CONDUIT MALWARE

M

marcuspassey

New Member
Thread author
Verified
Mar 6, 2014
158
im having a little trouble with the shortcut module it completed but the computer restarted I cant find the report so started the clean again
 
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
I repeat : It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
 
M

marcuspassey

New Member
Thread author
Verified
Mar 6, 2014
158
I found these, ive attached them are they what we need?
 

Attachments

  • Shortcut_Module.txt
    9.8 KB · Views: 48
  • Shortcut_Module_06_03_2014_19_04_22.txt
    55.5 KB · Views: 150
  • Shortcut_Module_06_03_2014_19_54_40.txt
    18.4 KB · Views: 85
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
perhaps you didn't configure it like the image..?

ok it doesn't matter , that 's ok

uninstall Java it's not up to date keep juste Java 7 Update 51

You 'd better install a real antivirus ( Like Avast or...) , cause McAfee Security Scan is very useless

====

copy and paste all this bold text under "Personnalization" in OTL and click on " Run Fix"

:OTL
SRV - [2014/01/16 00:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\vinceturk@gmail.com: C:\Program Files (x86)\KwiClick LLC\KwiClick\ [2013/11/11 19:10:07 | 000,000,000 | ---D | M]
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\9jl0hjl9.default-1372188750837\Extensions\firefox@browsebeyond.net.xpi
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\llgjaj9t.default\extensions\firefox@browsebeyond.net.xpi
CHR - Extension: McAfee Security Scan+ = C:\Users\marcuspassey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell - "" = AutoRun
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell\AutoRun\command - "" = I:\setup.exe -a
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: mcpltui_exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - File not found
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
[2014/02/17 17:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/02/17 17:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2014/03/06 20:28:11 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/17 17:02:10 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/10/18 21:34:27 | 083,023,306 | ---- | C] () -- C:\ProgramData\kcehcuj.pad
[2012/04/07 17:58:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\-4p0s7wdEAiunln
[2012/04/07 17:57:52 | 000,000,256 | ---- | C] () -- C:\ProgramData\4p0s7wdEAiunln
[2012/02/09 17:44:30 | 000,005,104 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2010/07/19 19:59:09 | 000,072,080 | ---- | C] () -- C:\Users\marcuspassey\g2mdlhlpx.exe
[2010/07/09 16:44:00 | 031,494,960 | ---- | C] () -- C:\Users\marcuspassey\snagit.exe
[2013/06/24 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\NetAssistant
[2013/04/19 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\TubeSeoCommando.exe
[2012/05/10 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\Qya
[2013/12/15 00:10:52 | 000,000,000 | ---D | M] -- C:\9ddfc97fd6bf90cac4021d9f81c6
[2011/09/17 12:47:12 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\Sti_Trace.log
[2012/06/29 13:00:16 | 000,000,064 | ---- | M] () -- C:\ProgramData\yqngljsl.log
[2012/12/09 20:06:17 | 000,000,000 | ---D | M] -- C:\ProgramData\7EAB15720262BC3400007EAA96D2C790
[2012/05/10 15:29:34 | 000,000,000 | ---D | M] -- C:\ProgramData\B7E8586B0F2FB8D85FA018F0B4EB2367
[2013/11/11 19:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2012/06/29 13:02:54 | 000,164,311 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\axwgtjee.log
[2012/06/29 13:02:52 | 000,003,315 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\empvysbc.log
[2012/06/29 13:13:23 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\jerecrma.log
[2012/06/29 13:13:56 | 000,000,024 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\lpfinuok.log
[2012/06/29 13:00:38 | 000,415,424 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\mgjvjrvh.log
[2012/06/29 13:07:39 | 000,531,161 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\ndclhyyb.log
[2012/06/29 13:00:38 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\nuqrauhv.log
[2012/06/29 13:00:27 | 000,004,048 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\qyadsnff.log
[2012/06/29 13:02:54 | 000,002,840 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\xfgjhkax.log
[2012/05/17 07:00:25 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\ClickAds_Marketing
[2013/11/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\CRE
[2013/09/16 20:07:21 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\avgchrome
[2013/11/11 17:13:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Browsebeyond

:reg
[-HKEY_CURRENT_USER\Software\(null)]
[-HKEY_CURRENT_USER\Software\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\TubeSEOCommando]

:files
C:\install.*
C:\Users\marcuspassey\AppData\Local\{*}

:commands
[emptytemp]

attach the log after reboot.

I think you're infected bye Ramnit too
 
Last edited:

Similar threads

tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
393
Windows Malware Removal Help & Support
icotonev
icotonev
cryogent
    • Like
Advice Request Roblox Player desktop app not want to work without admin
Replies
12
Views
1,068
Hard_Configurator Tools
Andy Ful
Andy Ful
Gandalf_The_Grey
    • Wow
    • +Reputation
    • Like
Beware! HP firmware update bricking OfficeJet 9020e printers with Blue Screen 83C0000B error
Replies
0
Views
781
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top