Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Cheshire Police Malware
Message
<blockquote data-quote="Vitesse" data-source="post: 122252" data-attributes="member: 8287"><p>Apologies for long gap.</p><p>Ran HitMan and forgot to save the file (was sort of expecting it to do it automatically after all the others so ran again and saved the one here.</p><p>The original one had 98 items - think 94 were tracking. Two were not removed and are in the second file here with yellow markers. Two had red markers and were deleted (hope that makes sense).</p><p></p><p>Have tried to do Kaspersky but had to abort until I could have time to run (and not leave computer on unattended) as it seems to be about 10 hours (had to cancel it after 5 hours). So running today - now.</p><p></p><p>HitMan is as below as file type? is not allowed to be posted as attachment? (yellow marked items are the ones listed as suspicious below)</p><p></p><p>[code]</p><p>HitmanPro 3.7.3.194</p><p>www.hitmanpro.com</p><p></p><p> Computer name . . . . : HOME-PC</p><p> Windows . . . . . . . : 5.1.3.2600.X86/1</p><p> User name . . . . . . : HOME-PC\Graham</p><p> License . . . . . . . : Trial (30 days left)</p><p></p><p> Scan date . . . . . . : 2013-05-22 23:48:59</p><p> Scan mode . . . . . . : Normal</p><p> Scan duration . . . . : 36m 6s</p><p> Disk access mode . . : Direct disk access (SRB)</p><p> Cloud . . . . . . . . : Internet</p><p> Reboot . . . . . . . : No</p><p></p><p> Threats . . . . . . . : 15</p><p> Traces . . . . . . . : 20</p><p></p><p> Objects scanned . . . : 914,516</p><p> Files scanned . . . . : 96,759</p><p> Remnants scanned . . : 218,136 files / 599,621 keys</p><p></p><p>Suspicious files ____________________________________________________________</p><p></p><p> F:\Documents and Settings\Tracy\Local Settings\Temp\nsb6.tmp\installhelper.dll</p><p> Size . . . . . . . : 130,840 bytes</p><p> Age . . . . . . . : 1112.3 days (2010-05-06 16:46:46)</p><p> Entropy . . . . . : 6.5</p><p> SHA-256 . . . . . : 0411AB18ECB0D3D6292EABB89B4C8E41112B3E0BE272B087555C2CB8CB0BFC28</p><p> Product . . . . . : ALOT</p><p> Publisher . . . . : ALOT Inc.</p><p> Description . . . : ALOT</p><p> Version . . . . . : 1.0.4.0</p><p> Copyright . . . . : Copyright (C) 2009</p><p> RSA Key Size . . . : 1024</p><p> Authenticode . . . : Blacklisted</p><p> Fuzzy . . . . . . : 100.0</p><p> Program is code signed with a known fraudulent certificate.</p><p></p><p> F:\Documents and Settings\Tracy\Local Settings\Temp\nsn3.tmp\installhelper.dll</p><p> Size . . . . . . . : 130,840 bytes</p><p> Age . . . . . . . : 1112.3 days (2010-05-06 16:44:34)</p><p> Entropy . . . . . : 6.5</p><p> SHA-256 . . . . . : 0411AB18ECB0D3D6292EABB89B4C8E41112B3E0BE272B087555C2CB8CB0BFC28</p><p> Product . . . . . : ALOT</p><p> Publisher . . . . : ALOT Inc.</p><p> Description . . . : ALOT</p><p> Version . . . . . : 1.0.4.0</p><p> Copyright . . . . : Copyright (C) 2009</p><p> RSA Key Size . . . : 1024</p><p> Authenticode . . . : Blacklisted</p><p> Fuzzy . . . . . . : 100.0</p><p> Program is code signed with a known fraudulent certificate.</p><p></p><p></p><p>Malware remnants ____________________________________________________________</p><p></p><p> HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Internet </p><p></p><p>Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}\ (Adware.Hotbar)</p><p> HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Internet </p><p></p><p>Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.Hotbar)</p><p> HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Internet </p><p></p><p>Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}\ (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}\ (Adware.Hotbar)</p><p> HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\ShoppingReport2\ (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}\ (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}\ (Adware.Hotbar)</p><p> HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\ShoppingReport2\ (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar)</p><p> HKU\S-1-5-21-2052111302-1965331169-725345543-1007\Software\ShoppingReport2\ (Adware.Hotbar)</p><p> </p><p></p><p>HKU\S-1-5-21-2052111302-1965331169-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Ext</p><p></p><p>\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar)</p><p> HKU\S-1-5-21-2052111302-1965331169-725345543-1009\Software\ShoppingReport2\ (Adware.Hotbar)</p><p></p><p>Cookies _____________________________________________________________________</p><p></p><p> F:\Documents and Settings\Graham\Cookies\2KGR2IFW.txt</p><p> F:\Documents and Settings\Graham\Cookies\MWKGNZD9.txt</p><p> F:\Documents and Settings\Graham\Cookies\O2DLONTY.txt</p><p></p><p></p><p>[/code]</p></blockquote><p></p>
[QUOTE="Vitesse, post: 122252, member: 8287"] Apologies for long gap. Ran HitMan and forgot to save the file (was sort of expecting it to do it automatically after all the others so ran again and saved the one here. The original one had 98 items - think 94 were tracking. Two were not removed and are in the second file here with yellow markers. Two had red markers and were deleted (hope that makes sense). Have tried to do Kaspersky but had to abort until I could have time to run (and not leave computer on unattended) as it seems to be about 10 hours (had to cancel it after 5 hours). So running today - now. HitMan is as below as file type? is not allowed to be posted as attachment? (yellow marked items are the ones listed as suspicious below) [code] HitmanPro 3.7.3.194 www.hitmanpro.com Computer name . . . . : HOME-PC Windows . . . . . . . : 5.1.3.2600.X86/1 User name . . . . . . : HOME-PC\Graham License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-05-22 23:48:59 Scan mode . . . . . . : Normal Scan duration . . . . : 36m 6s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 15 Traces . . . . . . . : 20 Objects scanned . . . : 914,516 Files scanned . . . . : 96,759 Remnants scanned . . : 218,136 files / 599,621 keys Suspicious files ____________________________________________________________ F:\Documents and Settings\Tracy\Local Settings\Temp\nsb6.tmp\installhelper.dll Size . . . . . . . : 130,840 bytes Age . . . . . . . : 1112.3 days (2010-05-06 16:46:46) Entropy . . . . . : 6.5 SHA-256 . . . . . : 0411AB18ECB0D3D6292EABB89B4C8E41112B3E0BE272B087555C2CB8CB0BFC28 Product . . . . . : ALOT Publisher . . . . : ALOT Inc. Description . . . : ALOT Version . . . . . : 1.0.4.0 Copyright . . . . : Copyright (C) 2009 RSA Key Size . . . : 1024 Authenticode . . . : Blacklisted Fuzzy . . . . . . : 100.0 Program is code signed with a known fraudulent certificate. F:\Documents and Settings\Tracy\Local Settings\Temp\nsn3.tmp\installhelper.dll Size . . . . . . . : 130,840 bytes Age . . . . . . . : 1112.3 days (2010-05-06 16:44:34) Entropy . . . . . : 6.5 SHA-256 . . . . . : 0411AB18ECB0D3D6292EABB89B4C8E41112B3E0BE272B087555C2CB8CB0BFC28 Product . . . . . : ALOT Publisher . . . . : ALOT Inc. Description . . . : ALOT Version . . . . . : 1.0.4.0 Copyright . . . . : Copyright (C) 2009 RSA Key Size . . . : 1024 Authenticode . . . : Blacklisted Fuzzy . . . . . . : 100.0 Program is code signed with a known fraudulent certificate. Malware remnants ____________________________________________________________ HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1005\Software\ShoppingReport2\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1006\Software\ShoppingReport2\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1007\Software\ShoppingReport2\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar) HKU\S-1-5-21-2052111302-1965331169-725345543-1009\Software\ShoppingReport2\ (Adware.Hotbar) Cookies _____________________________________________________________________ F:\Documents and Settings\Graham\Cookies\2KGR2IFW.txt F:\Documents and Settings\Graham\Cookies\MWKGNZD9.txt F:\Documents and Settings\Graham\Cookies\O2DLONTY.txt [/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
