Cannot remove FindWilde

CyberDrone · Dec 26, 2014

I managed to cut the number of FindWide traces to 24.

http://i.imgur.com/74JqMhw.png

http://i.imgur.com/MXUBos2.png

Code:

HitmanPro 3.7.9.232
www.hitmanpro.com

  Computer name . . . . : ????
  Windows . . . . . . . : 6.3.0.9600.X64/4
  User name . . . . . . : CyberDrone
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Paid (78 days left)

  Scan date . . . . . . : 2014-12-26 19:08:07
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 4m 55s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 24
  Traces  . . . . . . . : 24

  Objects scanned . . . : 1,672,935
  Files scanned . . . . : 29,100
  Remnants scanned  . . : 566,867 files / 1,076,968 keys

Malware remnants ____________________________________________________________

  HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide)
  HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide)

zapjb · Dec 26, 2014

When removal is attempted within the infected/affected OS the Virus/PUP/etc quite often replicates & hides itself.

When removal is attempted outside the infected/affected OS (like using a Linux LiveCD) the Virus/PUP/etc cannot replicate.

CyberDrone · Dec 26, 2014

Hitman pro just did an automatic scan at start up, and those malware traces were all gone. So I did a manual scan to make sure, and those malware traces are back again. What gives

zapjb · Dec 26, 2014

It's replicating itself & or has hooks.

DX2 · Dec 26, 2014

Maybe in system restore also? I've had that happen before..

zapjb · Dec 26, 2014

DX2 said: ↑

Boot into safe mode or scan with Kaspersky rescue disk..
Click to expand...

I'm with you outside the OS is the way.

CyberDrone · Jan 2, 2015

After 2 weeks I finally got rid of FindWide I completely uninstalled Kaspersky and did 3 consecutive scans with Hitman Pro (with a reboot
in between) and the scan results were all clean.

I then did the same with Kaspersky installed and all 3 scans were all clean.

Thanks everyone for your help and suggestions.

Cheers!

ps: I have now installed Unchecky!

erikloman · Jan 2, 2015

CyberDrone said: ↑

Hitman pro just did an automatic scan at start up, and those malware traces were all gone. So I did a manual scan to make sure, and those malware traces are back again. What gives
Click to expand...

The scan at startup is a quick scan while the manual scan is a regular scan. The quick scan doesn't perform the remnant scan.

CyberDrone · Jan 2, 2015

OK, thanks for letting me know!

siljaline · Jan 4, 2015

Good that the findings were a positive result.

siljaline · Jan 5, 2015

DX2 said: ↑

Maybe in system restore also? I've had that happen before..
Click to expand...

Under a malware infection - always assume the system restore archive is infected.
Until the infected device | PC is cleaned; system restore should not be used.

Log in or Sign up

Cannot remove FindWilde

CyberDrone Registered Member

zapjb Registered Member

CyberDrone Registered Member

zapjb Registered Member

DX2 Guest

zapjb Registered Member

CyberDrone Registered Member

Attached Files:

HitmanPro-clean-scan.png

erikloman Developer

CyberDrone Registered Member

siljaline Registered Member

siljaline Registered Member

Log in or Sign up

Cannot remove FindWilde

CyberDrone Registered Member

zapjb Registered Member

CyberDrone Registered Member

zapjb Registered Member

DX2 Guest

zapjb Registered Member

CyberDrone Registered Member

Attached Files:

HitmanPro-clean-scan.png

erikloman Developer

CyberDrone Registered Member

siljaline Registered Member

siljaline Registered Member

Useful Searches