USB Flash disk Shortcut virus

wirosari · December 5, 2015

Dear Advisors,

Please help on USB Flashdisk virus.

Everytime I copy the file into flashdisk, it will change into a single icon.

the application Properties show:

%SystemRoot%\system32\rundll32.exe

\\\\\\\\\\\

{BE6CA885-0F1A-4843-AD53-CD0249AF3653}.

{BCAB370E-8EF7-4A3B-BB08-B3B4F6A8C2B6},

IuJvX9lNzbDpR3fe

This is seems random and changed everytime.

Kindly please help.

btw, is Jacee and FZWG still here.... <3

regards,

Lee

GMT +7

HIJACKTHIS LOG (Prohibited? oh sorry)

==============

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 14.55, on 05/12/2015

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Edited December 5, 2015 by wirosari

**Juliet** · December 6, 2015

There are tools designed to help with USB infections, I'll list what I know of.

Please go to Panda USB Vaccine

http://research.pandasecurity.com/panda-usb-vaccine-version-1-0-1-4/

You may read on how this tool prevent you from USB infections in the future.
Save the setup on your desktop.
Install it with the default settings ( you can change the installations folder if needed )
Make sure there is a checkmark on Launch Panda USB Vaccine and click finish.
Click on Vaccinate Computer

Now plug in your USB drives. Vaccine will prompt you to Vaccine the USB Drive(s). Please do so.

~~~~~~~~~~~~~~~~~~~~~`

MCShield Anti-Malware USB Tool is a lightweight scanner designed to prevent infections transmitted via removable drives (usb, external, camera cards). It's real-time protection is only real-time when you plug-in an external. MCShield should not be confused with mcshield.exe which is a process (module/driver) related to McAfee Anti-virus

* MSChield Documentation & Program Features

There is a lengthy discussion in this topic started by TwinHeadedEagle, a member of the MCShield developing team who sometimes visits our forums.

Download MCShield Anti-Malware USB Tool to your desktop and install

It will initially run a scan and show the result as a toaster by the system clock

Then in the control centre select scanner and tick unhide items on flash drives

mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

~~~~~~~~~~~~~~~~~~~~~~~

.

wirosari · December 7, 2015

Dear Juliet,

Thank you for your quick response.

I have tried 2 of your suggested tools:

1. Panda USB Vaccine

dont have a Cleaning Function - only vaccinating.

2. McShield Tools

Do the "active cleaning" ,

but the PC still attemps to makes a "RUNDLL32 + random files" to the USB Flashdisk

as soon as the USB re-plug-ed

Any idea about this Juliet?

Rgds,

Lee

==================================

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.12.6.1 / Windows XP <<<

07/12/2015 11.06.07 > Drive F: - scan started (DSP ~3679 MB, FAT32 flash drive )...

>>> F:\DSP (4GB).lnk - Malware > Deleted. (15.12.07. 11.06 DSP (4GB).lnk.990399; MD5: 170cea576b894e47df274ac29d9b293e)

> Resetting attributes: F:\ < Successful.

=> Malicious files : 1/1 deleted.

=> Hidden folders : 1/1 unhidden.

**Juliet** · December 7, 2015

I might be wrong but to me it suggests infection is already on the machine.

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan

After the restart, once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the scan log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply
Exit Malwarebytes

wirosari · December 8, 2015

Dear Jacee,

Here is the MBAM log. kindly pls check these items.

