[ti]SOLVED[/ti]infected by Trojan.kotver!gm2

dbrisen
Malware Removalists

Posts: 3,688

[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 29, 2016 18:33:11 GMT -8

Post by dbrisen on Oct 29, 2016 18:33:11 GMT -8

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google+ Auto Backup

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Reboot the system after the uninstall and run Malwarebytes AntiRootkit once again. Does the Kotver trojan return after that?

I will not provide malware removal by PM; please post in your thread on the Malware Removal board.
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

fjinmotion New Helpee Posts: 25	[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 30, 2016 6:00:34 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by fjinmotion on Oct 30, 2016 6:00:34 GMT -8 Google + Autobackup is not listed.

dbrisen
Malware Removalists

Posts: 3,688

[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 30, 2016 11:11:27 GMT -8

Post by dbrisen on Oct 30, 2016 11:11:27 GMT -8

Ok, we'll go the manual route.

[/b] to disclaimer.
Type Google+ Auto Backup into the Search Box.
Press the Search Files button.
It will produce a log called search.txt in the same directory the tool is run from.
Please attach the log back here.
[/ul]

[/b] to disclaimer.
Type Google+ Auto Backup into the Search Box.
Press the Search Registry button.
It will produce a log called searchReg.txt in the same directory the tool is run from.
Please attach the log back here.
[/ul]

I will not provide malware removal by PM; please post in your thread on the Malware Removal board.
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

fjinmotion New Helpee Posts: 25	[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 30, 2016 16:41:29 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by fjinmotion on Oct 30, 2016 16:41:29 GMT -8 Search.txt (245 B)

dbrisen Malware Removalists Posts: 3,688	[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 30, 2016 20:32:55 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by dbrisen on Oct 30, 2016 20:32:55 GMT -8 SearchReg.txt ?
	I will not provide malware removal by PM; please post in your thread on the Malware Removal board. My help is always free but if you would like to help encourage me or show your thanks -----> *DONATE*

fjinmotion New Helpee Posts: 25	[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 31, 2016 5:18:39 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by fjinmotion on Oct 31, 2016 5:18:39 GMT -8 Search.txt (238 B)

fjinmotion New Helpee Posts: 25	[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 31, 2016 20:27:26 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by fjinmotion on Oct 31, 2016 20:27:26 GMT -8 SearchReg.txt (247 B)

dbrisen
Malware Removalists

Posts: 3,688

[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Oct 31, 2016 21:31:31 GMT -8

Post by dbrisen on Oct 31, 2016 21:31:31 GMT -8

Hmm, will have to remove the entry from the Loaded Programs registry later.

Go to Emsisoft and download the Emsisoft Free Emergency Kit from here.

Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
Once the scanner loads, allow it check for updates.
When the updates are finished, click the BACK button to return to the main menu.
Click on the SCAN and select Malware Scan to start scanning your system. Please enable the PUP detection option, if it asks.
If the scan finds anything, it will open a scan finding window. Please click on View Report; copy this report and paste it here in reply post.
Please close the Emergency Kit Scanner program now.

I will not provide malware removal by PM; please post in your thread on the Malware Removal board.
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

fjinmotion New Helpee Posts: 25	[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Nov 1, 2016 6:10:59 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by fjinmotion on Nov 1, 2016 6:10:59 GMT -8 No suspicious files detected during the scan.

dbrisen Malware Removalists Posts: 3,688	[ti]SOLVED[/ti]infected by Trojan.kotver!gm2 Nov 1, 2016 22:19:55 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by dbrisen on Nov 1, 2016 22:19:55 GMT -8 Is Norton still finding Kotver?
	I will not provide malware removal by PM; please post in your thread on the Malware Removal board. My help is always free but if you would like to help encourage me or show your thanks -----> *DONATE*

[ti]SOLVED[/ti]infected by Trojan.kotver!gm2

Post by dbrisen on Oct 29, 2016 18:33:11 GMT -8

Post by fjinmotion on Oct 30, 2016 6:00:34 GMT -8

Post by dbrisen on Oct 30, 2016 11:11:27 GMT -8

Post by fjinmotion on Oct 30, 2016 16:41:29 GMT -8

Post by dbrisen on Oct 30, 2016 20:32:55 GMT -8

Post by fjinmotion on Oct 31, 2016 5:18:39 GMT -8

Post by fjinmotion on Oct 31, 2016 20:27:26 GMT -8

Post by dbrisen on Oct 31, 2016 21:31:31 GMT -8

Post by fjinmotion on Nov 1, 2016 6:10:59 GMT -8

Post by dbrisen on Nov 1, 2016 22:19:55 GMT -8