Win 7 Antivirus 2012 con Scour Redirect

Aprende y comparte como combatir objetos maliciosos en computacion.
Responder
Avatar de Usuario
LeThe
Site Admin
Mensajes: 7046
Registrado: Vie Jun 15, 2007 5:11 pm
Ubicación: Florida, Estados Unidos
Contactar:
Contactar LeThe

Win 7 Antivirus 2012 con Scour Redirect

Mensaje por LeThe »

Ayer trabaje con una computadora con Windows 7 x64 y estas infecciones. McAfee se habia expirado o vencido.

El Win 7 Antivirus 2012 tambien se presenta como:
Win 7 Antispyware 2012
Win 7 Security 2012

Imagen

El Scour es otro virus cual se integra a varios navegadores y mientras navegas te manda a ciertas paginas para que veas anuncios.

Logre eliminar estos virus ejecutando la instalacion/actualizacion de Malwarebytes Antimalware Pude instalar con el truco de "Run as" o "Ejecutar como" y usando la cuenta de administrador. Despues de terminar de escanear con Malwarebytes, volvi a escanear con AVG cual encontro mas infecciones y limpio la PC por completo.

Log de AVG
"Malware";"Win32:Cycbot-GV";"C:\USERS\USER1\APPDATA\LOCAL\TEMP\CSRSS.EXE";"N/A";"7/12/2011, 11:07:51 AM"
"Malware";"Win32:Cycbot-GZ";"C:\USERS\USER1\APPDATA\ROAMING\MICROSOFT\CONHOST.EXE";"N/A";"7/12/2011, 11:08:02 AM"
"Malware";"Win32:Cycbot-GZ";"C:\USERS\USER1\APPDATA\ROAMING\DWM.EXE";"N/A";"7/12/2011, 11:08:11 AM"
"";"C:\System32\installer.exe";"Trojan horse PSW.Generic8.ATXG";"Moved to Virus Vault"
"";"C:\ProgramData\KgTfafLoPYWSI.exe";"Trojan horse Generic21.AFKQ";"Moved to Virus Vault"

