Windows 10: Remove PUP application from DVD Drive (F:) CDROM

Sorry about the delay in responding...Apparently, I came down with my own "virus," and wiped me out, ugh. I am in the process of running the ESET, and will post those results when it completes. Yeah, I should close all or any open windows, but wanted to give you a heads up. *092

 

Sorry about the misguided location of the Malwares scan. Here it is:

The results of Junkware Removal:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x86
Ran by MyrnaZ (Administrator) on Mon 08/08/2016 at 11:06:30.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\MyrnaZ\AppData\Roaming\Mozilla\Firefox\Profiles\swc237wp.default-1431645510788\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\content\reminderfox\searchbar\rmSearch.xml (File)
Successfully deleted: C:\Users\MyrnaZ\AppData\Roaming\Mozilla\Firefox\Profiles\swc237wp.default-1431645510788\extensions\staged (Folder)
Successfully deleted: C:\Users\MyrnaZ\Documents\add-in express (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_F3B2E431-CB7868A8.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf (File)



Registry: 8

Successfully deleted: HKLM\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A528727A-EE60-4373-BE61-E09B7553A601} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B108B3CA-E254-4A4A-98F7-02ECD969B1EF} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FA640EF7-4E43-420C-BF32-A8D56291F7EE} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{6dfc55bb-bfff-485a-9709-90c3fdf6db58} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/08/2016 at 11:14:30.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Wait, JRT is NOT Mbam? Of course not, or its name would say it was....once again, ugh! To think I thought intelligence was one of my strong points! Oh, Crap! ESET is now in the red! It is not halfway done...Do I still run the Mbam, after? Of course, I have to run it. Then what?

 

Rambling on, (not a Zeppelin ref *Smile ...: I had to Stop the ESET scan during its last 5-8%, because lines blacked out. Example:




I am certain the scan was still in progress (?), but without seeing its results or my options what is the purpose to continue? Right before the screen put "blindfolds" on 8 threats were detected, but I did not take notice of where taking for granted a log would give me that info. I will run it again, but after Malwarebytes, again. I, still do not know if this is the right scan, because it looks no different.

I made sure "rootkits" was checked and covered all drives. What am I missing?

Thanks

 

Hi.
ESET have just updated their online scan recently and I can tell you, I have had the same exact problem on three different systems over the past 2 days. After a while, it just locks up too. I don't know what they've done, but it's not pretty. *Sad

I've had to select a custom scan and tell it to scan parts of drive C, then after that finishes I tell it to scan the next parts of drive C, and then the next, until I get through a full scan of the C drive. What a pain! Well, ESET should be done last, as it is usually the "all-clear" tell-tale scan for us. But, it seems we can't depend on them right now.

The log file for ESET can be found in %userprofile%\AppData\Local\Temp\log.txt
You can post what it's done so far.

Malwarebytes Antimalware (MBAM for short) log files are in the program in the HISTORY section; select Application logs on the left, then double-click the SCAN LOG from today and select EXPORT.

 

Not missing anything - that's correct. Hope you're feeling better. *Smile

 

Bad news, but Malwarebytes will fix it, right? I have not done anything, but take a snapshot:





I assume "Remove Selected" is the correct choice, here.

 

Here is today's Mbam log (heavy sigh):

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 8/14/2016
Scan Time: 6:56 PM
Logfile: Mbam log 8-15-16.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.15.01
Rootkit Database: v2016.08.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: MyrnaZ

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 650015
Time Elapsed: 5 hr, 2 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.Poweliks.B, HKU\S-1-5-21-2048041476-2006749296-819459500-1035_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [baa397b466340a2c842de121ed13966a],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

No need to keep these quarantined, right? I should delete?

 

Yes, remove both entires from quarantine. They don't pose any threat there, but why have them on your system, eh?

Run one more scan please

Kaspersky TDSSKiller: Detect / Repair TDSS Rookits - Windows 7 Help Forums

Note: Tick Loaded modules last.
When this option is selected, a dialog window requests a restart to load a specialized monitor.
Press OK to restart your machine and load the driver - answer yes to the allow prompt after the machine restarts.

 

Hi.
Sorry for the delay, as I have been busy cleaning out an infected laptop this morning...*Wink

Poweliks is a very tricky infection, as it leaves no trace of it's infection anywhere except in some registry keys. It also brings in other infections. You can read more on it here:

logo-symantec-dark-source

Trojan.Poweliks | Symantec

Although MBAM is very good, and indeed identified what we're dealing with, I would like you to also follow the instructions here at Bleeping Computer, to make absolutely sure this infection is eradicated.
How to remove the Poweliks Trojan (Removal Guide)

 

The download is under "Reimage" compatible with my pc....when I clicked your link and then Kapersky download.
http://www.reimageplus.com/lp/sqh/in...keyword=direct

I am a pain, but trying to do things right. This is so ridiculous, but whatever "flips their switch," meaning those behind this dooky. I can imagine the theories of conspiracy are endless, or the discussions being endless, anyway...such as mine, here.

I am not going to second guess my better judgement, so I shall proceed. You do not want me bugging you endlessly like....ummm (I will not finish that sentence for fear of offending any, many, or all persons). Fill in the blank however fits best for you. Oh, by the way I could not find the log for ESET, so? Here goes....

 

Oh .... you just got bit by the ad bug on SevenForums.

If you're not logged on - you see adverts. Reimage must be one of those ads.

Do NOT download anything that isn't part of the tutorial
TDSSkiller
Virustotal uploader

are the only two things off the top of my head that you are directed to download.
Glad you asked - not a PIAn at all.

simrick pointed you to a specific removal tool for the detected malware. Run simrick's suggestion first

In the Bleeping Computer guide, it asks you to run some of the same scans you already ran.
Follow the guide step-by-step including the repeats - this makes sure no reinfection occurs
simrick might tell you otherwise - I'll defer to her on that.

, then run TDDSkiller, but ignore any downloads in the ads *Eek

 

Okay guys, this is where the training wheels come off, because I am getting on my own nerves, but since "reimage" shows:





the Security Threats are good.
I know what to do next, and want to thank you for Everything, including your patience. You are awesome in what you do, and do not make people feel stupid for being less knowledgeable (i.e. stupid *Homer Drooling) as what is common sense to you. I can not give back the time spent on helping me, but it is not without appreciation! If you ever need a mechanic for advice or a how-to for good ol' American cars you know where to find me. Hey, my love of muscle cars carried a 9/16 and 1/2 in. wrench in my purse at all times, lol. I know things...........

Sincerest thanks,

 

Hold on .... don't hit that button

I just looked at the reimage page and it seems to be one of those fluff programs. Scan, scare, sell

I hope you didn't pony up any money - I always suggest FREE software unless only a paid license will work (and I'm up front about the cost)

anything those programs say they can do for a price - you can do for free. More importantly, you know what you did.

If you already hit the button - do NOT go any further with ReImage.

If you paid for it, I'd take them up on their money back guarantee.

Once you get your money back (if you paid anything for it)
Uninstall it

 

Pick up from where you left off with Mbam: Post# 37