Operating System
Windows 7
Infection date and initial symptoms
5/20/14 Ads starting showing up in Chrome and computer slowed down.
Current issues and symptoms
Seems to be running OK now.
Steps taken in order to remove the infection
Ran Malwarebytes, Hitman Pro and ADW Cleaner, also deleted extension from Chrome.

C.Champ

New Member
Hi, I am new to this forum and hope you all can help. A couple of days ago I got the (Passshow-Soft) Malware/Virus. I deleted the extension from chrome, ran ADW Cleaner, Malwarebytes, and HitmanPro.

I think it is gone now because when I run ADW Cleaner and HitmanPro they don't find anything, (they both did find the Passshow-Soft to start with).

When I run Malwarebytes it still shows that I have the Passshow. I tell it to quarantine then delete it, I then do a restart and run Malwarebytes again and it shows that I still have it. When I run the other 2 programs, they show clean. Is there a reason that Mbam keeps showing the infection. My computer runs a lot better with no ads in Chrome but Mbam says I still have a problem. Below I have copied and pasted what Mbam keeps finding, (Hope it's Ok).

Thanks in advance for your help, CC

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/24/2014
Scan Time: 9:32:47 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.24.04
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264401
Time Elapsed: 10 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft, , [878852023a411b1b7512fd8609f91ae6],

Files: 8
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys, , [8f489706472f7e9a06baaa198703fa64],
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\ksecpkg.sys, , [868a2caab12efc7a021682bca0eec54c],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\157.dat, , [878852023a411b1b7512fd8609f91ae6],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\157.dll, , [878852023a411b1b7512fd8609f91ae6],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\157.xpi, , [878852023a411b1b7512fd8609f91ae6],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\a.db, , [878852023a411b1b7512fd8609f91ae6],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\b.db, , [878852023a411b1b7512fd8609f91ae6],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\psup.exe, , [878852023a411b1b7512fd8609f91ae6],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\sqlite3.dll, , [878852023a411b1b7512fd8609f91ae6],
PUP.Optional.PassShow.A, c:\program files (x86)\passshow-soft\uninstall.exe, , [878852023a411b1b7512fd8609f91ae6],

Physical Sectors: 0
(No malicious items detected)


(end)
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
Hi,


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.



***** NEXT *****



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

C.Champ

New Member
Hi, thanks for your reply. I ran the TDSSKILLER. It said that everything was clean. It also did not leave a log file, I looked everywhere. Even did the procedure twice. I am sending a snapshot along. Do I also need to do the other procedure that you mentioned? CC
 

Attachments

C.Champ

New Member
I also ran Farbar and the best I can tell is that it didn't find anything. I am attaching both of the logs from it. Thanks again. CC
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
Hi,



Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.



***** NEXT *****



Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

    Code:
    createsrpoint;
    emptyfolderscheck;delete
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns;b
  • Click on
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 

Attachments

C.Champ

New Member
Thanks for your help, could you tell me if in any of the files that I have sent that there is any indication that I still have the Malware? Thanks