Jump to content
Sign in to follow this  
Buzz

Gen Nullo (short) Trojan Infection

Recommended Posts

Hello

 

Newbie here:

 

Over the past few months I have acquired a virus and a couple of Trojans (quarantined and deleted).

 

The latest one is in the title, i.e. Gen Nullo (Short).  I discovered it earlier today running SAS (free version) and have quarantined it. It may have been on the PC some time (a date in early Dec?).

 

Altough I have not seen any specific changes lately, although I had noticed IE seems to take longer to load the google (home page for me).d pop ups are maybe a little worse.

 

Basically I no longer trust my PC is clean and I would like to make sure it is.

 

Does anyone have any suggestions to check this?

 

I have MBAM and SA that I run periodically.  I also have CCleaner but have not tried this as it was a bit techy and I need to check what settings do.

 

PC is IBM Win 7

 

Not sure what other info you may need but am happy to provide what you ask for.

 

Skill level is novice. Not a beginner but not used to dealing with this kind of thing and sending logs etc so a step by step if possible would assist me.

 

Thanks in anticipation

 

Buzz

 

 

Share this post


Link to post
Share on other sites

Guilty Spark

 

Thanks for responding, sorry for the delay in replying.

 

I have since run several scans using SAS, MBAM and AVAST, nothing picked up so far except the usual cookies. Realising my security is a bit lax i have downloaded Firefox and set a no cookies policy and to save downloads rather than run them in an attempt to avoid a repetition.

 

Here is the log as requested.

 

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 01/13/2014 at 03:35 PM

Application Version : 5.7.1016

Core Rules Database Version : 10974
Trace Rules Database Version: 8786

Scan type       : Complete Scan
Total Scan Time : 00:13:56

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 649
Memory threats detected   : 0
Registry items scanned    : 36456
Registry threats detected : 0
File items scanned        : 29301
File threats detected     : 74

Adware.Tracking Cookie
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q1RHXD9Z.txt [ /mediaplex.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\W7RHZPEI.txt [ /adtech.de ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\SBIWO8KQ.txt [ /imrworldwide.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\4KLHUDZV.txt [ /ww251.smartadserver.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\1E593679.txt [ /tacoda.at.atwola.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PWIEJ8U.txt [ /uk.sitestat.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\AMDK5JQT.txt [ /invitemedia.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDV0MMUZ.txt [ /uk.sitestat.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\90J8WPWC.txt [ /statse.webtrendslive.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\T028D4F1.txt [ /media6degrees.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9TLIC5O.txt [ /atdmt.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\EI025Q0E.txt [ /track.adform.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\8MOUPWBA.txt [ /247realmedia.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\GT8AGCWO.txt [ /statcounter.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\MPUABY6H.txt [ /ad.360yield.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPPRZU27.txt [ /uk.at.atwola.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\BPXDN1ET.txt [ /clickfuse.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\4IZWPKJ9.txt [ /lucidmedia.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\UB1I8NBX.txt [ /ads.undertone.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\NYSGA8G1.txt [ /collective-media.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\CQQLMD9C.txt [ /ads1.solocpm.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVPHPGXE.txt [ /ru4.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8HI4C1A.txt [ /demandmedia.trc.taboola.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\JF6553V0.txt [ /imrworldwide.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\61KTV70A.txt [ /questionmarket.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8LSPZGU.txt [ /pro-market.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\KUUS6M2L.txt [ /adfarm1.adition.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\3D0NSG9H.txt [ /advertising.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\TIW3FDPV.txt [ /adform.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\RARLFD1G.txt [ /zedo.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\JIKGWEL3.txt [ /serving-sys.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\W97DFOAC.txt [ /ad2.adfarm1.adition.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\8J8PA3JU.txt [ /kontera.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\4KGSW9QZ.txt [ /bs.serving-sys.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\205ZR4I1.txt [ /atwola.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8U1R01M.txt [ /fastclick.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPR6BZ7K.txt [ /pcworldcommunication.122.2o7.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z422Q9HL.txt [ /server.adformdsp.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\DMD7KN6O.txt [ /smartadserver.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\7BJ8EI40.txt [ /casalemedia.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUJ6V0KF.txt [ /tribalfusion.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\4K5XMGNA.txt [ /virginmedia.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\LPTFGCAW.txt [ /revsci.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\L85P95NR.txt [ /yellgroup.122.2o7.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\5D37M9E8.txt [ /ewstv.112.2o7.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\UXG7EMKL.txt [ /tracking.dc-storm.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\63UEI7UZ.txt [ /ads.yahoo.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\BR9AS9XI.txt [ /dennispublishing.112.2o7.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\GIDAW2WR.txt [ /amazon-adsystem.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\81W8ZLEO.txt [ /accounts.google.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KHAMTSL.txt [ /in.getclicky.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\IPA2G8ZE.txt [ /ar.atwola.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVVM7H1X.txt [ /demandmedia.trc.taboola.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y906B1X2.txt [ /dmtracker.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMTRI4RL.txt [ /specificclick.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\BKE3WZWM.txt [ /ads.pubmatic.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\PB5DFDRJ.txt [ /lo.marketer.lpsnmedia.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\QT9HUBPJ.txt [ /adformdsp.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\KX7BNTN5.txt [ /doubleclick.net ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\J67VTK31.txt [ /adtech.which.co.uk ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\046SPANS.txt [ /at.atwola.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\ELKBQFFO.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\GLHI3Z8W.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\FO7Y2HXG.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYCZIBOM.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLBF31FG.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\5S4EXFK9.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FOOGOSQ.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\6NLV1KTA.txt [ /www.googleadservices.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2LH41NU.txt [ /insightexpressai.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\3OZ484BY.txt [ /uk.sitestat.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\UAV5LO76.txt [ /adtechus.com ]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\KIGBIKLE.txt [ /2o7.net ]

Trojan.Agent/Gen-Nullo[short]
    C:\USERS\USER\DOWNLOADS\INSTALLCONVERTER_BRIE.EXE
 

 

Cheers

 

Buzz

Share this post


Link to post
Share on other sites

Install converter is a part of the Conduit family, Conduit is considered (and rightfully so) to be a PUP (Potentially Unwanted Program) they tend to come with all kinds of bundled adware and general rubbish.

 

It looks to be located in your downloads folder so if you have not used this installer i.e. opened and run it then it shouldn't be a major issue, instaed just let SAS remove the file if it hasn't already.

 

If however you have run the installer then to clean things up you should download and run adwcleaner after it has finished it will show a txt log of things that are not relevant and could harm your system, select Delete and it will remove all the trace remnants that may have embedded themselves into your registry and system files laying dormant until activated.

 

If you are unsure of the files it discovers you can always post the outcome here :)

Share this post


Link to post
Share on other sites

Did that thanks..

 

It detected several Key Registry items and google/firefox default profiles.  I backed up the profiles in case of issues and from web info checked if it was ok to clean the keys. I think the profiles may have been saved to the Adwcleaner folder anyway though?

 

For info the log is below.  I will keep an eye out for any re-occurences or other issues - fingers crossed!

 

Going forward i will hunt down some good security articles and implement a range of secrity protocols - VPN sounds prising.

 

Thanks again.

 

Adwcleaner Log:

 

# AdwCleaner v3.017 - Report created 17/01/2014 at 00:05:28
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cpu-z_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cpu-z_RASMANCS
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xvl70b8u.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1323 octets] - [16/01/2014 23:18:02]
AdwCleaner[s0].txt - [1260 octets] - [17/01/2014 00:05:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1320 octets] ##########

Share this post


Link to post
Share on other sites

Its fine to delete all of those, the browser profiles have been selected because of the remnants that are created when downloading/installing those PUPs and in turn create adverts/pop ups etc but dont worry as the profiles are recreated PUP free.

 

Glad you got things running again ;)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...