Jump to content


Photo

Malwarebytes didnt detect win32/bundled.toolbar.ask virus

remove virus

  • Please log in to reply
4 replies to this topic

#1 frankduc

frankduc

    New Member

  • Members
  • Pip
  • 16 posts

Posted 26 April 2013 - 09:24 AM

Hi,

Malwarebytes did'nt detect win32/bundled.toolbar.ask virus, it was found by ESET online scanner.

According to ESET it was in docandsetting/adm/localsettings/temp/apnstub.exe.

I deleted the file in docandsett and also in regedit.

Do you think i'm ok and i can relax.
Cause i saw another page on the forum related to that virus or malware and the guy had more infected files but went throught a bunch of scanning process.

Should i do the same and try what exactly?

Frank
Thank you

#2 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,024 posts
  • Gender:Male
  • Location:USA

Posted 26 April 2013 - 09:39 AM

Hello and Welcome to Malwarebytes

Malware and viruses change on an hourly basis so its hard for any one product to detect everything right away. That being said, its hard to say if you can now relax without checking your logs....

Being that you think you may be infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#3 frankduc

frankduc

    New Member

  • Members
  • Pip
  • 16 posts

Posted 26 April 2013 - 10:51 AM

Here's the result:

JTR:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by adm on 2013-04-26 at 11:29:51,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8BDCB7F-7CCF-4A3E-B220-BE3CA095CC9C}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\APNTOOLBARINSTALLER.EXE-0E28109B.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\adm\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-04-26 at 11:32:31,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JTR2:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by adm on 2013-04-26 at 11:35:38,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\adm\Application Data\mozilla\firefox\profiles\o7q6l11z.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-04-26 at 11:38:06,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ADWARECL2

# AdwCleaner v2.202 - Rapport créé le 26/04/2013 à 11:40:47
# Mis à jour le 23/04/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : adm - D7F70391
# Mode de démarrage : Normal
# Exécuté depuis : C:\Documents and Settings\adm\Bureau\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\Conduit
Dossier Présent : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\CT2653012
Dossier Présent : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

***** [Registre] *****

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Clé Présente : HKLM\Software\MetaStream
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Clé Présente : HKLM\Software\Viewpoint

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s4wiatli.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [2530 octets] - [26/04/2013 11:39:17]
AdwCleaner[R2].txt - [2461 octets] - [26/04/2013 11:40:47]

########## EOF - C:\AdwCleaner[R2].txt - [2521 octets] ##########


ADWCLEANER S1:

# AdwCleaner v2.202 - Rapport créé le 26/04/2013 à 11:41:13
# Mis à jour le 23/04/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : adm - D7F70391
# Mode de démarrage : Normal
# Exécuté depuis : C:\Documents and Settings\adm\Bureau\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\Conduit
Dossier Supprimé : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\CT2653012
Dossier Supprimé : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

***** [Registre] *****

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Clé Supprimée : HKLM\Software\MetaStream
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Clé Supprimée : HKLM\Software\Viewpoint

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s4wiatli.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Documents and Settings\adm\Application Data\Mozilla\Firefox\Profiles\o7q6l11z.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [2530 octets] - [26/04/2013 11:39:17]
AdwCleaner[R2].txt - [2590 octets] - [26/04/2013 11:40:47]
AdwCleaner[S1].txt - [2538 octets] - [26/04/2013 11:41:13]

########## EOF - C:\AdwCleaner[S1].txt - [2598 octets] ##########


RKreport1:

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-to...-Remontees.html
Site Web : http://www.sur-la-to...om/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : adm [Droits d'admin]
Mode : Recherche -- Date : 26/04/2013 11:45:32
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-75NCB1 +++++
--- User ---
[MBR] b4922cfe6062b12456b46fa00283b7ba
[BSP] 1409156998e9b70ec4e339e44f8064e5 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149456 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306198900 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_26042013_114532.txt >>
RKreport[1]_S_26042013_114532.txt



RKREPORT2

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-to...-Remontees.html
Site Web : http://www.sur-la-to...om/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : adm [Droits d'admin]
Mode : Suppression -- Date : 26/04/2013 11:46:41
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-75NCB1 +++++
--- User ---
[MBR] b4922cfe6062b12456b46fa00283b7ba
[BSP] 1409156998e9b70ec4e339e44f8064e5 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149456 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306198900 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2]_D_26042013_114641.txt >>
RKreport[1]_S_26042013_114532.txt ; RKreport[2]_D_26042013_114641.txt

#4 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,246 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 26 April 2013 - 11:17 AM

win32/bundled.toolbar.ask is not a virus.

At most it is a low level Potentially Unwanted Program (aka; PUP).

As noted, "Junkware Removal Tool (JRT) by Thisisu" It's Junkware and not necessarily malware.
David H. Lipman
DLipman@Verizon.Net

#5 frankduc

frankduc

    New Member

  • Members
  • Pip
  • 16 posts

Posted 26 April 2013 - 11:27 AM

Sorry i posted at the wrong place again.





Also tagged with one or more of these keywords: remove virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users