1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Remove Trojan Kovter

Discussion in 'Virus & Other Malware Removal' started by BunniG, Jan 16, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. BunniG

    BunniG Thread Starter

    Joined:
    May 11, 2017
    Messages:
    85
    I scanned my computer with Malwarebytes Free version. It identified and quarantined Trojan.Kovter. Do I need to do more to ensure it's removed from my system? Please advise.

    Susan
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  3. BunniG

    BunniG Thread Starter

    Joined:
    May 11, 2017
    Messages:
    85
    Hi,

    Here's the MBAM log showing where the Kovter was found. What are those PUP files?

    Susan



    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/15/19
    Scan Time: 10:56 PM
    Log File: 09d01a8a-194b-11e9-a269-90e6ba32f965.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.508
    Update Package Version: 1.0.8808
    License: Free

    -System Information-
    OS: Windows 10 (Build 17134.523)
    CPU: x64
    File System: NTFS
    User: GRAYECONSULTING\Susan Graye

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 534789
    Threats Detected: 6
    Threats Quarantined: 6
    Time Elapsed: 24 min, 0 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 1
    PUP.Optional.InstallCore, HKU\S-1-5-21-2703550140-420306615-3034187051-1000\SOFTWARE\CSASTATS\ic, Quarantined, [419], [586068],1.0.8808

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 5
    Trojan.Kovter, C:\USERS\SUSAN GRAYE\DOWNLOADS\FIREFOX-PATCH.JS, Quarantined, [6202], [444098],1.0.8808
    PUP.Optional.FusionCore, C:\USERS\SUSAN GRAYE\DOWNLOADS\FILEZILLA_3.39.0_WIN64-SETUP_BUNDLED.EXE, Quarantined, [7743], [608779],1.0.8808
    PUP.Optional.Babylon, C:\USERS\SUSAN GRAYE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [342], [455059],1.0.8808
    PUP.Optional.Babylon, C:\USERS\SUSAN GRAYE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [342], [455059],1.0.8808
    PUP.Optional.Babylon, C:\USERS\SUSAN GRAYE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [342], [455059],1.0.8808

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I wouldn't worry, it looks like MalwareBytes got it all
    The Js file identified as Kovter was the downloader for it. The last time that was seen spreading was about 18 months ago, so it has probably been sitting in your download folder since then
    You can safely ignore the PUP detections
     
  5. BunniG

    BunniG Thread Starter

    Joined:
    May 11, 2017
    Messages:
    85
    Thank you for your support.

    Bunni
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1221938

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice