Kovter Trojan In Firefox Patch Download

There is no such thing as urgent Firefox patches.

LNK_KOVTER.SM is yet another horrific Trojan virus that should be removed immediately form your PC. It has been programmed by vicious cyber criminals in order to perform several malicious activities in victimized computer remotely. When you see the Critical Firefox Update page, you may immediately notice a pop-up alongside it, asking you to download firefox-patch.js: This.js file is the infection file of the Kovter Trojan horse. The Kovter malware family has been plaguing systems for many years and seems to be restless. A new click-ad-fraud strain of fileless Kovter is currently being spread via drive-by download attacks. The infection is triggered by a legitimate Mozilla Firefox browser update pack (firefox-patch.exe). New Fileless Kovter Uses Legitimate Certificate. Kovter AdFraud Malware Updates Flash Plugin to Latest Version. The moves by this ad fraud Trojan is very much similar to a housebreaker climbing into the house through an opening, and then closing that opening to keep other housebreakers out. This is the reason behind Kovter updating Flash plugin to an up-to-date version.

  • Kovter malware masquerades as Firefox update Click-ad-fraud Kovter malware, packaged as a legitimate Firefox browser update, is being delivered to unsuspecting victims via drive-by-download attacks.
  • I and others are receiving a full screen popup window in Firefox (47.0.1) indicating that there is an emergency Firefox security patch that needs to be downloaded. The download window shows an address with a binary file typically in the mid 300k size. A search on whois shows the address to be bogus.
Trojan

This sounds like you encountered a site claiming to have what is a fake Firefox patch .exe. The fake updates exe can install things like trojans, viruses or unwanted software based on past reports.

The desktop Firefox is not just for Windows as it is for Mac OSX and Linux also so .exe would not be an effective way to send out Firefox updates. The updates are done internally in Firefox (with a .mar file) during automatic and check for updates or by download from mozilla.org like say www.mozilla.org/firefox/all/

Even if Mozilla were to use .exe for Firefox updates on Windows, they would be serving them from a *.mozilla.org url and not from random websites with weird names.

There was actually a 47.0.1 update on June 28https://www.mozilla.org/firefox/47.0.1/releasenotes/ however it is not a automatic update and will be for those who manually check for Firefox updates in Help or by download at mozilla.org or www.mozilla.org/firefox/all/


Report fake Firefox updates sites like this as 'distributing modified Firefox/malware' at https://www.mozilla.org/legal/fraud-report/ (url is at bottom of many mozilla.org sites) and Google may block if reported enough at https://www.google.com/safebrowsing/report_phish/ which can be accessed by Help > Report Web Forgery in Firefox.

A drive-by malware attack happened today on my pc screen. I was visiting a news website(Guardian), and all of the sudden got a Firefox update screen saying 'critical update'. And there was a file that automatically popped up on my screen to be downloaded. I did not download it and my MSE notified me about the attack, and that I don't have to do anything on my part. I checked the quarantine, and it said Trojan 32 Kovter. I removed that from quarantine. Then, I ran rKill, which didn't find anything. Then, I ran Malwarebytes, which didn't find anything, as well. It appears that there is no malware on my pc, but I just wanted to make sure that it is the case. Also, I deleted my history/downloads/cache for the past 1 hour prior to that, so the bad file/anything else is gone. I didn't write down the redirected website's URL, however, it was something weird(not firefox).

I am running Vista Enterprise 64-bit. One thing to note is that about 1 hour prior to the event described above, one of my family members was using another pc, and clicked on a phishing link. The site was blocked by Firefox and we navigated from it using 'Get me out of here' button, but perhaps the damage was done by that time. Maybe my pc has this problem because of the other pc incident(network hacked?) I ran a Malwarebytes scan on that pc as well, which didn't find any infections. This second pc is using Vista Business SP2 32-bit.

Symantec kovter removal tool download

Kovter Trojan In Firefox Patch Download Windows 7

Any help would be appreciated.

