Resolved: Help Suspicious File came with a downloaded program

HI how is it going today everyone. Last night I downloaded Cnet download app to my computer because their was an update to this software. After I installed the program on my computer I had decided to do a scan with avast free lasted program version and lasted def files as well. Avast found no threats so then I decided to download Hitman pro from SurfRight. When hitman pro lasted version when it was done it said that a Suspicious files:
C:\Users\Clint\AppData\Roaming\CBS Interactive\Download App\isxdl.dll
Size . . . . . . . : 157,192 bytes

If you need the hitman pro log I have it if you need more information. The main reason I want to make sure this is not a virus or malware is because I have done some reading lately that has said that cnet’s downloader does have viruses in it. The other reason is because I want to be sure that cnet downloader did not install malware or a virus on my desktop computer as well.

I have also done some logs you can take a look at below.

Thanks avast team

some information that might be helpful:
Windows Vista 32 Bit

cnet downloader may contain PUP crap…

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners

Hi Diddy

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
O3 - HKU\S-1-5-21-2492121107-2453052434-1135818018-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2492121107-2453052434-1135818018-1005\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.

:commands
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

.

Please download zoek.exe and save it to your desktop.

[list]
[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



C:\Users\Clint\AppData\Roaming\CBS Interactive\Download App\isxdl.dll;virustotal;
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

edit.
Download zoek (zip) version

HI here is the otl log you wanted when otl was finished fixing everything.
here is that log below:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2492121107-2453052434-1135818018-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2492121107-2453052434-1135818018-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Clint
->Temp folder emptied: 88764685 bytes
->Temporary Internet Files folder emptied: 3158502 bytes
->Java cache emptied: 46019 bytes
->FireFox cache emptied: 35692365 bytes
->Google Chrome cache emptied: 400153377 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 678 bytes

User: Clint’s account
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kris and family

User: Kris and shane
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5890042 bytes

Total Files Cleaned = 509.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08232013_035834

Files\Folders moved on Reboot…
C:\Users\Clint\AppData\Local\Temp\fox1309.tmp moved successfully.
File move failed. C:\Windows\temp_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

zoek log file?

HI here the Zoek log file you wanted below:

How often are we seing you here Diddy? ;D

HI Steven I have been here often I now but any time I think my computer is slow I like to get it checked out so I do not end up with a bigger problem. It is not that I am going to bad websites or anything I stay to the legit websites but like this time I ended up downloading a file from a program I now well and I was concerned it had a virus with it so I thought I better get it checked out just in case.

Thanks Steven for your concern

rerun zoek with this script

emptyclsid;
emptyrecycle.bin;
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07};ff
jfmjfhklogoienhpfnppmbcbjfjnkonk;chr
loemjcdefhdidbjiflmobkpjohbfefee;chr
emptyalltemp;
autoclean;

Then repeat the run with this script

C:\Users\Clint\AppData\Roaming\CBS Interactive\Download App\isxdl.dll;virustotal;

Attach here logs

HI here are the Zoek results for August 24, 2012

here is the last code for the download app

Your PC is clean.

Thanks Argus for your help and advice

Talk to you later

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

Hi! I’ve got similar problem and I can’t find the decision anywhere((( I downloaded the file and then when I try to open a site in all the browsers I have except explorer it comes to download.cnet.com. But when I open my mail box the window appeares there that says me to send a SMS, it even doesn’t allow me to put the cursor to print in my login and password. Help me, please

Hi, xenia

Please open a new topic and we will try to help, thanks.