Hello here in 2015 year,
Happy near year dear friends.
I had a such trouble in just a few minutes ago, maybe it is new year gifts from kind ,,friends"
I were on google chrome and had open only Facebook and i tried to another site when my Malware Anti-malwarebytes was poping up a windows that it detected a malware backdoor.bot, after i was not able run a chrome too, after i ran scan MBAM and see attached log file. What happened? Thanks in advanced.
log result:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/06 21:04:23 +0400</date>
<logfile>mbam-log-2015-01-06 (21-04-21).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.06.07</malware-database>
<rootkit-database>v2015.01.06.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Gelapir</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>334506</objects>
<time>976</time>
<processes>8</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5208</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5684</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5928</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>4420</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>6048</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>4460</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5712</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5380</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<file><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>success</action><hash>6799a65a87798e72caa02bdabb47e818</hash></file>
<file><path>C:\Users\Gelapir\Downloads\EliteUnzipSetup.EliteUnzip_aa.gpdjcoccminpbgmiffhifdcnelpojeeb.ch.exe</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>d030b34d54ac12eead885a8bc53c8977</hash></file>
<file><path>C:\Users\Gelapir\Downloads\ZonaSetup_latest.exe</path><vendor>PUP.Optional.Zona</vendor><action>success</action><hash>f60a8b75bd430af6511f8dd5dd240bf5</hash></file>
</items>
</mbam-log>
Adwcleaner results, i also uninstall chrome from notebook, should now install it again?
# AdwCleaner v4.106 - Report created 06/01/2015 at 21:42:58
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Gelapir - ION
# Running from : C:\Users\Gelapir\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Google Chrome v
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={A63B1F83-FB75-4A8B-B8CC-CC4E29C60FF4}&mid=6bfab472704147d2b4a1d1569647ab39-bc3ba63bbfa62fde5b2f05d00a4d22ef44e68eb9&lang=en&ds=gf011&coid=avgtbdisgf&cmpid=&pr=sa&d=2014-09-17%2001:19:53&v=18.1.9.799&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1085 octets] - [18/05/2014 20:39:10]
AdwCleaner[R1].txt - [2157 octets] - [22/07/2014 20:53:48]
AdwCleaner[R2].txt - [1548 octets] - [04/09/2014 22:03:17]
AdwCleaner[R3].txt - [1387 octets] - [07/09/2014 22:30:36]
AdwCleaner[R4].txt - [2170 octets] - [22/11/2014 19:23:10]
AdwCleaner[R5].txt - [1436 octets] - [05/12/2014 20:59:38]
AdwCleaner[R6].txt - [3437 octets] - [06/01/2015 21:41:34]
AdwCleaner[S0].txt - [1116 octets] - [18/05/2014 20:40:08]
AdwCleaner[S1].txt - [2167 octets] - [22/07/2014 20:55:16]
AdwCleaner[S2].txt - [1581 octets] - [04/09/2014 22:04:26]
AdwCleaner[S3].txt - [1450 octets] - [07/09/2014 22:31:39]
AdwCleaner[S4].txt - [2251 octets] - [22/11/2014 19:24:32]
AdwCleaner[S5].txt - [1500 octets] - [05/12/2014 21:02:10]
AdwCleaner[S6].txt - [3372 octets] - [06/01/2015 21:42:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3432 octets] ##########
Happy near year dear friends.
I had a such trouble in just a few minutes ago, maybe it is new year gifts from kind ,,friends"
I were on google chrome and had open only Facebook and i tried to another site when my Malware Anti-malwarebytes was poping up a windows that it detected a malware backdoor.bot, after i was not able run a chrome too, after i ran scan MBAM and see attached log file. What happened? Thanks in advanced.
log result:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/06 21:04:23 +0400</date>
<logfile>mbam-log-2015-01-06 (21-04-21).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.06.07</malware-database>
<rootkit-database>v2015.01.06.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Gelapir</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>334506</objects>
<time>976</time>
<processes>8</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5208</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5684</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5928</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>4420</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>6048</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>4460</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5712</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5380</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<file><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>success</action><hash>6799a65a87798e72caa02bdabb47e818</hash></file>
<file><path>C:\Users\Gelapir\Downloads\EliteUnzipSetup.EliteUnzip_aa.gpdjcoccminpbgmiffhifdcnelpojeeb.ch.exe</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>d030b34d54ac12eead885a8bc53c8977</hash></file>
<file><path>C:\Users\Gelapir\Downloads\ZonaSetup_latest.exe</path><vendor>PUP.Optional.Zona</vendor><action>success</action><hash>f60a8b75bd430af6511f8dd5dd240bf5</hash></file>
</items>
</mbam-log>
Adwcleaner results, i also uninstall chrome from notebook, should now install it again?
# AdwCleaner v4.106 - Report created 06/01/2015 at 21:42:58
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Gelapir - ION
# Running from : C:\Users\Gelapir\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Google Chrome v
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={A63B1F83-FB75-4A8B-B8CC-CC4E29C60FF4}&mid=6bfab472704147d2b4a1d1569647ab39-bc3ba63bbfa62fde5b2f05d00a4d22ef44e68eb9&lang=en&ds=gf011&coid=avgtbdisgf&cmpid=&pr=sa&d=2014-09-17%2001:19:53&v=18.1.9.799&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1085 octets] - [18/05/2014 20:39:10]
AdwCleaner[R1].txt - [2157 octets] - [22/07/2014 20:53:48]
AdwCleaner[R2].txt - [1548 octets] - [04/09/2014 22:03:17]
AdwCleaner[R3].txt - [1387 octets] - [07/09/2014 22:30:36]
AdwCleaner[R4].txt - [2170 octets] - [22/11/2014 19:23:10]
AdwCleaner[R5].txt - [1436 octets] - [05/12/2014 20:59:38]
AdwCleaner[R6].txt - [3437 octets] - [06/01/2015 21:41:34]
AdwCleaner[S0].txt - [1116 octets] - [18/05/2014 20:40:08]
AdwCleaner[S1].txt - [2167 octets] - [22/07/2014 20:55:16]
AdwCleaner[S2].txt - [1581 octets] - [04/09/2014 22:04:26]
AdwCleaner[S3].txt - [1450 octets] - [07/09/2014 22:31:39]
AdwCleaner[S4].txt - [2251 octets] - [22/11/2014 19:24:32]
AdwCleaner[S5].txt - [1500 octets] - [05/12/2014 21:02:10]
AdwCleaner[S6].txt - [3372 octets] - [06/01/2015 21:42:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3432 octets] ##########