Log de Malwarebytes Antimalware
Memory Processes Infected:
c:\Users\user1\AppData\Roaming\dwm.exe (Trojan.Agent) -> 1504
c:\Users\user1\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 1828
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 2420
c:\Users\user1\AppData\Local\wut.exe (Trojan.FakeAlert) -> 3116
c:\programdata\QuestDns\questdns179.exe (Adware.Agent.ZGen) -> 3268
c:\program files (x86)\QuestDns\questdns.exe (Adware.Agent.ZGen) -> 3420
c:\program files (x86)\HBLite\bin\11.0.258.0\HBLiteSA.exe (Adware.Hotbar) -> 3484
Memory Modules Infected:
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\windows live\messenger\msimg32.dll (PUP.FunWebProducts)
c:\program files (x86)\mywebsearch\bar\3.bin\F3REPROX.DLL (PUP.FunWebProducts)
c:\program files (x86)\QuestDns\questdns.dll (Adware.Agent.ZGen) -> Delete on reboot.
c:\program files (x86)\HBLite\bin\11.0.258.0\hblitesahook.dll (Adware.Hotbar) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts)
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestDns Service (Adware.Agent.ZGen)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato)
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato)
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato)
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar)
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar)
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar)
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar)
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar)
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar)
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar)
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar)
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato)
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato)
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar)
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato)
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato)
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato)
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato)
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch)
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports)
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar)
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar)
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer)
HKEY_LOCAL_MACHINE\SOFTWARE\QuestDns (Adware.QuestDns)
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestDns (Adware.QuestDns)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer)
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch)
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\643235842 (Trojan.FakeAlert) -> Value: 643235842
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBLiteSA (Adware.Hotbar) -> Value: HBLiteSA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.489.0 (Adware.HotBar) -> Value: ShopperReports 3.0.489.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790577B4765A5A35A993 (Malware.Trace) -> Value: SRS_IT_E8790577B4765A5A35A993
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\DAWSON~1\AppData\Local\Temp\csrss.exe) Good: ()
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user1\AppData\Local\wut.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe)
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user1\AppData\Local\wut.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode)
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user1\AppData\Local\wut.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe)
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\user1\AppData\Local\wut.exe" -a "%1" %*) Good: ("%1" %*)
Folders Infected:
c:\programdata\38303623 (Rogue.Multiple)
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo)
c:\Users\user1\AppData\Roaming\HBLite (Adware.Hotbar)
c:\programdata\HBLiteSA (Adware.Hotbar)
c:\programdata\queryexplorer (Adware.QueryExplorer)
c:\programdata\QuestDns (Adware.QuestDns)
c:\Users\user1\AppData\Roaming\shopperreports3 (Adware.ShopperReports)
c:\program files (x86)\funwebproducts (Adware.MyWebSearch)
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch)
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch)
c:\program files (x86)\HBLite (Adware.Hotbar)
c:\program files (x86)\HBLite\bin (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0 (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0\firefox (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0\firefox\extensions (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\plugins (Adware.Hotbar)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97} (Adware.QuestDns)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome (Adware.QuestDns)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults (Adware.QuestDns)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults\preferences (Adware.QuestDns)
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\2.bin (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar\3.bin\chrome (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch)
c:\program files (x86)\queryexplorer (Adware.QueryExplorer)
c:\program files (x86)\QuestDns (Adware.QuestDns)
c:\program files (x86)\shopperreports3 (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0 (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports)
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar)
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports)
Files Infected:
c:\Users\user1\AppData\Roaming\dwm.exe (Trojan.Agent)
c:\Users\user1\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent)
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch)
c:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch)
c:\program files (x86)\windows live\messenger\msimg32.dll (PUP.FunWebProducts)
c:\program files (x86)\mywebsearch\bar\3.bin\F3REPROX.DLL (PUP.FunWebProducts)
c:\Users\user1\AppData\Local\wut.exe (Trojan.FakeAlert)
c:\program files (x86)\QuestDns\questdns.dll (Adware.Agent.ZGen)
c:\programdata\QuestDns\questdns179.exe (Adware.Agent.ZGen)
c:\program files (x86)\QuestDns\questdns.exe (Adware.Agent.ZGen)
c:\program files (x86)\HBLite\bin\11.0.258.0\HBLiteSA.exe (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0\hblitesahook.dll (Adware.Hotbar)
c:\program files (x86)\mywebsearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\shopperreports.dll (Adware.ShopperReports)
c:\program files (x86)\mywebsearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\Pltfrm.dll (Adware.ShopperReports)
c:\program files (x86)\mywebsearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\mozillaps.dll (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\CmndFF.dll (Adware.ShopperReports)
c:\program files (x86)\mywebsearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch)
c:\program files (x86)\HBLite\bin\11.0.258.0\hblitesaax.dll (Adware.Hotbar)
c:\program files (x86)\mywebsearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\cntntcntr.dll (Adware.ShopperReports)
c:\program files (x86)\mywebsearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\BRNstIE.dll (Adware.ShopperReports)
c:\program files (x86)\mywebsearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch)
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts)
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts)
c:\Users\user1\downloads\setupgamevance.exe.part (PUP.GamesVance)
c:\Users\user1\downloads\systempack106_2211.exe (Rogue.IAV2011)
c:\Users\user1\local settings\drx.exe (Trojan.FakeAlert)
c:\Users\user1\local settings\mwsautSp.exe (Adware.MyWebSearch)
c:\Users\user1\local settings\wut.exe (Trojan.FakeAlert)
c:\Users\user1\local settings\application data\drx.exe (Trojan.FakeAlert)
c:\Users\user1\local settings\application data\mwsautSp.exe (Adware.MyWebSearch)
c:\Users\user1\local settings\application data\wut.exe (Trojan.FakeAlert)
c:\Users\user1\AppData\Roaming\microsoft\Windows\start menu\Programs\security tool.lnk (Rogue.SecurityTool)
c:\Users\user1\AppData\Local\Temp\csrss.exe (Trojan.Agent)
c:\programdata\38303623\38303623.exe (Rogue.Multiple)
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar)
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar)
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar)
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar)
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar)
c:\programdata\queryexplorer\queryexplorer119.exe (Adware.QueryExplorer)
c:\programdata\queryexplorer\queryexplorer123.exe (Adware.QueryExplorer)
c:\programdata\queryexplorer\queryexplorer127.exe (Adware.QueryExplorer)
c:\programdata\QuestDns\questdns129.exe (Adware.QuestDns)
c:\program files (x86)\HBLite\bin\11.0.258.0\hbliteuninstaller.exe (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\chrome.manifest (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\install.rdf (Adware.Hotbar)
c:\program files (x86)\HBLite\bin\11.0.258.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome.manifest (Adware.QuestDns)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\install.rdf (Adware.QuestDns)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome\questdns.jar (Adware.QuestDns)
c:\program files (x86)\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults\preferences\prefs.js (Adware.QuestDns)
c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\2.bin\M3FFTBPR.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\2.bin\M3PATCH.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\chrome.manifest (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3REGHK.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\INSTALL.RDF (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3AUXSTB.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3DLGHK.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\M3TPINST.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\MWSMLBTN.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\MWSUABTN.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch)
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch)
c:\program files (x86)\queryexplorer\queryexplorer.dll (Adware.QueryExplorer)
c:\program files (x86)\queryexplorer\queryexplorer.exe (Adware.QueryExplorer)
c:\program files (x86)\QuestDns\uninstall.exe (Adware.QuestDns)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\link.ico (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\shopperreportsuninstaller.exe (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports)
c:\program files (x86)\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports)
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar)
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports)
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports)
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports)
Ing. Joshua Marius
Windows 10 Pro x64 20H2
Intel Core i7-3770K, 4.5 Ghz
ASUS P8Z68-V LX
Disco 1: Samsung SSD 850 EVO 500 GB
RAID 1: Seagate ST3000DM001 3TB
CORSAIR Vengeance 16 GB DDR3 1600
NVIDIA GeForce GTX 1060
Arriba
Responder

Volver a “Infecciones y Soluciones - Virus, Trojanos, Spyware, Rogue, Malware, etc.”