MBAM finds rogue.multiple, here are Combofix results

gregrocker

New member
Guru
Local time
12:00 AM
Messages
50,634
Hi all -

I was working on my Uncles office PC tonight installing 13 optional Updates while running a MBAM scan, which suddenly popped up with rogue.multiple infection I googled to find Combofix suggested. Ran Combofix which log I am uploading here for your wisdom.

Incidentally, at restart after Combofix the Updates attempted to install and then Reverted for 20 minutes, back to Desktop. It took running Windows Update troubleshooter to get them back into the Updates queue and installed.

Another MBAM scan comes out clean, but I don't see the rogue found earlier in Quarantine file. I wonder if CF deleted it?

Thanks! :geek:
 

Attachments

Last edited:
Greg, these items were deleted:
c:\program files\ShopperPro
c:\program files\ShopperPro\config.json
c:\program files\ShopperPro\database1_0_0.json
c:\program files\ShopperPro\FireFox\content\overlay.xul
c:\program files\ShopperPro\FireFox\content\shopperpro_128.png
c:\program files\ShopperPro\FireFox\install.rdf
c:\program files\ShopperPro\JSDriver\1.37.0.871\config.json
c:\program files\ShopperPro\JSDriver\1.37.0.871\database1_0_0.json
c:\program files\ShopperPro\manifest.json
c:\programdata\ShopperPro
c:\programdata\ShopperPro\config.json
c:\programdata\ShopperPro\database1_0_0.json
c:\users\MPCHOA\AppData\Local\nstF105.tmp
c:\windows\system32\SET709C.tmp
C:\Windows6.1-KB2533552-X86.msu

Did you look in here? C:\Qoobox\ComboFix-quarantined-files.txt
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Yeah, it's all there. Can I delete it and all other Combofix folders out of C?

Does anything it found look serious? Just adware?

I guess the more serious rogue virus which was found earlier by MBAM got deleted from its quarantine, possibly by Combofix?

When MBAM found rogue.multiple I googled and was pointed to Combofix which is why I ran it.
 
Looks like CF found all adware, but to be sure, run ESET OnlineScan.... ESET OnlineScan
[*]Click the
esetOnline.png
button.
[*]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  1. Click on
    esetSmartInstall.png
    to download the ESET Smart Installer. Save it to your desktop.
  2. Double click on the
    esetSmartInstallDesktopIcon.png
    icon on your desktop.
[*]Check
esetAcceptTerms.png

[*]Click the
esetStart.png
button.
[*]Accept any security warnings from your browser.
[*]Check
esetScanArchives.png

[*]Push the Start button.
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, push
esetListThreats.png

[*]Push
esetExport.png
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Push the
esetBack.png
button.
[*]Push
esetFinish.png

[/list]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The following will implement important cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
From post #1

I was working on my Uncles office PC tonight installing 13 optional Updates while running a MBAM scan
I would not recommend running any scans while using Windows 7 Updates.
Update Windows 7, reboot and then run the scans.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Running sUBs' ComboFix to mitigate adware found by a MBAM2 scan is a bit like using a M183 C4 Satchel Charge to clean out a back yard fish pond. The OP is quite fortunate that ComboFix did not brick the Uncle's office PC.

If MBAM2 finds anything actionable, a simple follow-up with a quarantine (if not already automatically done), followed by a subsequent deletion from quarantine a week later, would suffice. Small Job = Small Tool.

HTH :)
 

My Computer My Computer

At a glance

W7
Computer type
PC/Desktop
OS
W7
Thank you all.

As stated in OP the rogue.multiple found by Combofix when googled suggested to run ComboFix. Was this not advisable?

I have run ComboFix before and realize it is a powerful tool which should not be run casually.

In hindsight I should have cleared the Updates which were running in background before running it.
 
As stated in OP the rogue.multiple found by Combofix when googled suggested to run ComboFix. Was this not advisable?

If MBAM2 does flag malware after a scan, MBAM2 can optionally deal with it/them.

Even Malware Removal professionals will not run ComboFix until other diagnostic information has been thoroughly analyzed.

HTH :)
 

My Computer My Computer

At a glance

W7
Computer type
PC/Desktop
OS
W7
Again and as stated in OP, MBAM said it quarantined rogue.multiple, but it didn't show up in MBAM Quarantine folder.

At least two disinfection sites suggested CF for that infection. I have used CF in the past many times.
 
If it was my computer I would ask Jacee to take a look at the Combofix log before going any farther.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
She did above, Jack.

"ComboFix /uninstall" finds nothing. There was still a quarantine file named Qoobox in C. I manually cleaned out all Temp files with the time stamp when CF was run, which then allowed me to delete C:\Qoobox.
 
I had a brain fart and completely missed Jacee's post 2.
Sorry about that.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Back
Top