Have i to be concerned with Emsisoft protection?

Discussion in 'other anti-malware software' started by mimuweb, Mar 4, 2014.

Thread Status:
Not open for further replies.
  1. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    Hello guys. Actually my security setup is Emsisoft Antimalware as antivirus and browsing with Chrome and Adblock Plus lists. I thought it was enough... but yesterday i ran Hitman Pro in my PC and got this:

    Malware _____________________________________________________________________

    C:\Users\Miguel Angel\AppData\Local\genienext\nengine.dll
    Size . . . . . . . : 1.283.584 bytes
    Age . . . . . . . : 69.2 days (2013-12-22 16:34:24)
    Entropy . . . . . : 6.7
    SHA-256 . . . . . : 63EB9F4A508FD03CC44DB0B761FAF5986CC8A7C9947ADFD957D1A28FB956DDBC
    Product . . . . . : nengine
    Publisher . . . . : NewNextDotMe
    Description . . . : NewNext Helper Engine
    Version . . . . . : 0.3.2.0
    Copyright . . . . : Copyright (C) 2013
    > Bitdefender . . . : Adware.NewNextMe.A
    > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ahgx
    Fuzzy . . . . . . : 100.0


    Suspicious files ____________________________________________________________

    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    Size . . . . . . . : 576.000 bytes
    Age . . . . . . . : 254.2 days (2013-06-20 15:09:12)
    Entropy . . . . . : 7.9
    SHA-256 . . . . . : E8F100A8BF30CB101088E6E5BAFF9FF472976691B9BBF70BE324A75635D4D451
    Product . . . . . : MagicDisc
    Publisher . . . . : MagicISO, Inc.
    Description . . . : MagicISO Virtual CD/DVD Manager
    Version . . . . . : 2.7.0.106
    Copyright . . . . : MagicISO, Inc.
    Gossip . . . . . . : MagicDisc
    Parent Name . . . : C:\Windows\explorer.exe
    Running processes : 2480
    Fuzzy . . . . . . : 22.0
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    Uses the Startup folder in the Start Menu to run each time the user logs on.
    Program is running but currently exposes no human-computer interface (GUI).
    Program starts automatically without user intervention.
    Program contains PE structure anomalies. This is not typical for most programs.
    The file is in use by one or more active processes.
    Startup
    C:\Users\Miguel Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    References
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\MagicDisc.lnk
    HKU\S-1-5-21-2720623941-3395672411-321681186-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files (x86)\MagicDisc\MagicDisc.exe


    Potential Unwanted Programs _________________________________________________

    C:\ProgramData\WPM\ (NationZoom)
    C:\ProgramData\WPM\update\ (NationZoom)
    C:\ProgramData\WPM\update\conf (NationZoom)
    C:\Users\Miguel Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage (iPumper)
    C:\Users\Miguel Angel\AppData\Local\Mobogenie\ (Rocketfuel)
    C:\Users\Miguel Angel\AppData\Local\Mobogenie\client.time (Rocketfuel)
    C:\Users\Miguel Angel\AppData\Local\Mobogenie\Data\ (Rocketfuel)
    C:\Users\Miguel Angel\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg (Rocketfuel)
    C:\Users\Miguel Angel\AppData\Local\Mobogenie\driverresult.log (Rocketfuel)
    C:\Users\Miguel Angel\AppData\Local\Mobogenie\mobo.uuid (Rocketfuel)
    C:\Users\Miguel Angel\AppData\Local\Mobogenie\Source.mu (Rocketfuel)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd\ (Rocketfuel)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
    HKLM\SOFTWARE\Wow6432Node\Conduit\ (Rocketfuel)
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd\ (Rocketfuel)
    HKLM\SOFTWARE\Wow6432Node\supWPM\ (NationZoom)

    Cookies _____________________________________________________________________

    C:\Users\Miguel Angel\AppData\Roaming\Microsoft\Windows\Cookies\GH0UF4BK.txt
    C:\Users\Miguel Angel\AppData\Roaming\Microsoft\Windows\Cookies\GTRL6MZV.txt
    C:\Users\Miguel Angel\AppData\Roaming\Mozilla\Firefox\Profiles\62qtd1v8.default\cookies.sqlite:doubleclick.net


    I know MagicISO it's a legit program, so no problem here... but what is genienext\nengine.dll? why Emsisoft has been bypassed? Am i really safe or i need to improve my security setup?

    Thanks
     
  2. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    787
    Do you have PUP detection activated?

    http://i.imgur.com/IeVdfdC.png


    Emsisoft should detect all this stuff (Bitdefender engine /Adware.NewNextMe.A)
     
  3. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    Bingo! I have "No detection" for PUP. I set "Notify".

    Thanks a lot ;)
     
  4. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    773
    Location:
    MICHIGAN,USA
    Scan again did it help?
     
  5. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    Well, i had removed PUP with HitmanPro and ADWcleaner previously...
     
Loading...
Thread Status:
Not open for further replies.