ChiefsPlanet - View Single Post - Computers The Official Malware/Antivirus Thread - Need help or general advice? Read this first!

Mr. Plow · 12-05-2011, 06:10 PM

My son had the "Win 7 anitspyware 2012" virus: http://www.bleepingcomputer.com/viru...tispyware-2012

Followed the steps in the above link....rkill; malwarebytes; etc....Malwarebytes found it and I got it removed. Computer seems to be running fine now.

I've just rerun Malwarebytes a second time before doing another virus scan, here is a log of the files that it detects as malicious. Could someone in "the know" look at the files and make sure they are either A: malicious and need to be removed or B: normal and can be ignored on future scans.

I don't want to ignore something that I need to remove, and I definitely don't want to remove something that should be ignored.

Thanks!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8318

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/5/2011 6:02:51 PM
mbam-log-2011-12-05 (18-02-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 294023
Time elapsed: 29 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9193fbaf-bdaf-4751-a99a-1f5ef255c35b} (PUP.FCTPlugin) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl (PUP.FCTPlugin) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\Object (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> No action taken.

Files Infected:
c:\program files (x86)\Object\status.txt (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\chromeaddon.pem (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\config.ini (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\enable.txt (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\facetheme-apl_uninstall.exe (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\status2.txt (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> No action taken.
c:\program files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> No action taken.

12-05-2011, 06:10 PM	#204
Mr. Plow In Search of a Life Join Date: Dec 2005 Casino cash: $1977391	My son had the "Win 7 anitspyware 2012" virus: http://www.bleepingcomputer.com/viru...tispyware-2012 Followed the steps in the above link....rkill; malwarebytes; etc....Malwarebytes found it and I got it removed. Computer seems to be running fine now. I've just rerun Malwarebytes a second time before doing another virus scan, here is a log of the files that it detects as malicious. Could someone in "the know" look at the files and make sure they are either A: malicious and need to be removed or B: normal and can be ignored on future scans. I don't want to ignore something that I need to remove, and I definitely don't want to remove something that should be ignored. Thanks! Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8318 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/5/2011 6:02:51 PM mbam-log-2011-12-05 (18-02-41).txt Scan type: Full scan (C:\\|) Objects scanned: 294023 Time elapsed: 29 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{9193fbaf-bdaf-4751-a99a-1f5ef255c35b} (PUP.FCTPlugin) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9193FBAF-BDAF-4751-A99A-1F5EF255C35B} (PUP.FCTPlugin) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl (PUP.FCTPlugin) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\program files (x86)\Object (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> No action taken. Files Infected: c:\program files (x86)\Object\status.txt (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\chromeaddon.pem (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\config.ini (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\enable.txt (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\facetheme-apl_uninstall.exe (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\status2.txt (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> No action taken. c:\program files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> No action taken.
Posts: 30,809