Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan? SysWOW64/rundll32 impersonator?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » July 3rd, 2014, 1:24 am

Okay, the log is here.

C:\Users\All Users\Fast And Safe\FastAndSafeSvc.dll a variant of Win32/SProtector.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ApptoU\ccCYiqF1Z9.dll.vir a variant of Win32/AdWare.MultiPlug.T application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ApptoU\ccCYiqF1Z9.exe.vir a variant of Win32/AdWare.MultiPlug.Y application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ApptoU\ccCYiqF1Z9.x64.dll.vir a variant of Win64/Adware.MultiPlug.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir Win32/Toolbar.Babylon.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\tperfeecttCOuapon\5M_s.x64.dll.vir a variant of Win64/Adware.MultiPlug.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\tpperfeacotcoupon\SnJBr1Mx.dll.vir a variant of Win32/AdWare.MultiPlug.T application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\tpperfeacotcoupon\SnJBr1Mx.exe.vir a variant of Win32/AdWare.MultiPlug.T application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\tpperfeacotcoupon\SnJBr1Mx.x64.dll.vir a variant of Win64/Adware.MultiPlug.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\jack\AppData\Local\Conduit\CT2260173\Swag_BucksAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\jack\AppData\LocalLow\Swag_Bucks\ldrtbSwag.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\jack\AppData\LocalLow\Swag_Bucks\tbSwag.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\jack\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\jack\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\Nexon\MapleStory\Hawt.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined
C:\Nexon\MapleStory\HawtMaple.exe a variant of MSIL/Packed.Confuser.G potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NEXON\Europe MapleStory\Hawt.exe a variant of MSIL/Packed.Confuser.G potentially unwanted application deleted - quarantined
C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined
C:\Users\jack\Documents\Downloads\Integrated_BrotherSoft_TB.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\jack\Downloads\CR_Downloader_for_pokemon-white-version-2.exe a variant of Win32/InstallCore.OI potentially unwanted application deleted - quarantined
C:\Users\jack\Downloads\SoftonicDownloader_for_microsoft-powerpoint.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\Users\jack\Downloads\Unconfirmed 510372.crdownload a variant of MSIL/Packed.Confuser.G potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\07012014_104257\C_ProgramData\Fast And Safe\FastAndSafe.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\07012014_104257\C_ProgramData\Fast And Safe\FastAndSafe_x64.dll a variant of Win64/SProtector.B potentially unwanted application deleted - quarantined
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm
Advertisement
Register to Remove

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » July 3rd, 2014, 1:45 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box. (don't include Code: Select all)
Code: Select all
:Files
C:\Users\All Users\Fast And Safe\FastAndSafeSvc.dll
C:\Nexon\MapleStory\Hawt.dll
C:\Nexon\MapleStory\HawtMaple.exe
C:\Program Files (x86)\NEXON\Europe MapleStory\Hawt.exe
C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll 
C:\Users\jack\Documents\Downloads\Integrated_BrotherSoft_TB.exe
C:\Users\jack\Downloads\CR_Downloader_for_pokemon-white-version-2.exe 
C:\Users\jack\Downloads\SoftonicDownloader_for_microsoft-powerpoint.exe
C:\Users\jack\Downloads\Unconfirmed 510372.*

:Commands
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.
  • Also let me know how your computer is running now please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » July 3rd, 2014, 12:58 pm

My computer has been perfectly normal now, I dont know what happened. And the nexon\maplestory\hawt thing was perfectly fine. I dont think it caused a virus or anything. It just keeps getting deleted.

========== FILES ==========
File\Folder C:\Users\All Users\Fast And Safe\FastAndSafeSvc.dll not found.
C:\Nexon\MapleStory\Hawt.dll moved successfully.
C:\Nexon\MapleStory\HawtMaple.exe moved successfully.
File\Folder C:\Program Files (x86)\NEXON\Europe MapleStory\Hawt.exe not found.
File\Folder C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll not found.
File\Folder C:\Users\jack\Documents\Downloads\Integrated_BrotherSoft_TB.exe not found.
File\Folder C:\Users\jack\Downloads\CR_Downloader_for_pokemon-white-version-2.exe not found.
File\Folder C:\Users\jack\Downloads\SoftonicDownloader_for_microsoft-powerpoint.exe not found.
File\Folder C:\Users\jack\Downloads\Unconfirmed 510372.* not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 07032014_095610
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » July 3rd, 2014, 1:32 pm

OK, well as far as I can see, your computer now looks clear of infection, and it's time to remove the programs we've been using to clean up.

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
  • AdwCleaner will close and uninstall itself

Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.

Next ...

Let's clear out OTL and the files and folders it created.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next ...

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check all the boxes then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Check to make sure all the programs we've used to clean your machine have been removed, if any remain please let me know.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.




.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » July 3rd, 2014, 2:13 pm

Thank you very much for your help!, I am wondering if I have to remove the Tweaking.com, registry creator application.
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » July 3rd, 2014, 5:37 pm

You're welcome, glad we could help. :)

Tweaking.com Registry Backup can be removed using Control Panel > Programs > Uninstall a program

Keep safe,

Gary

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 308 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware