Malware

  • Thread starter Thread starter Compuuter
  • Start date Start date
C

Compuuter

Guest
Hello, does anyone know why at least once or twice every day, a popup wanting to update chromium appears in the command prompt window, an Internet Explorer shortcut appears on my desktop, and whenever I scan my computer with Malwarebytes and delete the stuff that's popping up, it reappears the next day when it requests an update. I don't have a screenshot of it, but I have a list of what Malwarebytes detected as a virus.



Malwarebytes

www.malwarebytes.com



-Log Details-

Scan Date: 4/3/20

Scan Time: 3:58 PM

Log File: ee4beca2-75ed-11ea-b0a7-98fa9bed049c.json



-Software Information-

Version: 4.1.0.56

Components Version: 1.0.859

Update Package Version: 1.0.21860

License: Free



-System Information-

OS: Windows 10 (Build 18362.720)

CPU: x64

File System: NTFS

User: username\username



-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 426977

Threats Detected: 40

Threats Quarantined: 0

Time Elapsed: 1 min, 52 sec



-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect



-Scan Details-

Process: 0

(No malicious items detected)



Module: 0

(No malicious items detected)



Registry Key: 7

PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3B67D3A7-6BE7-0227-DA67-72A70AE7A127}, No Action By User, 880, 542290, , , ,

PUP.Optional.SelectedSearch, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,

Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,



Registry Value: 1

PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,



Registry Data: 0

(No malicious items detected)



Data Stream: 0

(No malicious items detected)



Folder: 3

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}, No Action By User, 880, 542290, 1.0.21860, , ame,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB, No Action By User, 289, 757187, 1.0.21860, , ame,



File: 29

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\HowToRemove.html.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, 880, 542290, 1.0.21860, , ame,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\chromium-min.jpg, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\control panel-min-min.JPG, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\down.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff menu.JPG, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff search engine-min.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\lusername\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ff.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ie.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\search engine.gif, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\setup pages.gif, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\sp-min.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\start-min.jpg, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\up.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\recodifat, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\soticanot, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninst.exe, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninstp.dat, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\ff search engine-min.png.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\hp-min ff.png.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\search engine.gif.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\setup pages.gif.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB\2.2_0\MANIFEST.JSON, No Action By User, 289, 757187, 1.0.21860, , ame,

Malware.Generic.1507988344, C:\WINDOWS\SYSTEM32\TASKS\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

Malware.Generic.1507988344, C:\USERS\username\APPDATA\ROAMING\53DBCFCAA18E4814ACC204346AE876DB\MOGINIMIHE.EXE, No Action By User, 1000000, 0, 1.0.21860, 6257ECA0AC73052259E21378, dds, 00660683

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757186, 1.0.21860, , ame,



Physical Sector: 0

(No malicious items detected)



WMI: 0

(No malicious items detected)





(end)


If I go to the directory stated in some of them, C:\users\username\appdata\local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ ,

this is what is shown-

770d75b5-f226-4c71-912e-d998d2c2d477?upload=true.png


If anyone knows what any of this is- It would be greatly appreciated! I replaced my name with username in the directories for personal reasons.


Thanks

Continue reading...
 
Back
Top