Hi folks, after install K-Lite Mega Pack I just did a scan and AdwCleaner found this s768.exe and relative folders. This executable file comes with the related .xpi file that is a doubt Firefox extention in this specific case boundled in the K-Lite installer (there was no windows choice about this during installation).

AdwCleaner makes is job as well putting the .exe in quarantine, btw some folders with the .xpi still remain in the pc after rebooting system.

This post were open only to inform.

Thanks for you're work and my compliments for joining the MalwareBytes Team!

Re: s768.exe detection

Hello,

Thanks for the feedback!

Can you share the remaining folders containing the .xpi?

Best regards,

Re: s768.exe detection

Hello,

Thanks for the feedback!

Can you share the remaining folders containing the .xpi?

Best regards,


fr33tux, 2016-11-15 19:00:21 (UTC)

Hello, i copy here the log file. You can see the folders address. AdwCleaner say "deleted", but after the system restart, still remain in system. Anyway, i write and repeat here for whom read this post: AdwCleaner makes it's job, isolate and quarantine the .exe files, which is the file (i assume) that give the instructions and privileges to the releted .xpi addon.

PS

I found this threat thanks to a software that alerts when a program wants to start on system bootup, and i suggest you all to have one in you're machine. greetings

Here the log file:

 

# AdwCleaner v6.030 - Logfile created 15/11/2016 at 09:46:09
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-14.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Xxxxxx - Xxxxxx
# Running from : C:\Users\Xxxxxx\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support


***** [ Services ] *****


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Xxxxxx\AppData\Roaming\Browser-Security

***** [ Files ] *****

[-] File deleted: C:\Users\Xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\td6abhwr.default\extensions\firefox@browser-security.de.xpi

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled Tasks ] *****


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted :: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4686 Bytes] - [04/12/2015 19:05:17] C:\AdwCleaner\AdwCleaner[C2].txt - [2155 Bytes] - [04/12/2015 20:03:13] C:\AdwCleaner\AdwCleaner[C3].txt - [2108 Bytes] - [25/09/2016 16:43:40] C:\AdwCleaner\AdwCleaner[C4].txt - [1287 Bytes] - [15/11/2016 09:46:09] C:\AdwCleaner\AdwCleaner[S10].txt - [2040 Bytes] - [26/10/2016 03:36:51] C:\AdwCleaner\AdwCleaner[S11].txt - [2114 Bytes] - [26/10/2016 17:35:47] C:\AdwCleaner\AdwCleaner[S12].txt - [2377 Bytes] - [15/11/2016 09:45:12] C:\AdwCleaner\AdwCleaner[S1].txt - [3919 Bytes] - [04/12/2015 19:04:23] C:\AdwCleaner\AdwCleaner[S2].txt - [2829 Bytes] - [04/12/2015 20:00:40] C:\AdwCleaner\AdwCleaner[S3].txt - [4047 Bytes] - [09/12/2015 05:22:23] C:\AdwCleaner\AdwCleaner[S4].txt - [1519 Bytes] - [26/06/2016 12:46:08] C:\AdwCleaner\AdwCleaner[S5].txt - [1592 Bytes] - [01/08/2016 18:16:55] C:\AdwCleaner\AdwCleaner[S6].txt - [2113 Bytes] - [25/09/2016 16:42:41] C:\AdwCleaner\AdwCleaner[S7].txt - [1968 Bytes] - [25/09/2016 16:50:17] C:\AdwCleaner\AdwCleaner[S8].txt - [1985 Bytes] - [26/10/2016 03:29:10] C:\AdwCleaner\AdwCleaner[S9].txt - [2058 Bytes] - [26/10/2016 03:34:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2239 Bytes] ##########

 

Re: s768.exe detection

Thank you!