Kovter trojan in firefox patch download pc

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by Yarik (administrator) on TIGER (29-06-2016 18:40:58)
Running from D:DownloadsDownloads
Loaded Profiles: Yarik (Available Profiles: Yarik)
Platform: Windows Vista ™ Enterprise Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Processes (Whitelisted)
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:Program FilesMicrosoft Security ClientMsMpEng.exe
(AMD) C:WindowsSystem32atiesrxx.exe
(Microsoft Corporation) C:WindowsSystem32SLsvc.exe
(AMD) C:WindowsSystem32atieclxx.exe
() C:Program Files (x86)Common FilesAcronisSchedule2schedul2.exe
() C:Program Files (x86)Common FilesAcronisCDPafcdpsrv.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
(Acronis) C:Program Files (x86)Common FilesAcronisInfrastructuremms_mini.exe
(Microsoft Corporation) C:Program FilesMicrosoft Security ClientNisSrv.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe
(Microsoft Corporation) C:Program FilesMicrosoft Security Clientmsseces.exe
() C:Program Files (x86)Common FilesAcronisSchedule2schedhlp.exe
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
(Microsoft) C:Program Files (x86)USB 2.0 PC CAMERACamera Snap.exe
() C:Program Files (x86)AcronisTrueImageHomeTrueImageMonitor.exe
(Acronis International GmbH) C:Program Files (x86)Common FilesAcronisTibMounterTibMounterMonitor.exe
() C:Program Files (x86)Common FilesAcronisSyncAgentsyncagentsrv.exe
(Mozilla Corporation) C:Program Files (x86)Mozilla Firefoxfirefox.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Corporation) C:WindowsSysWOW64conime.exe
(Adobe Systems, Inc.) C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_22_0_0_192.exe
Registry (Whitelisted)
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...Run: [MSC] => C:Program FilesMicrosoft Security Clientmsseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM...Run: [Acronis Scheduler2 Service] => C:Program Files (x86)Common FilesAcronisSchedule2schedhlp.exe [562544 2016-04-26] ()
HKLM-x32...Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32...Run: [Snap] => C:Program Files (x86)USB 2.0 PC CAMERACamera Snap.exe [163840 2011-07-12] (Microsoft)
HKLM-x32...Run: [TrueImageMonitor.exe] => C:Program Files (x86)AcronisTrueImageHomeTrueImageMonitor.exe [7377424 2016-04-26] ()
HKLM-x32...Run: [AcronisTibMounterMonitor] => C:Program Files (x86)Common FilesAcronisTibMounterTibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH)
HKUS-1-5-21-2506397146-1836660899-412650222-1000...Run: [Skype] => C:Program Files (x86)SkypePhoneSkype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKUS-1-5-21-2506397146-1836660899-412650222-1000...MountPoints2: G - G:autorun.exe
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:Program Files (x86)AcronisTrueImageHometishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:Program Files (x86)AcronisTrueImageHometishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:Program Files (x86)AcronisTrueImageHometishell64.dll [2016-03-18] (Acronis)
CHR HKLMSOFTWAREPoliciesGoogle: Restriction < ATTENTION
Internet (Whitelisted)
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
TcpipParameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip..Interfaces{D9F22EF5-0D44-4459-BC1E-0624A8EAA8A2}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Internet Explorer:
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_pwrisofs_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtByE0EzztC0EtCzzzz0FyCyEyDzytN0D0Tzu0StCyDtAtAtN1L2XzutAtFtCyBtFtCyEtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0A0FzztB0D0CtGyDtCyEzztGyDyC0AyBtGtDtAyB0EtGyByB0ByCtAzz0EyCyBtDzytD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0ByCzyzztB0E0AtG0AyC0C0EtGyEtCtCzztG0B0B0AyDtGyEtBzy0E0CtAyCtA0DyDyD0D2QtN0A0LzuyE%26cr%3D1479602433%26a%3Djmb_pwrisofs_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BEnterprise
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_pwrisofs_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtByE0EzztC0EtCzzzz0FyCyEyDzytN0D0Tzu0StCyDtAtAtN1L2XzutAtFtCyBtFtCyEtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0A0FzztB0D0CtGyDtCyEzztGyDyC0AyBtGtDtAyB0EtGyByB0ByCtAzz0EyCyBtDzytD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0ByCzyzztB0E0AtG0AyC0C0EtGyEtCtCzztG0B0B0AyDtGyEtBzy0E0CtAyCtA0DyDyD0D2QtN0A0LzuyE%26cr%3D1479602433%26a%3Djmb_pwrisofs_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BEnterprise
HKUS-1-5-21-2506397146-1836660899-412650222-1000SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_pwrisofs_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtByE0EzztC0EtCzzzz0FyCyEyDzytN0D0Tzu0StCyDtAtAtN1L2XzutAtFtCyBtFtCyEtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0A0FzztB0D0CtGyDtCyEzztGyDyC0AyBtGtDtAyB0EtGyByB0ByCtAzz0EyCyBtDzytD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0ByCzyzztB0E0AtG0AyC0C0EtGyEtCtCzztG0B0B0AyDtGyEtBzy0E0CtAyCtA0DyDyD0D2QtN0A0LzuyE%26cr%3D1479602433%26a%3Djmb_pwrisofs_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BEnterprise
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKUS-1-5-21-2506397146-1836660899-412650222-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_91binssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_91binjp2ssv.dll [2016-04-20] (Oracle Corporation)
FireFox:
FF ProfilePath: C:UsersYarikAppDataRoamingMozillaFirefoxProfilesxlbnixsu.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_pwrisofs_16_10&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtByE0EzztC0EtCzzzz0FyCyEyDzytN0D0Tzu0StCyDtAtAtN1L2XzutAtFtCyBtFtCyEtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0A0FzztB0D0CtGyDtCyEzztGyDyC0AyBtGtDtAyB0EtGyByB0ByCtAzz0EyCyBtDzytD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0ByCzyzztB0E0AtG0AyC0C0EtGyEtCtCzztG0B0B0AyDtGyEtBzy0E0CtAyCtA0DyDyD0D2QtN0A0LzuyE%26cr%3D1479602433%26a%3Djmb_pwrisofs_16_10%26os_ver%3D6%26os%3DWindows%2B™%2BVista%2BEnterprise
FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:Program Files (x86)Javajre1.8.0_91bindtpluginnpDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:Program Files (x86)Javajre1.8.0_91binplugin2npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKUS-1-5-21-2506397146-1836660899-412650222-1000: @citrixonline.com/appdetectorplugin -> C:UsersYarikAppDataLocalCitrixPlugins104npappdetector.dll [2016-05-27] (Citrix Online)
FF Extension: Ant Video Downloader - C:UsersYarikAppDataRoamingMozillaFirefoxProfilesxlbnixsu.defaultextensionsanttoolbar@ant.com [2016-06-29]
FF HKLM-x32...FirefoxExtensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension [2016-03-06] [not signed]
Chrome:
CHR Profile: C:UsersYarikAppDataLocalGoogleChromeUser DataDefault
Services (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:Program Files (x86)Common FilesAcronisSchedule2schedul2.exe [1195840 2016-04-26] ()
R2 afcdpsrv; C:Program Files (x86)Common FilesAcronisCDPafcdpsrv.exe [4463592 2016-05-31] ()
R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mmsminisrv; C:Program Files (x86)Common FilesAcronisInfrastructuremms_mini.exe [4884064 2015-08-11] (Acronis)
R2 MsMpSvc; C:Program FilesMicrosoft Security ClientMsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:Program FilesMicrosoft Security ClientNisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 syncagentsrv; C:Program Files (x86)Common FilesAcronisSyncAgentsyncagentsrv.exe [9698296 2016-04-16] ()
S2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
Drivers (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 e1kexpress; C:WindowsSystem32DRIVERSe1k60x64.sys [279216 2010-04-06] (Intel Corporation)
