system
1
Greetings.
This time the problem appeared about two weeks ago. my avast antivirus and my MBAM found several PUP all with the same label (Somoto) and some Trojans, was held for quarantine and removal, but a few days later reappeared the same problem, so I’ve been struggling with this PUP and Trojans it brings, these last two weeks.
I await your reply with a possible solution thanks in advance.
Herewith the last result of full system scan of avast (Threats Detected):
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Conntent.IE5\36WKHMLW\BiTool[1].dll - PPD:Win32:Somoto-J (PUP)
C:\Users\PC\AppData\Local\Temp\bitool.dll - PPD:Win32:Somoto-J (PUP)
system
3
Follow this guide: http://forum.avast.com/index.php?topic=53253.0
and attach ( Do not copy/paste ) logs for AdwCleaner, malwarebytes’ ( MBAM ), OTL, and aswMBR.exe.
If MBAM is clean and you have an old log where it shows the original detections better to attach that lo too.
system
4
here are the attachments
Well the MBAM did not find the Trojans, was the Avast Antivirus which found these Trojans. I am attaching the. Png of the two occasions when the Trojans were found and also MBAM logs with PUP.
On the other hand, I struggled with the aswmbr, the message appeared to me: avast anti-rootkit program stopped working and begged me to close the program so I could not complete the analysis.
The file C:/Windows/KMSEmulator.exe is an Crack for Microsoft Office, thats illegal.
system
9
Make sure of that. Most Security Forums which help with cleaning of malware will not help you out if using pirated or crack software.
Avast gives an error on that file.
I think it only sitting there when it has been used, so please clean this up.
Hi,
Re-run Adwcleaner, but now make sure to hit Clean button, after the scanning is complete.
Attach me that log.
Then…
Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:
Gmer download link
Note: file will be random named
Double-clicking to run GMER.
[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer );
Attach here Gmer logreports.
Then…
Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
AlternateDataStreams: C:\ProgramData\Temp:373E1720
C:\Users\PC\AppData\Local\Temp
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.