Potential Trojan help

So I logged the Sandboxing of an app, thinking sandboxing would tell me what the app did and prevent such actions from being done to the computer. Boy was I wrong!

Now I got the following:

  • sets value: “ProxyBypass”=“1” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “IntranetName”=“1” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “UNCAsIntranet”=“1” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “AutoDetect”=“0” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “ProxyBypass”=“1” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “IntranetName”=“1” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “UNCAsIntranet”=“1” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “AutoDetect”=“0” in key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap”
  • sets value: “%31%de%04%8f%20%40%40%93%1b%08%a6%49%36%8d%a2%a0%dd%7c%b5%09%2d%03%da%70%9a%ca%4a%ff%1d%af%a2%eb”=“10539647961,1389068434” in key “HKCU\Software\Microsoft\Windows\CurrentVersion”

I run windows 8.1 and think these reg files may be the opening of a Trojan flood gate, per: http://www.lavasoft.com/mylavasoft/malware-descriptions/blog/trojandownloaderwin32beebonebr and http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=22970

May someone with windows 8.1 cross check the values on their computer please?

Why did sandboxing not block these changes?

if you want a malware check, start a topic in viruses and worms forum section and follow instructions here http://forum.avast.com/index.php?topic=53253.0

attach logs from malwarebytes / OTL / aswMBR

when done a malware expert will help you…