Jump to content

Annoying not-a-virus:HEUR:AdWare.Win32.Generic


Recommended Posts

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-01-22] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-01-22] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1849679306-394957634-595456867-1001\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-1849679306-394957634-595456867-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-01-22] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-01-22] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
2016-03-03 10:57 - 2016-03-03 10:57 - 00000000 _____ C:\Windows\system32\Drivers\SET81B.tmp
2016-03-02 14:21 - 2016-03-02 14:21 - 00000000 _____ C:\Windows\system32\Drivers\SETA6CA.tmp
2016-03-02 12:36 - 2016-03-02 12:36 - 00000000 _____ C:\Windows\system32\Drivers\SET6D64.tmp
2016-03-02 10:59 - 2016-03-02 10:59 - 00000000 _____ C:\Windows\system32\Drivers\SET11BC.tmp
2016-02-29 12:52 - 2016-02-29 12:52 - 00000000 _____ C:\Windows\system32\Drivers\SETE946.tmp
2016-02-29 11:08 - 2016-02-29 11:08 - 00000000 _____ C:\Windows\system32\Drivers\SETD26C.tmp
2016-02-28 16:15 - 2016-02-28 16:15 - 00000000 _____ C:\Windows\system32\Drivers\SET7474.tmp
2016-02-27 15:07 - 2016-02-27 15:07 - 00000000 _____ C:\Windows\system32\Drivers\SETB960.tmp
2016-02-27 13:08 - 2016-02-27 13:08 - 00000000 _____ C:\Windows\system32\Drivers\SET9C7E.tmp
2016-02-26 19:06 - 2016-02-26 19:06 - 00000000 _____ C:\Windows\system32\Drivers\SETCCE0.tmp
2016-02-26 17:28 - 2016-02-26 17:28 - 00000000 _____ C:\Windows\system32\Drivers\SET6D34.tmp
2016-02-26 16:39 - 2016-02-26 16:39 - 00000000 _____ C:\Windows\system32\Drivers\SET6D24.tmp
2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 _____ C:\Windows\system32\Drivers\SET4CB9.tmp
2016-02-26 15:07 - 2016-02-26 15:12 - 00222720 _____ C:\Users\Jenya\AppData\Roaming\LxjVBchppIcvKkIsaT
2016-02-26 11:00 - 2016-02-26 11:00 - 00000000 _____ C:\Windows\system32\Drivers\SET3275.tmp
2016-02-24 15:07 - 2016-02-24 15:07 - 00000000 _____ C:\Windows\system32\Drivers\SETF344.tmp
2016-02-24 11:48 - 2016-02-24 11:48 - 00000000 _____ C:\Windows\system32\Drivers\SETAF42.tmp
2016-02-24 11:27 - 2016-02-24 11:27 - 00000000 _____ C:\Windows\system32\Drivers\SET8343.tmp
2016-02-21 11:00 - 2016-02-21 11:00 - 00000000 _____ C:\Windows\system32\Drivers\SETB02C.tmp
2016-02-20 11:05 - 2016-02-20 11:05 - 00000000 _____ C:\Windows\system32\Drivers\SET6D63.tmp
2016-02-13 12:26 - 2016-02-13 12:26 - 00000000 ____D C:\ProgramData\Update2343200959509
2016-01-08 16:02 - 2016-01-08 16:02 - 0000605 _____ () C:\Users\Jenya\AppData\Roaming\02545F0A.vxd
2013-10-02 04:55 - 2013-10-02 04:55 - 0001960 _____ () C:\Users\Jenya\AppData\Roaming\COPYING
2016-02-11 12:08 - 2016-02-11 12:08 - 0000000 _____ () C:\Users\Jenya\AppData\Roaming\gdfw.log
2016-02-11 12:08 - 2016-02-11 12:08 - 0000779 _____ () C:\Users\Jenya\AppData\Roaming\gdscan.log
2016-02-26 15:07 - 2016-02-26 15:12 - 0222720 _____ () C:\Users\Jenya\AppData\Roaming\LxjVBchppIcvKkIsaT
2016-02-10 13:53 - 2016-02-10 13:53 - 0001417 _____ () C:\Users\Jenya\AppData\Roaming\PansophyHangout
2014-05-08 07:44 - 2014-05-08 07:44 - 0003934 _____ () C:\Users\Jenya\AppData\Roaming\prtphon.env
2016-02-10 13:53 - 2016-02-10 13:53 - 0086234 _____ () C:\Users\Jenya\AppData\Roaming\Rangoon
2013-10-02 04:56 - 2013-10-02 04:56 - 0000824 _____ () C:\Users\Jenya\AppData\Roaming\sequential.links.xml
2016-02-11 13:22 - 2016-02-11 13:22 - 0007622 _____ () C:\Users\Jenya\AppData\Local\Resmon.ResmonCfg
2016-02-13 11:58 - 2016-02-26 12:05 - 0000258 _____ () C:\ProgramData\fontcacheev1.dat
C:\ProgramData\fontcacheev1.dat
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
C:\Users\Jenya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59M2MYDS\56y4g45gh45h[1]
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

Hey Kevin:

 

However its coming back.

 

 

Properties
Name kino-tor_net_-_785679.exe
Location C:\Users\***\Downloads
Size 3.5 MB
Time 56.6 days ago (2016-01-07 20:13:27)
Entropy 6.3
SHA-256 7AD4D58048E77C47788488E209CE748840E2873960EFBA12395D1004D962FB66
 
Detection Names
Bitdefender Gen:Variant.Adware.Jatif.296
Kaspersky not-a-virus:HEUR:AdWare.Win32.Generic
 
Scoring (126.0)
One or more antivirus vendors have indicated that the file is malicious.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

Fixlog.txt

Link to post
Share on other sites

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.

    NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
S3 mdf16; \??\C:\Users\Jenya\AppData\Local\Temp\mdf16.sys [X]
S3 mvd23; \??\C:\Users\Jenya\AppData\Local\Temp\mvd23.sys [X]
2016-03-05 11:07 - 2016-03-05 11:07 - 00000260 _____ C:\ProgramData\fontcacheev1.dat
2016-03-04 11:15 - 2016-03-04 11:15 - 00000000 _____ C:\Windows\system32\Drivers\SET7C12.tmp
2016-03-03 14:25 - 2016-03-03 14:25 - 00000000 _____ C:\Windows\system32\Drivers\SET44EC.tmp
C:\ProgramData\fontcacheev1.dat
C:\Users\Jenya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MEWW8ELW\index[1].htm
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...