Backdoor.bot

[IONx64]

Hello here in 2015 year,

Happy near year dear friends.

I had a such trouble in just a few minutes ago, maybe it is new year gifts from kind ,,friends"

I were on google chrome and had open only Facebook and i tried to another site when my Malware Anti-malwarebytes was poping up a windows that it detected a malware backdoor.bot, after i was not able run a chrome too, after i ran scan MBAM and see attached log file. What happened? Thanks in advanced.

---

log result:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/06 21:04:23 +0400</date>
<logfile>mbam-log-2015-01-06 (21-04-21).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.06.07</malware-database>
<rootkit-database>v2015.01.06.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Gelapir</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>334506</objects>
<time>976</time>
<processes>8</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5208</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5684</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5928</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>4420</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>6048</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>4460</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5712</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<process><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>5380</pid><hash>6799a65a87798e72caa02bdabb47e818</hash></process>
<file><path>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</path><vendor>Backdoor.Bot</vendor><action>success</action><hash>6799a65a87798e72caa02bdabb47e818</hash></file>
<file><path>C:\Users\Gelapir\Downloads\EliteUnzipSetup.EliteUnzip_aa.gpdjcoccminpbgmiffhi​fdcnelpojeeb.ch.exe</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>d030b34d54ac12eead885a8bc53c8977</hash></file>
<file><path>C:\Users\Gelapir\Downloads\ZonaSetup_latest.exe</path><vendor>PUP.Optional.Zona</vendor><action>success</action><hash>f60a8b75bd430af6511f8dd5dd240bf5</hash></file>
</items>
</mbam-log>

---

Adwcleaner results, i also uninstall chrome from notebook, should now install it again?

# AdwCleaner v4.106 - Report created 06/01/2015 at 21:42:58
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Gelapir - ION
# Running from : C:\Users\Gelapir\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v

[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={A63B1F83-FB75-4A8B-B8CC-CC4E29C60FF4}&mid=6bfab472704147d2b4a1d1569647ab39-bc3ba63bbfa62fde5b2f05d00a4d22ef44e68eb9&lang=en&ds=gf011&coid=avgtbdisgf&cmpid=&pr=sa&d=2014-09-17%2001:19:53&v=18.1.9.799&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gelapir\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1085 octets] - [18/05/2014 20:39:10]
AdwCleaner[R1].txt - [2157 octets] - [22/07/2014 20:53:48]
AdwCleaner[R2].txt - [1548 octets] - [04/09/2014 22:03:17]
AdwCleaner[R3].txt - [1387 octets] - [07/09/2014 22:30:36]
AdwCleaner[R4].txt - [2170 octets] - [22/11/2014 19:23:10]
AdwCleaner[R5].txt - [1436 octets] - [05/12/2014 20:59:38]
AdwCleaner[R6].txt - [3437 octets] - [06/01/2015 21:41:34]
AdwCleaner[S0].txt - [1116 octets] - [18/05/2014 20:40:08]
AdwCleaner[S1].txt - [2167 octets] - [22/07/2014 20:55:16]
AdwCleaner[S2].txt - [1581 octets] - [04/09/2014 22:04:26]
AdwCleaner[S3].txt - [1450 octets] - [07/09/2014 22:31:39]
AdwCleaner[S4].txt - [2251 octets] - [22/11/2014 19:24:32]
AdwCleaner[S5].txt - [1500 octets] - [05/12/2014 21:02:10]
AdwCleaner[S6].txt - [3372 octets] - [06/01/2015 21:42:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3432 octets] ##########

[Britec]

Does Malwarebytes come up clean now?

Please download Farbar Recovery Scan Tool from Here and save it to your desktop.
 
 Please Note: You need to run the right version 32bit or 64bit. please choose right version to download...not sure which version? download both of them and run them. Only the right version will run on your computer system.



·         Right click and run as administrator. When the tool opens click Yes to disclaimer.

·         Press Scan button.

·         A log file will be created, called (FRST.txt) it will be where the tool was run from.

·         Please copy and paste log in this post.

·         It also makes also another log on the first time is run called (Addition.txt). Please paste that into your next reply.

[IONx64]

Yes it came up to clean now and after ran i restart to finish a cleaning.

[Britec]

Cool glad you got it sorted.

Solved - Post Closed