Double-click mbam-setup-2.exe and follow the prompts to install the program.If not existing, please download Malwarebytes Anti-Malware to your desktop.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.įull System Scan with Malwarebytes Antimalware Refering to the picture above, drag CFScript into ComboFix.exe Download the attached CFScript.txt and save it to the location where Combofix is saved to. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.ģ. Do NOT take any action on any "<- ROOKIT" entriesĢ. Rootkit scans often produce false positives. Please post the content of the ark.txt here. Save it where you can easily find it, such as your desktop. log file which cannot be uploaded to your post. button, and in the File name area, type in "ark.txt" or it will save as a. Show All ( should be unchecked by default )Ĭlose all other running programs as well as your Browser.Ĭlick the Scan button & wait for it to finish.In the right panel, you will see several boxes that have been checked.If it gives you a warning about rootkit activity and asks if you want to run scan.click on NO.
If asked to allow gmer.sys driver to load, please consent.
Do not run any other scans without instruction or add/remove software unless I tell you to do so.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Sometimes one step requires the previous one. Perform everything in the correct order.If there is anything that you do not understand kindly ask before proceeding. First, read my instructions completely.My name is Marius and I will assist you with your malware related problems.īefore we move on, please read the following points carefully. I have attached the dds logs as specified in the removal guidelines. I am not sure if i am still infected or this is some latest malware, everything seems ok now. The folders and files created by the malware are not there now.Īpparently malwarebytes updated its database to detect this malware recently but still idmcache.exe and related files are not in its database. Uninstalled flash player removed leftovers and installed again.
I followed the same procedure full scans of malwarebytes with Hitman pro anf then removal with unhack me which found additional malware in c:\windows\system32\imofugc.sys Upon checking the Flash player folder under users>appdata I found the idmcache.exe and related files again. Hitman removed it sucessfully,but 2 days back I downloaded a portableapps installer file paf and when i clicked to install it malwarebyted showed me Libcurl.dll Trojan.miner Quarantined threat warning.Īfter a full scan I rebooted my computer only to find a message 'Libcurl.dll not found idmcache.exe failed to start' Since then I have been using Hitman pro scan weekly and after 3 weeks it detected spd.exe as malware in the %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\SPD.EXE folder I had flash player 11 back then which I updated to the latest version after uninstalling flashplayer 11 and removing leftover files in Users>appdata %APPDATA%\ADOBE\FLASH PLAYER\BROWSERCACHE\IDMCACHE.BAT %APPDATA%\ADOBE\FLASH PLAYER\BROWSERCACHE\IDMCACHE.VBS %APPDATA%\ADOBE\FLASH PLAYER\BROWSERCACHE\IDMCACHE.EXE The malware apparently affects the flash player I have eset smart security and Malwarebytes which both failed to detect this. On searching the Internet, I found it to be a malware: I have Internet download manager installed(idm) but this process is totally unknown to me. The task manager showed an unknown process named idmcache.exe consuming high amounts of cpu cycles. I have encountered a strange problem and not sure i am infected or NotĢ months back I found my cpu usage 100% even though the system was idle.