R0 file_tracker; C:WindowsSystem32DRIVERSfile_tracker.sys [339800 2016-05-31] (Acronis International GmbH)
R3 MBAMProtector; C:Windowssystem32driversmbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [192216 2016-06-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:WindowsSystem32DRIVERSNisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R0 tib; C:WindowsSystem32DRIVERStib.sys [1267552 2016-05-31] (Acronis International GmbH)
R2 tib_mounter; C:WindowsSystem32DRIVERStib_mounter.sys [193376 2016-05-31] (Acronis International GmbH)
S3 tnd; C:WindowsSystem32DRIVERStnd.sys [601432 2016-05-31] (Acronis International GmbH)
S3 usbcamcl; C:WindowsSystem32DRIVERSusbcamcl.sys [62184 2011-12-08] (usb camera)
R2 virtual_file; C:WindowsSystem32DRIVERSvirtual_file.sys [279392 2016-05-31] (Acronis International GmbH)
S3 IpInIp; system32DRIVERSipinip.sys [X]
S3 NwlnkFlt; system32DRIVERSnwlnkflt.sys [X]
S3 NwlnkFwd; system32DRIVERSnwlnkfwd.sys [X]
NetSvcs (Whitelisted)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
One Month Created files and folders
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-29 18:40 - 2016-06-29 18:40 - 00000000 ____D C:FRST
2016-06-29 12:41 - 2016-06-29 12:42 - 00002210 _____ C:UsersYarikDesktopRkill.txt
2016-06-28 10:06 - 2016-06-29 08:36 - 00000000 ____D C:Program Files (x86)Mozilla Firefox
2016-06-28 06:11 - 2016-06-28 16:28 - 00000000 ____D C:UsersYarikDesktopIT facts
2016-06-15 22:12 - 2016-05-18 08:55 - 00391168 _____ (Microsoft Corporation) C:Windowssystem32gdi32.dll
2016-06-15 22:12 - 2016-05-18 08:34 - 00305152 _____ (Microsoft Corporation) C:WindowsSysWOW64gdi32.dll
2016-06-15 22:12 - 2016-05-14 08:54 - 00205824 _____ (Microsoft Corporation) C:Windowssystem32wdigest.dll
2016-06-15 22:12 - 2016-05-14 08:53 - 00017920 _____ (Microsoft Corporation) C:Windowssystem32netevent.dll
2016-06-15 22:12 - 2016-05-14 08:42 - 00077312 _____ (Microsoft Corporation) C:WindowsSysWOW64secur32.dll
2016-06-15 22:12 - 2016-05-14 08:41 - 00175616 _____ (Microsoft Corporation) C:WindowsSysWOW64wdigest.dll
2016-06-15 22:12 - 2016-05-14 08:41 - 00017920 _____ (Microsoft Corporation) C:WindowsSysWOW64netevent.dll
2016-06-15 22:12 - 2016-05-14 07:38 - 00450560 _____ (Microsoft Corporation) C:Windowssystem32Driverssrv.sys
2016-06-15 22:12 - 2016-05-14 07:38 - 00176128 _____ (Microsoft Corporation) C:Windowssystem32Driverssrv2.sys
2016-06-15 22:12 - 2016-05-14 07:38 - 00147456 _____ (Microsoft Corporation) C:Windowssystem32Driverssrvnet.sys
2016-06-15 22:12 - 2016-05-11 06:10 - 00516328 _____ (Microsoft Corporation) C:Windowssystem32Driversksecdd.sys
2016-06-15 22:09 - 2016-05-14 08:58 - 00383208 _____ (Adobe Systems Incorporated) C:Windowssystem32atmfd.dll
2016-06-15 22:09 - 2016-05-14 08:53 - 00048128 _____ (Adobe Systems) C:Windowssystem32atmlib.dll
2016-06-15 22:09 - 2016-05-14 08:47 - 00306408 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64atmfd.dll
2016-06-15 22:09 - 2016-05-14 08:41 - 00034304 _____ (Adobe Systems) C:WindowsSysWOW64atmlib.dll
2016-06-15 22:09 - 2016-05-12 07:45 - 02801664 _____ (Microsoft Corporation) C:Windowssystem32win32k.sys
2016-06-15 22:09 - 2016-05-12 07:39 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32tzres.dll
2016-06-15 22:09 - 2016-05-12 07:17 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64tzres.dll
2016-06-15 22:09 - 2016-05-10 08:55 - 00264704 _____ (Microsoft Corporation) C:Windowssystem32ws2_32.dll
2016-06-15 22:09 - 2016-05-10 08:54 - 00442880 _____ (Microsoft Corporation) C:Windowssystem32winhttp.dll
2016-06-15 22:09 - 2016-05-10 08:54 - 00304128 _____ (Microsoft Corporation) C:Windowssystem32mswsock.dll
2016-06-15 22:09 - 2016-05-10 08:31 - 00377344 _____ (Microsoft Corporation) C:WindowsSysWOW64winhttp.dll
2016-06-15 22:09 - 2016-05-10 08:31 - 00223232 _____ (Microsoft Corporation) C:WindowsSysWOW64mswsock.dll
