CONDUIT MALWARE

M

marcuspassey

New Member
Thread author
Verified
Mar 6, 2014
158
im having a little trouble with the shortcut module it completed but the computer restarted I cant find the report so started the clean again
 
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
I repeat : It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
 
M

marcuspassey

New Member
Thread author
Verified
Mar 6, 2014
158
I found these, ive attached them are they what we need?
 

Attachments

  • Shortcut_Module.txt
    9.8 KB · Views: 48
  • Shortcut_Module_06_03_2014_19_04_22.txt
    55.5 KB · Views: 150
  • Shortcut_Module_06_03_2014_19_54_40.txt
    18.4 KB · Views: 85
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
perhaps you didn't configure it like the image..?

ok it doesn't matter , that 's ok

uninstall Java it's not up to date keep juste Java 7 Update 51

You 'd better install a real antivirus ( Like Avast or...) , cause McAfee Security Scan is very useless

====

copy and paste all this bold text under "Personnalization" in OTL and click on " Run Fix"

:OTL
SRV - [2014/01/16 00:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\vinceturk@gmail.com: C:\Program Files (x86)\KwiClick LLC\KwiClick\ [2013/11/11 19:10:07 | 000,000,000 | ---D | M]
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\9jl0hjl9.default-1372188750837\Extensions\firefox@browsebeyond.net.xpi
[2013/11/07 20:46:26 | 000,007,660 | ---- | M] () (No name found) -- C:\Users\marcuspassey\AppData\Roaming\Mozilla\Firefox\Profiles\llgjaj9t.default\extensions\firefox@browsebeyond.net.xpi
CHR - Extension: McAfee Security Scan+ = C:\Users\marcuspassey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell - "" = AutoRun
O33 - MountPoints2\{673b7dce-9a3f-11e0-8e6f-b8ac6f9b6f7b}\Shell\AutoRun\command - "" = I:\setup.exe -a
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: mcpltui_exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - File not found
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
[2014/02/17 17:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/02/17 17:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2014/03/06 20:28:11 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/17 17:02:10 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/10/18 21:34:27 | 083,023,306 | ---- | C] () -- C:\ProgramData\kcehcuj.pad
[2012/04/07 17:58:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\-4p0s7wdEAiunln
[2012/04/07 17:57:52 | 000,000,256 | ---- | C] () -- C:\ProgramData\4p0s7wdEAiunln
[2012/02/09 17:44:30 | 000,005,104 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2010/07/19 19:59:09 | 000,072,080 | ---- | C] () -- C:\Users\marcuspassey\g2mdlhlpx.exe
[2010/07/09 16:44:00 | 031,494,960 | ---- | C] () -- C:\Users\marcuspassey\snagit.exe
[2013/06/24 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\NetAssistant
[2013/04/19 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\TubeSeoCommando.exe
[2012/05/10 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Roaming\Qya
[2013/12/15 00:10:52 | 000,000,000 | ---D | M] -- C:\9ddfc97fd6bf90cac4021d9f81c6
[2011/09/17 12:47:12 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\Sti_Trace.log
[2012/06/29 13:00:16 | 000,000,064 | ---- | M] () -- C:\ProgramData\yqngljsl.log
[2012/12/09 20:06:17 | 000,000,000 | ---D | M] -- C:\ProgramData\7EAB15720262BC3400007EAA96D2C790
[2012/05/10 15:29:34 | 000,000,000 | ---D | M] -- C:\ProgramData\B7E8586B0F2FB8D85FA018F0B4EB2367
[2013/11/11 19:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2012/06/29 13:02:54 | 000,164,311 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\axwgtjee.log
[2012/06/29 13:02:52 | 000,003,315 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\empvysbc.log
[2012/06/29 13:13:23 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\jerecrma.log
[2012/06/29 13:13:56 | 000,000,024 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\lpfinuok.log
[2012/06/29 13:00:38 | 000,415,424 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\mgjvjrvh.log
[2012/06/29 13:07:39 | 000,531,161 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\ndclhyyb.log
[2012/06/29 13:00:38 | 000,000,000 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\nuqrauhv.log
[2012/06/29 13:00:27 | 000,004,048 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\qyadsnff.log
[2012/06/29 13:02:54 | 000,002,840 | ---- | M] () -- C:\Users\marcuspassey\AppData\Local\xfgjhkax.log
[2012/05/17 07:00:25 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\ClickAds_Marketing
[2013/11/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\CRE
[2013/09/16 20:07:21 | 000,000,000 | ---D | M] -- C:\Users\marcuspassey\AppData\Local\avgchrome
[2013/11/11 17:13:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Browsebeyond

:reg
[-HKEY_CURRENT_USER\Software\(null)]
[-HKEY_CURRENT_USER\Software\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\TubeSEOCommando]

:files
C:\install.*
C:\Users\marcuspassey\AppData\Local\{*}

:commands
[emptytemp]

attach the log after reboot.

I think you're infected bye Ramnit too
 
Last edited:

Similar threads

tanner_doriano
  • Locked
PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
941
Inactive Support Threads
icotonev
icotonev
cryogent
    • Like
Advice Request Roblox Player desktop app not want to work without admin
Replies
12
Views
1,479
Hard_Configurator Tools
Andy Ful
Andy Ful
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
New Update KB5041587 is out for Windows 11 22H2 and 23H2 with File Explorer improvements and more
Replies
7
Views
659
Windows 11
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top