Scan completed Malware detected

NOTE: Not Deleted (Action: "Ignore Once")

Thank you very much,

Lee

===============

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 08/12/2015

Scan Time: 11.35

Logfile:

Administrator: Yes

Version: 2.2.0.1024

Malware Database: v2015.12.07.06

Rootkit Database: v2015.12.07.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: toto

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 277697

Time Elapsed: 7 min, 2 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 1

Trojan.Agent.PL, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|1348212572, "C:\Documents and Settings\All Users\mswcs.exe", No Action By User, [78cabbe72467ba7cd5f2961ff2105da3]

Registry Data: 0

(No malicious items detected)

Folders: 16

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl, No Action By User, [46fc841ed2b91a1cba10d0c272909769],

Files: 60

PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\My Documents\Downloads\Unlocker1.9.2.exe, No Action By User, [a59d287a4a410f27a0c2dfb5eb15de22],

PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\Local Settings\Temp\DeltaTB.exe, No Action By User, [c082267c870467cf431f9bf9936de41c],

PUP.Optional.Babylon, C:\Documents and Settings\toto\Local Settings\Temp\C5674E73-BAB0-7891-B09D-C90677A4E57D\Latest\BExternal.dll, No Action By User, [a1a1edb525666cca88f2270431cf6799],

Trojan.Agent.PL, C:\Documents and Settings\All Users\mswcs.exe, No Action By User, [78cabbe72467ba7cd5f2961ff2105da3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\am.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-128x128.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-16x16.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-19x19.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-38x38.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-48x48.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-64x64.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\background.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\channel.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\chromepopup.css, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\email.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\facebook.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\google_plus.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\imageoverlay.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.hoverIntent.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.lazyload.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.scrollstop.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery_swl-1.7.2.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\laugh.ico, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\manifest.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.css, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.html, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.html, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\qp.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\rate.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileys.htm, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileyscript.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\SmileysWeLove.ico, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_base.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_core.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_facebookchat.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_smileys.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\twitter.png, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\uuid.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\jquery.base64.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\similar_tr.js, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN\messages.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\computed_hashes.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\verified_contents.json, No Action By User, [3b0702a007843501ba23fc771ee43dc3],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\000003.log, No Action By User, [46fc841ed2b91a1cba10d0c272909769],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\CURRENT, No Action By User, [46fc841ed2b91a1cba10d0c272909769],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOCK, No Action By User, [46fc841ed2b91a1cba10d0c272909769],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG, No Action By User, [46fc841ed2b91a1cba10d0c272909769],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG.old, No Action By User, [46fc841ed2b91a1cba10d0c272909769],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\MANIFEST-000001, No Action By User, [46fc841ed2b91a1cba10d0c272909769],

Physical Sectors: 0

(No malicious items detected)

(end)

Edited December 8, 2015 by wirosari

**Jacee** · December 8, 2015

Hi wirosari, please follow Juliet's instructions.

**Juliet** · December 8, 2015

Hi wirosari

If possible, run the scan again and allow it to remove/quarantine what is found.

wirosari · December 8, 2015

Dear Juliet (and Jacee) - Glad to hear from you!

Sorry to wrongly understand. I should be clicked "Remove All"

I will running the MBAM again.

I am not on the computer right now, so I will back to later.

regards,

Lee

**Juliet** · December 8, 2015

wirosari · December 10, 2015

Dear Juliet/Jacee, (and also.... Nasdaq).

Both are my valuable and trusted resources!

Computer had been scanned with MBAM & 77 objects quarantined.

Here is the MBAM LOG. Kindly please analyze.

Thank you very much,

Lee

======================

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/12/2015

Scan Time: 10.20

Logfile:

Administrator: Yes

Version: 2.2.0.1024

Malware Database: v2015.12.09.07

Rootkit Database: v2015.12.07.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: toto

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 277440

Time Elapsed: 6 min, 14 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 1

Trojan.Agent.PL, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|1348212572, "C:\Documents and Settings\All Users\mswcs.exe", Quarantined, [4ac12e757219f93dcd600cac9c669967]

Registry Data: 0

(No malicious items detected)

Folders: 16

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [b358aef5028975c1fe174f4630d28a76],

Files: 60

PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\My Documents\Downloads\Unlocker1.9.2.exe, Quarantined, [c348f6ad91faa88ec9298d0729d7ce32],

PUP.Optional.Delta.ShrtCln, C:\Documents and Settings\toto\Local Settings\Temp\DeltaTB.exe, Quarantined, [2fdc8c1777147bbb8072eea6a35d03fd],