2016-06-15 22:09 - 2016-05-10 08:31 - 00179200 _____ (Microsoft Corporation) C:WindowsSysWOW64ws2_32.dll
2016-06-15 22:09 - 2016-05-10 07:55 - 00248320 _____ (Microsoft Corporation) C:Windowssystem32Driversnetbt.sys
2016-06-15 22:09 - 2016-05-10 07:55 - 00024064 _____ (Microsoft Corporation) C:Windowssystem32netbtugc.exe
2016-06-15 22:09 - 2016-05-10 07:28 - 00021504 _____ (Microsoft Corporation) C:WindowsSysWOW64netbtugc.exe
2016-06-15 22:08 - 2016-05-12 08:56 - 00726016 _____ (Microsoft Corporation) C:Windowssystem32gpsvc.dll
2016-06-15 22:08 - 2016-05-12 08:56 - 00534528 _____ (Microsoft Corporation) C:Windowssystem32IPSECSVC.DLL
2016-06-15 22:08 - 2016-05-12 08:56 - 00381952 _____ (Microsoft Corporation) C:Windowssystem32polstore.dll
2016-06-15 22:08 - 2016-05-12 08:56 - 00100864 _____ (Microsoft Corporation) C:Windowssystem32winipsec.dll
2016-06-15 22:08 - 2016-05-12 08:56 - 00084480 _____ (Microsoft Corporation) C:Windowssystem32gpapi.dll
2016-06-15 22:08 - 2016-05-12 08:56 - 00050176 _____ (Microsoft Corporation) C:Windowssystem32FwRemoteSvr.dll
2016-06-15 22:08 - 2016-05-12 08:56 - 00030720 _____ (Microsoft Corporation) C:Windowssystem32gpscript.dll
2016-06-15 22:08 - 2016-05-12 08:34 - 00273920 _____ (Microsoft Corporation) C:WindowsSysWOW64polstore.dll
2016-06-15 22:08 - 2016-05-12 08:34 - 00061440 _____ (Microsoft Corporation) C:WindowsSysWOW64winipsec.dll
2016-06-15 22:08 - 2016-05-12 08:34 - 00028672 _____ (Microsoft Corporation) C:WindowsSysWOW64gpscript.dll
2016-06-15 22:08 - 2016-05-12 08:33 - 00075264 _____ (Microsoft Corporation) C:WindowsSysWOW64gpapi.dll
2016-06-15 22:08 - 2016-05-12 08:33 - 00028672 _____ (Microsoft Corporation) C:WindowsSysWOW64FwRemoteSvr.dll
2016-06-15 22:08 - 2016-05-12 07:48 - 00025088 _____ (Microsoft Corporation) C:Windowssystem32gpscript.exe
2016-06-15 22:08 - 2016-05-12 07:23 - 00024064 _____ (Microsoft Corporation) C:WindowsSysWOW64gpscript.exe
2016-06-15 12:54 - 2016-05-12 12:52 - 18804224 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll
2016-06-15 12:54 - 2016-05-12 12:49 - 02351616 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll
2016-06-15 12:54 - 2016-05-12 12:46 - 00448512 _____ (Microsoft Corporation) C:Windowssystem32html.iec
2016-06-15 12:54 - 2016-05-12 12:45 - 10940416 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll
2016-06-15 12:54 - 2016-05-12 12:44 - 01389056 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll
2016-06-15 12:54 - 2016-05-12 12:43 - 01392640 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 02159104 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 01494528 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl
2016-06-15 12:54 - 2016-05-12 12:42 - 00816640 _____ (Microsoft Corporation) C:Windowssystem32jscript.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00729088 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00579584 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00452608 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00281600 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00248320 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00237056 _____ (Microsoft Corporation) C:Windowssystem32url.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00173568 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe
2016-06-15 12:54 - 2016-05-12 12:42 - 00096256 _____ (Microsoft Corporation) C:Windowssystem32mshtmled.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00086016 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00055296 _____ (Microsoft Corporation) C:Windowssystem32msfeedsbs.dll
2016-06-15 12:54 - 2016-05-12 12:42 - 00012800 _____ (Microsoft Corporation) C:Windowssystem32mshta.exe
