[FYI] New infection(s)

[Xander]

Got a disinfection on the workbench. Customer had tried to remove it himself and did a good effort -- HitmanPro, ADWcleaner, MBAM, SAS, JRT, Rogue Killer and he's got KAV as his AV. Nothing was detecting it. From what he was describing, it sounded like a proxy hijack and audio ads and I confirmed that.

FWIW, the main culprit was "LocaProxy.exe" and "LocaProxyTracker.exe" and standard proxy settings. So add those to your D7II autokill list.
And clear the Proxy settings in HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Here's the thing. In the cleanup process, I pull up as much info as I can on these ones so I can feed it into my GFI MAV profile and D7II's kill lists and so on. In the image, the highlighted one was the main bad guy but I'm seeing the other two what is not being detected by the same scanners but, at least, are being recognized at VirusTotal.

This is the Tasks section of Autoruns:

Goes to show that, as good as Kaspersky is, it doesn't catch everything.

 

[nlinecomputers]

Do you have samples to submit to Kaspersky? It may be so new they haven't seen it yet.

 

[Xander]

Did it earlier. Even added the URL to my D7II for easier use next time.

 

[cypress]

Thanks for the heads up on this. Client called me about his computer acting up with a possible malware problem, the issue sounds strange. This will remind me to run Autoruns and check that out as well.

Edit: I know I am late to the party on this but have been using dUninstaller for about a week now and this is an AMAZING tool. Absolutely love it. Can't believe I missed it lol.

 

[Xander]

Yeah, I'm still nagging Nick for some changes to it - especially in making Tasks easier to manage (without having to type out paths every single time) and remove since that's where so many viruses seem to be starting themselves lately.