Yes on the disclaimer window .
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Note
The first time Farbar Recovery Scan Tool is run, it makes also another log Addition.txt
Please upload both logs in your reply.(FRST.txt and Addition.txt)
:note: FRST.txt and Addition.txt will be on the Desktop :note:
Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
And run this program below
Click here :ar: Farbar Service Scanner to DOWNLOAD
Place file into your desktop
Place a check mark next to the following options
Internet Services- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
- Local time
- 3:12 AM
- Messages
- 6,830
You do have the Zero Access virus
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
- Local time
- 3:12 AM
- Messages
- 6,830
DigitalOctave
I believe cottonball is working up a fix for you .
I believe cottonball is working up a fix for you .
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
I just got finished running HitmanPro. Deleted some trojans and quarantined the malware
My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
- Local time
- 3:12 AM
- Messages
- 6,830
Upload the log . See if the log is in here C:\ Program Files\Hitman Pro\Logs
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
- Local time
- 3:12 AM
- Messages
- 6,830
Can you copy and paste the log contents ? I'm on an iPad and for some reason its shows boxes .
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
logs part one
Code:
HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : SOMEONES-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Someones-PC\Enrique
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-07-23 01:18:04
Scan mode . . . . . . : Normal
Scan duration . . . . : 26m 8s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 556
Traces . . . . . . . : 3196
Objects scanned . . . : 31,756,167
Files scanned . . . . : 969,215
Remnants scanned . . : 29,953,891 files / 833,061 keys
Malware _____________________________________________________________________
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\n -> Deleted
Size . . . . . . . : 42,496 bytes
Age . . . . . . . : 71.2 days (2013-05-12 20:58:28)
Entropy . . . . . : 5.3
SHA-256 . . . . . : 8244DDFCBA327A3F67A5582642C53241EE5E58D75808547CD74808BCDED272D0
> G Data . . . . . . : Trojan.Sirefef.KH
> Ikarus . . . . . . : Trojan.Win64!IK
Fuzzy . . . . . . : 115.0
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\80000000.@ -> Deleted
Size . . . . . . . : 15,360 bytes
Age . . . . . . . : 71.2 days (2013-05-12 20:59:43)
Entropy . . . . . : 5.4
SHA-256 . . . . . : E483D414588EA9E002CFADD9786088D90557AEB473C0C5C62C8E4B34C58DBDB9
> G Data . . . . . . : Trojan.Generic.8044919
> Ikarus . . . . . . : Trojan.Win64!IK
Fuzzy . . . . . . : 110.0
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\80000032.@ -> Deleted
Size . . . . . . . : 90,624 bytes
Age . . . . . . . : 71.2 days (2013-05-12 20:59:43)
Entropy . . . . . : 6.6
SHA-256 . . . . . : EF8766EFC0DDC7A56A71DBCC65200537988163512C70F9CE8CD44398943DE5AD
> G Data . . . . . . : Trojan.Sirefef.XL
> Ikarus . . . . . . : Trojan.Win32.Alureon!IK
Fuzzy . . . . . . : 110.0
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\80000064.@ -> Deleted
Size . . . . . . . : 77,312 bytes
Age . . . . . . . : 71.2 days (2013-05-12 20:59:43)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DBDAEA813662144D3D37323DDAB9C9DC63501FB09E9DA3C70325BE5CA816C92B
> G Data . . . . . . : Trojan.Sirefef.YA
> Ikarus . . . . . . : Trojan.Win64!IK
Fuzzy . . . . . . : 110.0
C:\Users\Enrique\AppData\Local\Temp\1393509943_minerd3.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 45.3 days (2013-06-07 19:12:00)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 39574F1D8CF33A576CF360CDF38C6C9667836F77783387AF5DC6FFAB38C309D1
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
C:\Users\Enrique\AppData\Local\Temp\1393632607_minerd3.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 45.3 days (2013-06-07 19:14:02)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 39574F1D8CF33A576CF360CDF38C6C9667836F77783387AF5DC6FFAB38C309D1
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
C:\Users\Enrique\AppData\Local\Temp\msimg32.dll -> Deleted
Size . . . . . . . : 147,968 bytes
Age . . . . . . . : 71.2 days (2013-05-12 20:58:28)
Entropy . . . . . : 7.7
SHA-256 . . . . . : A042B0B150765C698A909463F5E8CCF3B687C5150F88E3FA43A697C069B9744D
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : CertReq.exe
Version . . . . . : 6.1.7600.16385
Copyright . . . . : © Microsoft Corporation. All rights reserved.
> G Data . . . . . . : Trojan.GenericKDZ.17846
> Ikarus . . . . . . : Trojan-Dropper.Win32.Sirefef!IK
Fuzzy . . . . . . : 113.0
C:\Users\Enrique\AppData\Local\Temp\tmp32D4.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:16:07)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D9C3A070C9F7EE6A42B1EC415645C812E0E674B16C895DDCBFF2D52261066386
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmp3C76.tmp.exe -> Quarantined
Size . . . . . . . : 435,200 bytes
Age . . . . . . . : 24.0 days (2013-06-29 01:35:54)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 168167EFE8E8A73FC059EA46362A9FD95DBBF949A4F28D850DE145364026F1B2
Product . . . . . : The Dargon Project
Publisher . . . . : ItzWarty
Description . . . : Dargon Setup
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © ItzWarty 2012
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 113.0
C:\Users\Enrique\AppData\Local\Temp\tmp3DA6.tmp.exe -> Deleted
Size . . . . . . . : 758,272 bytes
Age . . . . . . . : 46.2 days (2013-06-06 20:27:42)
Entropy . . . . . : 8.0
SHA-256 . . . . . : CDBC12609746961EB1B623880E71211B91CB11FF67A7FA369D4A872249EA1794
Product . . . . . : ModellNvid
Description . . . : ModellNvid
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © ModellNvid 2013
> G Data . . . . . . : Gen:Variant.Zusy.49764
> Ikarus . . . . . . : Backdoor.Win32.Fynloski!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmp5FFD.tmp.exe -> Quarantined
Size . . . . . . . : 435,200 bytes
Age . . . . . . . : 24.0 days (2013-06-29 01:36:03)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 168167EFE8E8A73FC059EA46362A9FD95DBBF949A4F28D850DE145364026F1B2
Product . . . . . : The Dargon Project
Publisher . . . . : ItzWarty
Description . . . : Dargon Setup
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © ItzWarty 2012
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 113.0
C:\Users\Enrique\AppData\Local\Temp\tmp6809.tmp.exe -> Deleted
Size . . . . . . . : 509,952 bytes
Age . . . . . . . : 45.3 days (2013-06-07 19:09:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 6F1864708A08FB79D319C6957F922EB5131C63252633D617229E839FC76DA9F8
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmp6894.tmp.exe -> Deleted
Size . . . . . . . : 759,808 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:54:34)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 6E6E752BB526C76207CEFC98A48DB3BDB4F06B279082005FD8DF727A47E058E0
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmp91E2.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 36.5 days (2013-06-16 12:35:39)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D9C3A070C9F7EE6A42B1EC415645C812E0E674B16C895DDCBFF2D52261066386
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
- Local time
- 5:12 AM
- Messages
- 62
logs part two
C:\Users\Enrique\AppData\Local\Temp\tmpA987.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 36.5 days (2013-06-16 12:35:45)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D9C3A070C9F7EE6A42B1EC415645C812E0E674B16C895DDCBFF2D52261066386
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpC229.tmp.exe -> Quarantined
Size . . . . . . . : 435,200 bytes
Age . . . . . . . : 24.0 days (2013-06-29 01:36:28)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 168167EFE8E8A73FC059EA46362A9FD95DBBF949A4F28D850DE145364026F1B2
Product . . . . . : The Dargon Project
Publisher . . . . : ItzWarty
Description . . . : Dargon Setup
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © ItzWarty 2012
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 113.0
C:\Users\Enrique\AppData\Local\Temp\tmpC6E9.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:22:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 69ED1962035BA05F4687A589EFE1580C684F2465D79859A2B06EB6AF575FF252
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpC6F8.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:22:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 69ED1962035BA05F4687A589EFE1580C684F2465D79859A2B06EB6AF575FF252
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpD034.tmp.exe -> Deleted
Size . . . . . . . : 758,272 bytes
Age . . . . . . . : 46.2 days (2013-06-06 20:22:52)
Entropy . . . . . : 8.0
SHA-256 . . . . . : CDBC12609746961EB1B623880E71211B91CB11FF67A7FA369D4A872249EA1794
Product . . . . . : ModellNvid
Description . . . : ModellNvid
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © ModellNvid 2013
> G Data . . . . . . : Gen:Variant.Zusy.49764
> Ikarus . . . . . . : Backdoor.Win32.Fynloski!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpE62C.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:36:32)
Entropy . . . . . : 8.0
SHA-256 . . . . . : F8C8D57C414E8A1C2FB33D9A029123DEC8AB4DEF1BCAE43CC04B8F9D2D961101
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Roaming\etilqs_PRCMgrhnbTb.exe -> Quarantined
Size . . . . . . . : 796,160 bytes
Age . . . . . . . : 16.1 days (2013-07-06 23:45:20)
Entropy . . . . . : 7.9
SHA-256 . . . . . : D21FF949E5DB878128D0CD0D7A8578114231E9E29F933C9A1551AA0CC0125F6C
Product . . . . . : TeamViewer
Publisher . . . . : TeamViewer GmbH
Description . . . : TeamViewer 8