2016-06-15 12:54 - 2016-05-12 12:41 - 02382848 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2016-06-15 12:54 - 2016-05-12 12:11 - 01815552 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll
2016-06-15 12:54 - 2016-05-12 12:10 - 12840960 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll
2016-06-15 12:54 - 2016-05-12 12:08 - 00367616 _____ (Microsoft Corporation) C:WindowsSysWOW64html.iec
2016-06-15 12:54 - 2016-05-12 12:06 - 09755136 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll
2016-06-15 12:54 - 2016-05-12 12:06 - 01140224 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll
2016-06-15 12:54 - 2016-05-12 12:05 - 01129984 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll
2016-06-15 12:54 - 2016-05-12 12:04 - 01804800 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll
2016-06-15 12:54 - 2016-05-12 12:04 - 01427968 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl
2016-06-15 12:54 - 2016-05-12 12:04 - 00719360 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript.dll
2016-06-15 12:54 - 2016-05-12 12:04 - 00607744 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll
2016-06-15 12:54 - 2016-05-12 12:04 - 00425472 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll
2016-06-15 12:54 - 2016-05-12 12:04 - 00231936 _____ (Microsoft Corporation) C:WindowsSysWOW64url.dll
2016-06-15 12:54 - 2016-05-12 12:04 - 00142848 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe
2016-06-15 12:54 - 2016-05-12 12:04 - 00065536 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll
2016-06-15 12:54 - 2016-05-12 12:04 - 00041472 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeedsbs.dll
2016-06-15 12:54 - 2016-05-12 12:03 - 02382848 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb
2016-06-15 12:54 - 2016-05-12 12:03 - 00354304 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll
2016-06-15 12:54 - 2016-05-12 12:03 - 00223744 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll
2016-06-15 12:54 - 2016-05-12 12:03 - 00176640 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll
2016-06-15 12:54 - 2016-05-12 12:03 - 00072704 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll
2016-06-15 12:54 - 2016-05-12 12:03 - 00011776 _____ (Microsoft Corporation) C:WindowsSysWOW64mshta.exe
2016-06-15 12:53 - 2016-05-12 12:42 - 00011264 _____ (Microsoft Corporation) C:Windowssystem32msfeedssync.exe
2016-06-15 12:53 - 2016-05-12 12:03 - 00010752 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeedssync.exe
2016-06-10 11:28 - 2016-06-10 12:24 - 00000000 ____D C:UsersYarikDesktopa
2016-06-07 18:37 - 2016-06-07 18:37 - 00000000 ____D C:Windowssystem32appmgmt
2016-06-07 09:23 - 2016-06-29 08:36 - 00000000 ____D C:UsersYarikAppDataRoamingSkype
2016-06-07 09:22 - 2016-06-07 09:22 - 00003054 _____ C:WindowsSystem32Tasks{F12E1299-8E7A-4079-8FAB-B51C54716F1E}
2016-06-07 09:22 - 2016-06-07 09:22 - 00001890 _____ C:UsersPublicDesktopSkype.lnk
2016-06-07 09:22 - 2016-06-07 09:22 - 00000000 ___RD C:Program Files (x86)Skype
2016-06-07 09:22 - 2016-06-07 09:22 - 00000000 ____D C:ProgramDataSkype
2016-06-07 09:22 - 2016-06-07 09:22 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype
2016-05-31 14:57 - 2016-05-31 14:57 - 00601432 _____ (Acronis International GmbH) C:Windowssystem32Driverstnd.sys
2016-05-31 14:57 - 2016-05-31 14:57 - 00279392 _____ (Acronis International GmbH) C:Windowssystem32Driversvirtual_file.sys
2016-05-31 14:57 - 2016-05-31 14:57 - 00193376 _____ (Acronis International GmbH) C:Windowssystem32Driverstib_mounter.sys
2016-05-31 14:57 - 2016-05-31 14:57 - 00001058 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcronis True Image.lnk
2016-05-31 14:57 - 2016-05-31 14:57 - 00001046 _____ C:UsersPublicDesktopAcronis True Image.lnk
2016-05-31 14:29 - 2016-05-31 15:04 - 00000000 ____D C:ProgramDataAcronis
2016-05-31 14:29 - 2016-05-31 14:57 - 00339800 _____ (Acronis International GmbH) C:Windowssystem32Driversfile_tracker.sys
2016-05-31 14:29 - 2016-05-31 14:29 - 00000000 ____D C:UsersYarikAppDataRoamingAcronis
2016-05-31 14:28 - 2016-05-31 14:57 - 01267552 _____ (Acronis International GmbH) C:Windowssystem32Driverstib.sys
2016-05-31 14:28 - 2016-05-31 14:57 - 00340312 _____ (Acronis International GmbH) C:Windowssystem32Driverssnapman.sys
2016-05-31 14:28 - 2016-05-31 14:57 - 00163160 _____ (Acronis International GmbH) C:Windowssystem32Driversfltsrv.sys
2016-05-31 14:28 - 2016-05-31 14:28 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAcronis
2016-05-31 14:28 - 2016-05-31 14:28 - 00000000 ____D C:Program Files (x86)Acronis
One Month Modified files and folders
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-29 17:51 - 2006-11-02 08:21 - 00002704 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-29 17:51 - 2006-11-02 08:21 - 00002704 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-29 17:50 - 2016-03-12 05:07 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job
2016-06-29 17:10 - 2016-03-06 14:53 - 00192216 _____ (Malwarebytes) C:Windowssystem32DriversMBAMSwissArmy.sys
2016-06-29 08:38 - 2006-11-02 06:33 - 00000000 ____D C:Windowsinf
2016-06-29 08:38 - 2006-11-02 05:46 - 00758370 _____ C:Windowssystem32PerfStringBackup.INI
2016-06-29 08:36 - 2016-03-06 10:46 - 00000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2016-06-29 08:31 - 2006-11-02 08:40 - 00000006 ____H C:WindowsTasksSA.DAT
2016-06-28 21:39 - 2006-11-02 08:40 - 00032588 _____ C:WindowsTasksSCHEDLGU.TXT
2016-06-17 08:50 - 2016-03-12 05:07 - 00796352 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe
2016-06-17 08:50 - 2016-03-12 05:07 - 00142528 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl
2016-06-17 08:50 - 2016-03-12 05:07 - 00003682 _____ C:WindowsSystem32TasksAdobe Flash Player Updater
2016-06-16 08:11 - 2006-11-02 06:33 - 00000000 ____D C:Windowsrescache
2016-06-16 07:55 - 2006-11-02 08:21 - 00296784 _____ C:Windowssystem32FNTCACHE.DAT
2016-06-15 22:12 - 2016-03-06 09:46 - 00000000 ____D C:Windowssystem32MRT
2016-06-15 22:10 - 2006-11-02 05:35 - 142482544 _____ (Microsoft Corporation) C:Windowssystem32mrt.exe
2016-06-15 13:40 - 2016-03-06 08:16 - 00484008 ____N (Microsoft Corporation) C:Windowssystem32MpSigStub.exe
2016-06-07 18:38 - 2016-05-27 12:35 - 00000000 ____D C:UsersYarikAppDataLocalCitrix
2016-06-03 20:04 - 2016-03-06 14:57 - 00000000 ____D C:UsersYarikDesktopFin
Files in the root of some directories
2016-03-05 20:47 - 2016-03-06 08:12 - 0000732 _____ () C:UsersYarikAppDataLocald3d9caps64.dat
2016-03-25 03:49 - 2016-05-28 17:32 - 0185856 _____ () C:UsersYarikAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-13 11:43 - 2016-03-13 11:43 - 0224165 _____ () C:UsersYarikAppDataLocaldd_depcheck_VS_VSTD_100.txt
2016-03-13 11:43 - 2016-03-13 11:43 - 0000002 _____ () C:UsersYarikAppDataLocaldd_error_vs_vstdcore_100.txt
2016-03-13 11:43 - 2016-03-13 11:48 - 0193498 _____ () C:UsersYarikAppDataLocaldd_install_vs_vstdcore_100.txt
2016-05-27 10:48 - 2016-05-27 10:48 - 0417216 _____ () C:UsersYarikAppDataLocaldd_vcredistMSI57B6.txt
2016-05-27 10:48 - 2016-05-27 10:48 - 0011382 _____ () C:UsersYarikAppDataLocaldd_vcredistUI57B6.txt
2016-03-13 11:43 - 2016-03-13 11:48 - 0002550 _____ () C:UsersYarikAppDataLocaluxeventlog.txt
Bamital & volsnap
(There is no automatic fix for files that do not pass verification.)
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:WindowsSysWOW64wininit.exe => File is digitally signed
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:WindowsSysWOW64dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed
LastRegBack: 2016-06-29 08:38
End of FRST.txt

What Is Firefox Patch Download


Trojan Kovter Removal Tool

Edited by Hedgehog83, 29 June 2016 - 08:46 PM.