PUP.Optional.Babylon, C:\Documents and Settings\toto\Local Settings\Temp\C5674E73-BAB0-7891-B09D-C90677A4E57D\Latest\BExternal.dll, Quarantined, [cb409112ee9da591cbaaf932837d3dc3],

Trojan.Agent.PL, C:\Documents and Settings\All Users\mswcs.exe, Delete-on-Reboot, [4ac12e757219f93dcd600cac9c669967],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\am.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-128x128.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-16x16.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-19x19.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-38x38.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-48x48.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\application-64x64.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\background.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\channel.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\chromepopup.css, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\email.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\facebook.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\google_plus.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\imageoverlay.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.hoverIntent.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.lazyload.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery.scrollstop.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\jquery_swl-1.7.2.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\laugh.ico, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\manifest.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.css, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.html, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\options.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.html, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\popup.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\qp.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\rate.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileys.htm, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\smileyscript.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\SmileysWeLove.ico, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_base.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_core.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_facebookchat.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\swl_smileys.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\twitter.png, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\uuid.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\jquery.base64.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\similar\similar_tr.js, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\da\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\de\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\en\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\es_419\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\fr\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_BR\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\pt_PT\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\ru\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_locales\zh_CN\messages.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\computed_hashes.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.BProtector, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.9.0_0\_metadata\verified_contents.json, Quarantined, [23e8a5fef2992214d0586f07d42ee917],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\000003.log, Quarantined, [b358aef5028975c1fe174f4630d28a76],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\CURRENT, Quarantined, [b358aef5028975c1fe174f4630d28a76],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOCK, Quarantined, [b358aef5028975c1fe174f4630d28a76],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG, Quarantined, [b358aef5028975c1fe174f4630d28a76],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\LOG.old, Quarantined, [b358aef5028975c1fe174f4630d28a76],

PUP.Optional.SmileysWeLove, C:\Documents and Settings\toto\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl\MANIFEST-000001, Quarantined, [b358aef5028975c1fe174f4630d28a76],

Physical Sectors: 0

(No malicious items detected)

(end)

Edited December 10, 2015 by wirosari

**Juliet** · December 10, 2015

How is the computer now?

wirosari · December 12, 2015

Dear Jacee,

So far so good.

I've try a couple of times on this computer.

Without any reinfections.

I will also try this on other computers.

Can the conventional anti-virus still effective to protect this kind of infections?

Or do you have any suggestions?

regards,

Lee

**Juliet** · December 12, 2015

I'm not Jacee but I'll give you my opinion

If you use antivirus, USB Vaccine tools, MBAM your on your way to a good protection setup.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

wirosari · December 17, 2015

Dear Juliet (sorry :yup: LOL) and PC Pitstop team,

Thank you very much for great help.

On another computer, I scanned with MBAM (Malware Bytes Anti Malware) .

The UFD still became to be one Shortcut.

For info then I tried to use EMSISOFT Emergency Kit

http://download.cnet.com/Emsisoft-Free-Emergency-Kit/3000-2239_4-75219878.html

and finally virus removed with NOD32 Online Scanner

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

Once again, thank you very much Juliet :clap:

regards,

Lee

==========================

C:\Documents and Settings\All Users\msflganu.exe a variant of Win32/Kryptik.EIEK trojan cleaned by deleting (after the next restart) - quarantined

C:\Program Files\netcut\netcut.exe a variant of Win32/NetTool.Netcut.A potentially unsafe application cleaned by deleting (after the next restart) - quarantined

D:\forta\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

D:\forta\avc-free_2.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

Operating memory multiple threats deleted (after the next restart) - quarantined

**Juliet** · December 17, 2015

If you plan to use Emsisoft Emergency Kit again, please download from here.

Please download Emsisoft Emergency Kit or Emsisoft Emergency Kit

Glad to hear it's better.

Edited December 17, 2015 by Juliet

Sign In

USB Flash disk Shortcut virus

Recommended Posts

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in