Version . . . . . : 8.0.18051.0
Copyright . . . . : TeamViewer GmbH
> G Data . . . . . . : Gen:Variant.Kazy.199289
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Roaming\JEsNE\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 45.3 days (2013-06-07 18:20:23)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\JEsNE\taskengine.exe -> Deleted
Size . . . . . . . : 84,992 bytes
Age . . . . . . . : 45.3 days (2013-06-07 18:20:31)
Entropy . . . . . : 7.0
SHA-256 . . . . . : EDDFA19BEDD75F5035D1F9FDAF261F2DA05DE81B7A2AED9070F190BA92EE5457
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 105.0
C:\Users\Enrique\AppData\Roaming\JvXsG\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 43.3 days (2013-06-09 18:03:01)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\JvXsG\taskengine.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 43.3 days (2013-06-09 18:03:10)
Entropy . . . . . : 4.6
SHA-256 . . . . . : E6DF452CBBA18ADE99F470F1A5BBAC0AC6A04E81F8A9410DEA8061CF65D74F5F
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
C:\Users\Enrique\AppData\Roaming\nBLut\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 45.3 days (2013-06-07 19:12:04)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\nBLut\taskengine.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 45.3 days (2013-06-07 19:12:12)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 39574F1D8CF33A576CF360CDF38C6C9667836F77783387AF5DC6FFAB38C309D1
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
C:\Users\Enrique\AppData\Roaming\QMBVL\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 45.2 days (2013-06-07 20:48:35)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\QMBVL\taskengine.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 45.2 days (2013-06-07 20:48:43)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 35172527A17BBDEC75B42E34273534F6569E9F9CD40C6ACEC450424DD8E2861B
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
Malware remnants ____________________________________________________________
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\L\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\L\00000004.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\00000004.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\00000008.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\000000cb.@ (ZeroAccess) -> Deleted
Cookies _____________________________________________________________________
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yealt.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\04VOF1ER.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\0L7INRIW.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\0V2LDSJJ.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\11K6CL28.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\13N7ZDG7.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\3BX37ZTT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\3DTFZNQA.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\4AS5OVOF.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\5QOYO3IH.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\67HR9D86.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\6ZCNYBQ4.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\7KJ73UE2.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\8UMAX4IZ.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\8UY7OKKO.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\9ELP55G0.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\ALCRFIBX.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\BIG70J8W.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\BO5KOL5K.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\BTGHAFVD.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\CA2IE50Q.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\DG6O8BLT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\DVC1OHL6.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\EP6L7FFT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\F14VATXU.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\F30HLGXT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\FGDZW3FE.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\G93407YS.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\GKT2UA9J.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\GWGLEAJP.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\HVJW3AOP.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\IC4S4DAD.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\IJOJJAKF.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\INKPPIRD.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\JCEIR16E.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\JJ46FX2A.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\JZ2QYBYO.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\KN4TA4SB.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\LR77EY8B.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\M6BM2YZQ.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\MU2CBIOI.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\MVDKOXYI.