Author Topic: Codec V  (Read 940 times)

Offline tapentp

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Codec V
« on: September 15, 2012, 03:57:27 AM »
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.14.07

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Illume :: ILLUME-PC [administrator]

Protection: Disabled

9/14/2012 6:28:48 PM
mbam-log-2012-09-14 (18-28-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203975
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) -> No action taken.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> No action taken.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\TheBflix (PUP.BFlix) -> No action taken.

Files Detected: 18
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\lnofjfgpjkcbabcepdemehgpegljjmel.crx (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\nbciagcealjdgkihkfgcccohddefbbdd.crx (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflixUpdater\updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Rap Drum One Shots.rar.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (3).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\62S9BP94\4fdbe76448e58[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\8BK83PWH\updater[1].exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\V3N5G5XV\updater[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)




OTL did not open up 2 notepad documents...no Extras.Txt is found.



















Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.14.07

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Illume :: ILLUME-PC [administrator]

Protection: Disabled

9/14/2012 6:28:48 PM
mbam-log-2012-09-14 (18-28-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203975
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) -> No action taken.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> No action taken.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\TheBflix (PUP.BFlix) -> No action taken.

Files Detected: 18
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\lnofjfgpjkcbabcepdemehgpegljjmel.crx (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\nbciagcealjdgkihkfgcccohddefbbdd.crx (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflixUpdater\updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Rap Drum One Shots.rar.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (3).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\62S9BP94\4fdbe76448e58[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\8BK83PWH\updater[1].exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\V3N5G5XV\updater[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)



Offline Pondus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 21645
  • Gender: Male
    • Personal Message (Offline)
Re: Codec V
« Reply #1 on: September 15, 2012, 09:08:39 AM »
as you see in your Malwarebytes log, many items are not automatically marked for removal .....NO ACTION TAKEN
if you want the removed, update your Malwarebytes, run quick scan, then make sure they are marked for removal and click "remove selected" button

also attach AdwCleaner / aswMBR logs
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now