Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Trojan.Poweliks require assistance for removal
Message
<blockquote data-quote="MikR" data-source="post: 294760" data-attributes="member: 30404"><p>Although I have not noticed any symptoms or performance issues on PC, Norton keeps finding Poweliks in windows\syswow64 tmp files. Any help is appreciated. This is the Norton details of infection:</p><p>Filename: 00030741.tmp</p><p>Threat name: Trojan.Poweliks!gm</p><p>Full Path: c:\windows\syswow64\00030741.tmp</p><p>____________________________</p><p>Details</p><p>Very Few Users, Very New, Risk High</p><p>Origin</p><p>Downloaded from</p><p> Unknown</p><p>Activity</p><p>Actions performed: 16</p><p>____________________________</p><p>On computers as of </p><p>11/8/2014 at 12:54:55 AM</p><p></p><p>Last Used </p><p>11/8/2014 at 12:56:58 AM</p><p></p><p>Startup Item </p><p>No</p><p></p><p>Launched </p><p>No</p><p></p><p>____________________________</p><p></p><p>Very Few Users</p><p>Fewer than 5 users in the Norton Community have used this file.</p><p>Very New</p><p>This file was released less than 1 week ago.</p><p>High</p><p>This file risk is high.</p><p>Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.</p><p>____________________________</p><p>Source: External Media</p><p>Source File:</p><p>00030741.tmp</p><p></p><p>____________________________</p><p>File Actions</p><p>Infected file: c:\windows\syswow64\ 00030741.tmp Removed</p><p>Infected file: c:\windows\syswow64\ 00010203.tmp Removed</p><p>____________________________</p><p>Registry Actions</p><p>Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed</p><p>Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed</p><p>Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed</p><p>Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed</p><p>Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed</p><p>Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed</p><p>Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed</p><p>Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed</p><p>Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed</p><p>Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed</p><p>Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed</p><p>Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed</p><p>Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed</p><p>Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed</p><p>____________________________</p><p></p><p>File Thumbprint - SHA:</p><p>1632702aa132dcc238e70fb1414cb833919442fbf7ab3af271c181354789ac8b</p><p>File Thumbprint - MD5:</p><p>Not available</p></blockquote><p></p>
[QUOTE="MikR, post: 294760, member: 30404"] Although I have not noticed any symptoms or performance issues on PC, Norton keeps finding Poweliks in windows\syswow64 tmp files. Any help is appreciated. This is the Norton details of infection: Filename: 00030741.tmp Threat name: Trojan.Poweliks!gm Full Path: c:\windows\syswow64\00030741.tmp ____________________________ Details Very Few Users, Very New, Risk High Origin Downloaded from Unknown Activity Actions performed: 16 ____________________________ On computers as of 11/8/2014 at 12:54:55 AM Last Used 11/8/2014 at 12:56:58 AM Startup Item No Launched No ____________________________ Very Few Users Fewer than 5 users in the Norton Community have used this file. Very New This file was released less than 1 week ago. High This file risk is high. Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium. ____________________________ Source: External Media Source File: 00030741.tmp ____________________________ File Actions Infected file: c:\windows\syswow64\ 00030741.tmp Removed Infected file: c:\windows\syswow64\ 00010203.tmp Removed ____________________________ Registry Actions Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed ____________________________ File Thumbprint - SHA: 1632702aa132dcc238e70fb1414cb833919442fbf7ab3af271c181354789ac8b File Thumbprint - MD5: Not available [/QUOTE]
Insert quotes…
Verification
Post reply
Top