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\NS3P69KC.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\NXUGF9PX.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\O4CKD1TR.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\OS6WHYOP.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\PCQ0TZJY.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\PHTHMGZG.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\PLA4B3IA.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Q73X0CA4.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\QU14YSZE.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\SR26RLCC.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\SYMJ0K3D.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\V35XRJRK.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\VC1FKK37.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\VK1NUMFS.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\W0TPRDZB.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\W9CVY010.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\XS9M1BFU.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Y82KARRS.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\YPBS1W0O.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Z06MK1I3.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Z4H20TVU.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\ZXOS6B3C.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\ZZXGVCTS.txt
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:apmebf.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:*********.net
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:dmtracker.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:doubleclick.net
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:invitemedia.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:mediaplex.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:microsoftsto.112.2o7.net
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:stats.paypal.com
[/code]
C:\Users\Enrique\AppData\Local\Temp\tmpA987.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 36.5 days (2013-06-16 12:35:45)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D9C3A070C9F7EE6A42B1EC415645C812E0E674B16C895DDCBFF2D52261066386
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpC229.tmp.exe -> Quarantined
Size . . . . . . . : 435,200 bytes
Age . . . . . . . : 24.0 days (2013-06-29 01:36:28)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 168167EFE8E8A73FC059EA46362A9FD95DBBF949A4F28D850DE145364026F1B2
Product . . . . . : The Dargon Project
Publisher . . . . : ItzWarty
Description . . . : Dargon Setup
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © ItzWarty 2012
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 113.0
C:\Users\Enrique\AppData\Local\Temp\tmpC6E9.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:22:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 69ED1962035BA05F4687A589EFE1580C684F2465D79859A2B06EB6AF575FF252
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpC6F8.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:22:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 69ED1962035BA05F4687A589EFE1580C684F2465D79859A2B06EB6AF575FF252
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpD034.tmp.exe -> Deleted
Size . . . . . . . : 758,272 bytes
Age . . . . . . . : 46.2 days (2013-06-06 20:22:52)
Entropy . . . . . : 8.0
SHA-256 . . . . . : CDBC12609746961EB1B623880E71211B91CB11FF67A7FA369D4A872249EA1794
Product . . . . . : ModellNvid
Description . . . : ModellNvid
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © ModellNvid 2013
> G Data . . . . . . : Gen:Variant.Zusy.49764
> Ikarus . . . . . . : Backdoor.Win32.Fynloski!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Local\Temp\tmpE62C.tmp.exe -> Deleted
Size . . . . . . . : 759,296 bytes
Age . . . . . . . : 45.3 days (2013-06-07 17:36:32)
Entropy . . . . . : 8.0
SHA-256 . . . . . : F8C8D57C414E8A1C2FB33D9A029123DEC8AB4DEF1BCAE43CC04B8F9D2D961101
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Roaming\etilqs_PRCMgrhnbTb.exe -> Quarantined
Size . . . . . . . : 796,160 bytes
Age . . . . . . . : 16.1 days (2013-07-06 23:45:20)
Entropy . . . . . : 7.9
SHA-256 . . . . . : D21FF949E5DB878128D0CD0D7A8578114231E9E29F933C9A1551AA0CC0125F6C
Product . . . . . : TeamViewer
Publisher . . . . : TeamViewer GmbH
Description . . . : TeamViewer 8
Version . . . . . : 8.0.18051.0
Copyright . . . . : TeamViewer GmbH
> G Data . . . . . . : Gen:Variant.Kazy.199289
Fuzzy . . . . . . : 114.0
C:\Users\Enrique\AppData\Roaming\JEsNE\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 45.3 days (2013-06-07 18:20:23)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\JEsNE\taskengine.exe -> Deleted
Size . . . . . . . : 84,992 bytes
Age . . . . . . . : 45.3 days (2013-06-07 18:20:31)
Entropy . . . . . : 7.0
SHA-256 . . . . . : EDDFA19BEDD75F5035D1F9FDAF261F2DA05DE81B7A2AED9070F190BA92EE5457
Product . . . . . : Demoridus
Description . . . : Demoridus
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © Demoridus 2013
> G Data . . . . . . : Trojan.GenericKDZ.20587
> Ikarus . . . . . . : Backdoor.Win32.Androm!IK
Fuzzy . . . . . . : 105.0
C:\Users\Enrique\AppData\Roaming\JvXsG\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 43.3 days (2013-06-09 18:03:01)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\JvXsG\taskengine.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 43.3 days (2013-06-09 18:03:10)
Entropy . . . . . : 4.6
SHA-256 . . . . . : E6DF452CBBA18ADE99F470F1A5BBAC0AC6A04E81F8A9410DEA8061CF65D74F5F
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
C:\Users\Enrique\AppData\Roaming\nBLut\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 45.3 days (2013-06-07 19:12:04)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\nBLut\taskengine.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 45.3 days (2013-06-07 19:12:12)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 39574F1D8CF33A576CF360CDF38C6C9667836F77783387AF5DC6FFAB38C309D1
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
C:\Users\Enrique\AppData\Roaming\QMBVL\miner.dll -> Quarantined
Size . . . . . . . : 343,552 bytes
Age . . . . . . . : 45.2 days (2013-06-07 20:48:35)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 296D3069DBE4F2D7049B06BFB05AF4ECBE25E824EB21EA32D939C7151348BB02
Product . . . . . : xCoin Miner
Publisher . . . . : Ufasoft
Description . . . : coin-miner
Version . . . . . : 7.0.13047.0
Copyright . . . . : Copyright (c) 2011-2013 Ufasoft
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 100.0
C:\Users\Enrique\AppData\Roaming\QMBVL\taskengine.exe -> Deleted
Size . . . . . . . : 9,728 bytes
Age . . . . . . . : 45.2 days (2013-06-07 20:48:43)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 35172527A17BBDEC75B42E34273534F6569E9F9CD40C6ACEC450424DD8E2861B
Description . . . :
Version . . . . . : 0.0.0.0
Copyright . . . . :
> G Data . . . . . . : Gen:Variant.Kazy.158415
> Ikarus . . . . . . : Trojan.CoinMiner!IK
Fuzzy . . . . . . : 106.0
Malware remnants ____________________________________________________________
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\L\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\L\00000004.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\00000004.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\00000008.@ (ZeroAccess) -> Deleted
C:\$Recycle.Bin\S-1-5-21-3946502291-3340588053-1113517402-1000\$8ccb4cf9c6070d760d7d2da245d8f97a\U\000000cb.@ (ZeroAccess) -> Deleted
Cookies _____________________________________________________________________
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yealt.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\04VOF1ER.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\0L7INRIW.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\0V2LDSJJ.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\11K6CL28.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\13N7ZDG7.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\3BX37ZTT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\3DTFZNQA.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\4AS5OVOF.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\5QOYO3IH.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\67HR9D86.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\6ZCNYBQ4.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\7KJ73UE2.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\8UMAX4IZ.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\8UY7OKKO.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\9ELP55G0.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\ALCRFIBX.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\BIG70J8W.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\BO5KOL5K.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\BTGHAFVD.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\CA2IE50Q.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\DG6O8BLT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\DVC1OHL6.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\EP6L7FFT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\F14VATXU.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\F30HLGXT.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\FGDZW3FE.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\G93407YS.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\GKT2UA9J.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\GWGLEAJP.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\HVJW3AOP.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\IC4S4DAD.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\IJOJJAKF.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\INKPPIRD.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\JCEIR16E.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\JJ46FX2A.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\JZ2QYBYO.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\KN4TA4SB.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\LR77EY8B.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\M6BM2YZQ.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\MU2CBIOI.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\MVDKOXYI.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\NS3P69KC.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\NXUGF9PX.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\O4CKD1TR.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\OS6WHYOP.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\PCQ0TZJY.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\PHTHMGZG.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\PLA4B3IA.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Q73X0CA4.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\QU14YSZE.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\SR26RLCC.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\SYMJ0K3D.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\V35XRJRK.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\VC1FKK37.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\VK1NUMFS.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\W0TPRDZB.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\W9CVY010.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\XS9M1BFU.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Y82KARRS.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\YPBS1W0O.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Z06MK1I3.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\Z4H20TVU.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\ZXOS6B3C.txt
C:\Users\Enrique\AppData\Roaming\Microsoft\Windows\Cookies\ZZXGVCTS.txt
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:apmebf.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:*********.net
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:dmtracker.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:doubleclick.net
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:invitemedia.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:mediaplex.com
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:microsoftsto.112.2o7.net
C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\ky2ok6xo.default\cookies.sqlite:stats.paypal.com
[/code]
My Computer
- Computer type
- PC/Desktop
- OS
- Windows x64
- Local time
- 3:12 AM
- Messages
- 6,830
Delete the old frst.txt and rerun FRST.exe
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
- Local time
- 3:12 AM
- Messages
- 6,830
Copy and paste the code below into Notepad. To open Notepad, click on 
rb: . Inside
type notepad and then press <ENTER> button .
In Notepad, click File and then Save. Type reset.bat inside file name section . Change Save as Type to All Files, and then save the file to your desktop. After the file is saved, right click on the RESET.bat choose
. Once it's finished running, restart your computer. Check to see if your Internet connection is restored.
Once you're on the desktop . Rerun FSS .exe
rb: . Inside
Code:
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
cls
echo Script finished.
pause
del %0In Notepad, click File and then Save. Type reset.bat inside file name section . Change Save as Type to All Files, and then save the file to your desktop. After the file is saved, right click on the RESET.bat choose
Once you're on the desktop . Rerun FSS .exe
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
- Local time
- 3:12 AM
- Messages
- 6,830
Its on Post #2
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000
- Local time
- 5:12 AM
- Messages
- 62
- Local time
- 5:12 AM
- Messages
- 62
- Local time
- 3:12 AM
- Messages
- 6,830
Download Services Repair
:ar: Services Repair <=== Download Link
When done . Drag the file to your desktop
Right click on ServicesRepair.exe choose
Click on Yes or Continue . Once the tool has completed it will ask you to restart . Please restart the PC .
Then run
AdwCleaner
Click here AdwCleaner
:ar: Click on Download Now button
:ar: Save to the Desktop
:ar: Right-click on AdwCleaner.exe and choose
:ar: Click on Delete and confirm the prompt.
:ar: Your computer will be rebooted automatically. A text file will open after the restart.
Upload the log : The log file is at C:\AdwCleaner[Sn].txt
:ar: Services Repair <=== Download Link
When done . Drag the file to your desktop
Right click on ServicesRepair.exe choose
Click on Yes or Continue . Once the tool has completed it will ask you to restart . Please restart the PC .
Then run
Click here AdwCleaner
:ar: Click on Download Now button
:ar: Save to the Desktop
:ar: Right-click on AdwCleaner.exe and choose
:ar: Click on Delete and confirm the prompt.
:ar: Your computer will be rebooted automatically. A text file will open after the restart.
Upload the log : The log file is at C:\AdwCleaner[Sn].txt
My Computer
- Computer Manufacturer/Model Number
- Custom Built
- OS
- Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
- CPU
- Intel Core i7 CPU 950 @ 3.07GHz
- Motherboard
- ASUS P6T DELUXE V2
- Memory
- OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
- Graphics Card(s)
- ATI Radeon HD 5700 Series
- Sound Card
- OnBoard
- Hard Drives
- WD6400AACS-00M3B0 (640GB SATA )
- PSU
- CORSAIR 850w
- Case
- NZXT LEXA
- Cooling
- Intel Stock Heatsink Fan
- Keyboard
- Microsoft Wireless Laser Keyboard 7000
- Mouse
- Microsoft Wireless Laser Mouse 7000