Solved CMD popup caused by Mail.ru malware?

[Mana823K]

Hi.
I downloaded a file yesterday, and when I clicked it it installed random programs like Go and Mail.ru and alerted my browser, too. I deleted the file and everything that seemed to correspond with it. I also download and run Malwarebytes and HitmanPro, they solved most of the probems, but I still have CMD with outbound connection opening every hour or so. The Malwarebytes succesfully blocks it but I only have a trial licence that will run out. I also tried to reset my browser and even reinstall it, and installed Comodo Firewall and tried to block the IP address but it didn't work.
I upload the FRST and Addition file, and also Malwarebytes' report of the blocked website.
I would appreciate any help you can provide.

 

[TwinHeadedEagle]

Hello,

Do you remember where did you download this file yesterday?

Can you export MalwareBytes scan reports for my review? You can find it in reports section, remember I don't need website blocked reports, only the scan reports.

 

[Mana823K]

Sorry, I restarted everything on my browser, so I don't know which website was it.
Yes, I can upload the scans.
Thank you for your help.

 

[TwinHeadedEagle]

Do you still have these CMD pop-ups happening?

 

[Mana823K]

The program is still scanning, but it already detected 30 items. I'll tell you later, if it worked.

 

[Mana823K]

Finished scanning and deleted every suspicious file, but I still have the same problem.
I attached the scan files. Every file has been deleted or replaced except C:\ProgramData\Mail.Ru, which says error. I checked the ProgramData folder but didn't find any Mail.Ru named file or folder (I set hidden files visible).

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Mana823K]

Done with scan, and attached the files.

 

[TwinHeadedEagle]

Do you get any detections if you run MalwareBytes scan now?

 

[Mana823K]

Yesterday, it didn't find anything, but this time it detected 7 items and failed to remove 2 of them. I only run a system file check, to solve another issue, since my last scan (but it didn't find anything), I don't know if it has any affect.

 

[Mana823K]

I made new FRST scans, too, if they're needed.

 

[Mana823K]

Well, I ran another scan and managed to remove the last items, too, and since then I don't have any CMD popups. Seems like the problem solved itself..
I'm really sorry for causing you trouble, and thank you for helping me.

 

[TwinHeadedEagle]

Yes, MalwareBytes took care of the malware, your computer is now clean.