1 reply to this topic

[DavidAR]

I did a full scan on a desktop running XP Pro SP3. It came up with:-

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\All Users\Application Data\IBUPDATERSERVICE\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
C:\Documents and Settings\David Rhind\Local Settings\Temp\is324156961\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Sandbox\David_Rhind\DefaultBox\drive\F\Downloads\Converterlite.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC88F30-6429-4F23-82BC-665D81C9AF86}\RP363\A0100778.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.I

So I re-booted and ran the scan again. And deleted "C:\System Volume Information\_restore{9EC...778.exe" again. Re-booted and it was still detected. Looking around the forum I found a posting that said to run RogueKiller. Did that. The log did not mention PUP.BundleInstaller. The curious thing is that this machine is not used to surf the Internet. It is connected but only for updating software etc, it's only used for backups of laptops, and they are not infected. So what should I try next?

David

Attached Files

•  RKreport1.txt   2.73KB   3 downloads

[Fatdcuk]

Greetings

We don't work on malware removal in this part of the forums.
Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.
One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you