Author Topic: Need assistance on Malware  (Read 416 times)

Offline Vultrio

  • Newbie
  • *
  • Posts: 17
Need assistance on Malware
« on: August 06, 2017, 02:40:31 PM »
Hello I really need some advice here case I'm very worried after some malware quarantine.

See I recently got my new pc yesterday and I wanted all the files I had on the old one. This included OCCT which monitors heat and allows my (next city) repair shop to stress test. I didn't know where to safely dl it but a friend said techadvisor and so I blindly accepted in and downloaded from there.

After the dl was nearly complete it requested access to the computer, I said yes then boom :(

Comodo detected two malware incursions:
One was called  Malware[at]#3orm6gfquetum in
C:\Users\John\AppData\Local\Temp\D55821098924051.dat

The other was ApplicUnwnt[at]#20kefu0jrzjud in
C:\VTRoot\HarddiskVolume2\Users\John\AppData\Local\{C06DF631-E4C5-9A89-895D-BF61AD3543F9}\uninst.exe

VirusScope also blocked a Malaware called Generic.Infector.2 in the file
C:\Users\Johns\Downloads\OCCT_4.5.0.exe

I also ran Malwarebytes just in case and it came up with 3 PUP's in the HKU\S: PUP.Optional.InstallCore and PUP.Optional.Productsetup as Registry keys and a PUP.Optional.ProductSetup as Registry Value

I'm also worried that in order to allow the download to happen I allowed a DMGR1.25_010D0G1V1E1R1T1Q2X1L1B1F1C1.25.exe access to my pc to which afterwards the OCCT requested access to install.

I've quick scanned with comodo & malwarebytes twice after, scanned with ADWcleaner then used CCleaner clean up. Restarted in safe mode and quick scanned with malwarebytes. Recently turned my pc on and scanned again.

I've not noticed anything different with my pc other than a random avast desktop icon I deleted.

I sent a similar message to a mod however I was doing a scan of my C Drive with Malwarebytes when comodo blocked some Malware called TrojWare.VBS.Agent.DY[at]434468824 located at C:\VTRoot\HarddiskVolume2\Users\Johns\AppData\Roaming\Lomepibinute

Is this a result of the earlier infection, I getting more worried. I require a more level experience head than mine. Am I safe? Is there anything I should be worried about? I would really appreciate your reply.

Offline Vultrio

  • Newbie
  • *
  • Posts: 17
Re: Need assistance on Malware
« Reply #1 on: August 06, 2017, 03:06:07 PM »
I've since used Malwarebytes to scan my C drive again followed by another threat scan, had comodo do a full scan, used TSDD Rootkiller scan and used Super Antispyware and so far only found 310 tracking cookies.

I'm still worried especially finding that Trojware sometime after the incident and first scans. Again I could really use some help and advice

Offline Vultrio

  • Newbie
  • *
  • Posts: 17
Re: Need assistance on Malware
« Reply #2 on: August 06, 2017, 07:26:11 PM »
Well I used Hitman Pro and it found these two

C:\Users\Johns\AppData\Local\Temp\DMGR1.25\DMGR1.25_0I0D0G1V1E1R1T1Q2X1L1B1F1C1.25.exe -> Quarantined
      Size . . . . . . . : 1,313,917 bytes
      Age  . . . . . . . : 0.3 days (2017-08-06 16:23:24)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6BD5AE5579A230E6B87BA99E84CB8943137AEB88BA1C0B3328B128E98F0839A3
      Product  . . . . . : Fuhu                                                       
      Publisher  . . . . : Lafami                                                     
      Description  . . . : Fuhu Setup                                                 
      Version  . . . . . : 3.7.2.4
      LanguageID . . . . : 0
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 110.0
      Forensic Cluster
         -2.8s C:\Users\Johns\AppData\Local\Temp\tmp10957888\
         -0.8s C:\Users\Johns\Downloads\OCCTPT4.5.0.exe
          0.0s C:\Users\Johns\AppData\Local\Temp\DMGR1.25\DMGR1.25_0I0D0G1V1E1R1T1Q2X1L1B1F1C1.25.exe
          0.1s C:\Users\Johns\AppData\Local\Temp\tmp10957888\figetero.exe
          0.2s C:\Users\Johns\AppData\Local\Temp\DMGR1.25\

   C:\Users\Johns\AppData\Local\Temp\tmp10957888\figetero.exe -> Quarantined
      Size . . . . . . . : 285,696 bytes
      Age  . . . . . . . : 0.3 days (2017-08-06 16:23:24)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : BD9935078CC9B243B4A210BDF2FE966D05760B8C41F0F9838EEC63228396E2DF
      Product  . . . . . : Cuco Hecotege
      Publisher  . . . . : Sofapiku Software
      Description
      Version  . . . . . : 3.5.49.55
      Copyright  . . . . : Sofapiku Software
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.Generic
      Fuzzy  . . . . . . : 110.0
      Forensic Cluster
         -2.9s C:\Users\Johns\AppData\Local\Temp\tmp10957888\
         -0.9s C:\Users\Johns\Downloads\OCCTPT4.5.0.exe
         -0.1s C:\Users\Johns\AppData\Local\Temp\DMGR1.25\DMGR1.25_0I0D0G1V1E1R1T1Q2X1L1B1F1C1.25.exe
          0.0s C:\Users\Johns\AppData\Local\Temp\tmp10957888\figetero.exe
          0.2s C:\Users\Johns\AppData\Local\Temp\DMGR1.25\

So what does this mean exactly, what are these two? Also am I finally free from Malware? I've used Comodo, Malwarebytes, TDSS, Super AntiSpyware and HitmanPro? I've also uninstall the OCCT, wish I never bothered to install it myself :(

Offline Vultrio

  • Newbie
  • *
  • Posts: 17
Re: Need assistance on Malware
« Reply #3 on: August 07, 2017, 02:45:31 PM »
Well I've done some more scans today. Nothing found. Can I assume I'm safe now? I'd appreciate some advice :3

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2893
Re: Need assistance on Malware
« Reply #4 on: August 08, 2017, 06:26:33 PM »
Yes if after using multiple scanners and all come back clean then you should be fine. You can also try using comodo cleaning essentials by going to tasks> Advanced tasks > clean endpoint and running a full scan to be extra sure.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek