• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

[HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hello,

Currently Norton does not have a way to detect the Dynamo Combo malware. It is a very serious problem.

http://www.threatremovalsite.com/completely-remove-dynamo-combo-ads/

I have been infected with the malware and had to follow instructions to manually remove it literally googling "dynamo combo removal"

http://malware-detective.com/uninstall-dynamo-combo/

Could we please get a definition update on the Dynamo Combo? There needs to be manual changes done on windows registries as well that the instructions do not entirely go through. This is a high priority malware that I received from CamStudio.

Cheers,

Proto

Replies

Accepted Solution
Kudos2 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

From your first link, "Dynamo Combo ads is an adware program". As such it is a class of malware called PUP, a Possibly Unwanted Program. While they are annoying, they do not cause damage to your system. Some people actually want the 'Features' offered by these programs. They are usually downloaded alongside a legitimate download when you do not uncheck the option for the additional download.

Norton products concentrate on malware that can damage your system, that is why some PUPs are not detected.

I would suggest a second opinion scan using the FREE version of Malwarebytes. You can find it here http://www.malwarebytes.org/products/malwarebytes_free/

Many of us here use the free on demand scan with Malwarebytes to augment the protection of the Norton products. You have to remember that no one program can protect you 100% of the time from 100% of the thousands of malware programs released every day.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

bjm_:

SpyHunter4 is CRAP http://www.wilderssecurity.com/threads/is-spyhunter-a-real-program-or-a-fake-one.210561/

I really have to wonder if things may have changed since that appraisal from 2008 or if in fact it is still true?

Kudos2 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

yank:
bjm_:

I really have to wonder if things may have changed since that appraisal from 2008 or if in fact it is still true?

When I find a review from a not paid for advert site.  I'll re-consider my opinion.  When I find an active SpyHunter board on Wilders.  I'll re-think my opinion.   For now I'll side with Wilders.   If it quacks like a duck.....

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hello Proto

Instead of trying to remove any malware that Norton doesn't remove, I would recommend to you to visit one of the free malware removal sites to make sure that the computer is completely clean. Since these programs make many changes to the registry, it is  much safer to be guided by a malware remover specialist than to try and monkey around by yourself with the registry and end up with a possible dead computer. We have a list of sites which we recommend.

Please go to one of these free Forums for help in removing your bad malware or rootkits.


(Thanks to Delph for providing the list of sites)

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users. The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos3 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

yank:
bjm_:

SpyHunter4 is CRAP http://www.wilderssecurity.com/threads/is-spyhunter-a-real-program-or-a-fake-one.210561/

I really have to wonder if things may have changed since that appraisal from 2008 or if in fact it is still true?

@ bjm_ et all,

I decided to do some of my own investigation and found the following in depth analysis from quietman7 on the Bleeeping Comupter Boards dated 28 Sept, 2014, which is plenty current for me.  Not withstanding, Russ  and I have been active on another board for a long time and I trust all he says.  So with the more recent review, by a trusted MVP in Security - it does appear to quack!

http://www.bleepingcomputer.com/forums/t/550005/spyhunter-vs-malwarebytes-vs-iobit/#entry3491488

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

yank:

@ bjm_ et all,    So with the more recent review, by a trusted MVP in Security - it does appear to quack!

I knows' my water fowl     Everything Enigma' is CRAP  ~~ btw Thanks for the recent article link.  

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Thanks for your reply, Peter. Malware bytes did the trick, thank you for your suggestion as well. It indeed did pick up a few more files including a suspicious one I had in question 64c2f02d_stp.exe. 

There seemed to have been varying opinions of how severe Dyanmo Combo is. From the same article I first linked, its description seemed quite severe. I don't know to what extent Dynamo Combo can "steal" passwords - key logger is my biggest fear. I normally don't store important passwords in my web browsers (even if they're not stored in plain text!). 

First article: "Dynamo Combo ads     possess a very corruptive nature as it will attempt all possible ways to infect your PC with distinct threats like Trojans and key loggers that are particularly used by cyber crooks to track user’s sensitive information like user id, passwords, credit card number and bank account information. Dynamo Combo ads     threat if not removed earlier can hinder the performance of other installed applications like Antivirus tool, MS-Office, Photoshop, Flash Players and so on. Worst thing of Dynamo Combo ads     threat is that, it keeps its malicious files in an encrypted format due to which your firewall cannot detect its presence. It also adds new entries to the registry editor to keep its process running in the system background. Dynamo Combo ads     can lead to system crash down thus it must be removed as soon as possible."

There's another thing I'd like to bring up with Norton not being able to detect pieces of the Dynamo Combo. This was the name of the install file for Dynamo Combo is "64c2f02d_stp.exe". When googling, Virus Total shows which scanners are able to pick that up and which aren't:

https://www.virustotal.com/en/file/ab2292d5fb899eec22bb9dea4ee14f5f20b3e...

For example, BitDefender, F-secure and MalwareBytes are able to detect Dynamo Combo's exe file:

  • BitDefenderAdware.BrowseFox.U20150104
  • F-SecureAdware.BrowseFox.U20150104
  • MalwarebytesPUP.Optional.BPlug20150104

While Symantec Norton and another popular one, Kaspersky are unable to:

  • Symantec20150104
  • Kaspersky20150104

How do you differentiate a PUP and a malware that actually damages your system? It seems pretty serious to still have keyloggers and potential passwords being stolen. Although it's great to have a 2nd opinion and on-demand malware scanner, it would be great to have an all-in-one solution in Norton too. 

Proto

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi floplot - thanks for your reply.

For what it's worth I also received virus Yontoo.C along with Dynamo Combo. Are they related? Norton was able to deal with Yontoo.C and looking at the logs, it repaired a bunch of registries.

I read the forum you linked. Are the recommended anti-malware better than Malware Bytes? Another question would be, would it be worth having a secondary or tertiary back up on-demand malware scanner? Or is that just getting to the point of overkill.  

I downloaded Malware Bytes as Peter above suggested and it did indeed show registries being mucked around by Dynamo Combo. In hindsight, I should not have uninstalled Dynamo Combo myself from Add/Remove Programs as I'm not sure what adverse effects that may have had. Would it have been a cleaner solution to leave all the files alone? And by that I mean to leave these alone:

- Registry Files DC created (Regedit)

- Extensions on my web browser it created (I manually reset the extensions to factory defaults)

- It installed itself on my Windows OS (in C:/Program Files...)

- Other sites mentioned DC creating services/task schedulers tasks but I was unable to locate these manually (msconfig)

Proto

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hello Proto

Because of the dangers of the malware was the reason why I suggested going to one of the malware removal sites.  How to differentiate a PUP which might be a few ads with a malware that can really damage your computer is really a question for a malware removal expert to answer and to also guide you to cleaning up malware. You have to remember that malware is a continuing changing object.  If you are from the United States---this is why the flu has become an epidemic this winter. It has mutated since the time when they made the current batch of flu vaccines, therefore, the shot and the spray are not as effective as they should be.

Edit: Malwarebytes is one scanner which can be good in cleaning up the leftovers of a virus after Norton has fixed a virus. I still believe that recommending a removal site is more thorough than using that scanner. The link I gave above lists 4 or 5 different forums. Which ever one you would go to, you would be working with 1 person on a 1 to 1 basis. They would know how to guide you to clean up the malware and also scan the computer to make sure there is nothing else lurking inside the computer that shouldn't be there. The registry isn't something that you should be playing around with. Sometimes files have to be replaced with clean ones. These sites can help you do that.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos3 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Proto:

First article: "Dynamo Combo ads     possess a very corruptive nature as it will attempt all possible ways to infect your PC with distinct threats like Trojans and key loggers that are particularly used by cyber crooks to track user’s sensitive information like user id, passwords, credit card number and bank account information. Dynamo Combo ads     threat if not removed earlier can hinder the performance of other installed applications like Antivirus tool, MS-Office, Photoshop, Flash Players and so on....

Hi Proto:

Almost every single article on Threatremovalsite.com has that same wording, regardless of the threat.  They always mention key loggers and theft of personal information to exaggerate the risk to the user's system and try to frighten the user into installing their sponsored malware removal software and/or subscribing to their paid malware removal service.  For example:

http://www.threatremovalsite.com/how-to-remove-exaggeratego-com/ :
"Best Exaggeratego.com         possess a very corruptive nature as it will attempt all possible ways to infect your PC with distinct threats like Trojans and key loggers that are particularly used by cyber crooks to track user’s sensitive information like user id, passwords, credit card number and bank account information.  Best Exaggeratego.com         threat if not removed earlier can hinder the performance of other installed applications like Antivirus tool, MS-Office, Photoshop, Flash Players and so on. "

http://www.threatremovalsite.com/uninstall-trojandownloaderwin32small-geni/ :
"TrojanDownloader:Win32/Small.gen!I         possess a very corruptive nature as it will attempt all possible ways to infect your PC with distinct threats like Trojans and key loggers that are particularly used by cyber crooks to track user’s sensitive information like user id, passwords, credit card number and bank account information. TrojanDownloader:Win32/Small.gen!I         threat if not removed earlier can hinder the performance of other installed applications like Antivirus tool, MS-Office, Photoshop, Flash Players and so on."

There is an article on the Lifehacker website titled The Difference Between Antivirus and Anti-Malware (and Which to Use) that concludes that users should use one antivirus like Norton to scan for higher-risk threats like viruses, trojans and worms in realtime, and then use a second on-demand (manual) scanner like the free Malwarebytes Anti-Malware recommended by peterweb to occasionally scan for lower-risk PUPs (potentially unwanted programs) and PUMs (potentially unwanted modifications) like adware and browser re-directors that might be missed by your antivirus.  There is a companion article here on the Lifehacker site describing these different classes of malware, and Malwarebytes has posted a comprehensive list of unacceptable behaviours they use to define PUPs at http://www.malwarebytes.org/pup/.
-------------
32-bit Vista Home Premium SP2 * Firefox 34.0.5 * NIS 2014 v. 21.6.0.32 * MBAM Premium 2.0.4.1028
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Imacri, these are wonderful resources. Great and thanks for compiling that together. I'm sure those infected with Dynamo Combo will also appreciate your post. I was mistaken then - I thought malware was a totally different category - not a superset of viruses. It is also interesting to note the history of how antiviruses had come to be. Super productive reading and great recommendation on having a solid real-time antivirus to rely on and a secondary malware detector.

Imacri - Good point on Threadremovalsite.com. I was hesitant to download Malwarebytes initially because I was already fooled by Camstudio and was extra cautious of downloading even more software to supposedly "remove" my Dynamo Combo threat. But because Peter and a few of my friends at school use it, I gave it a try and did pick up a few suspicious PUPs. 

Imacri, Peter, @anyone else from the forum: From your experience and advice, may I ask for your opinion? I'd like to know if you think I should reformat my computer based on these steps I've done to try and remove the Dynamo Combo. If I were to do it all again, I would've just downloaded Malwarebytes and ensured it took care of everything. Now I am in quite unsure that I may still have bits of Dynamo Combo lurking around ready to steal my passwords.

If it helps this was my activity log on the day it happened:

Steps:

(1) Suspicious behaviour: I downloaded CamStudio. I noticed Dynamo Combo toolbar in my google search, accidentally clicked the bar and the ads. I'm not sure if this was a problem. My web browser was extremely sluggish and kept crashing. 

(2) Norton Detections: My Norton detected Yontoo.C virus as well as a Trojan that came from dynamocombo.dll and blocked both. I have a suspicion that Yontoo.C may have come from the ads that were generated from Dynamo Combo?

** At this point I googled how to remove Dynamo Combo to achieve the steps below. I knew for sure Norton didn't pick up every bit of Dynamo Combo because the websites listed file names that Norton still didn't quarantine after a full system scan: **

(3) Uninstall Dynamo Combo Program: I manually uninstalled Dynamo Combo from Add/Remove Programs (the toolbar on Google was immediately removed). I'd like to note there were two instances of "Dynamo Combo" listed in my Add/Remove programs. In my haste I did not check the properties of each of these. I removed the first entry of "Dynamo Combo" and I noticed the second one disappeared once it was uninstalled. Again, I don't know if this is significant, but this detail still bugs me.
(4) Reset Web Browser extensions: I reset extension settings for all web browsers.  (Although I'd like to note Dynamo Combo never showed itself even before I uninstalled it, as an extension. Is that normal?) 

(5) Check Services, Task Scheduler, Processes: Through msconfig I checked for suspicious services that the websites suggested. I also tried to google any suspicious looking names and check their origin (i.e. is it from C:/windows/system32?). I'll admit I didn't check every single service - especially since there were a LOT of Microsoft services. I did a "Hide all Microsoft services". Which brings me to my next question... is it possible for malware to fake the Manufacturer name (Run > msconfig> Services)? That certainly makes me uncomfortable.
(6) Install MalwareBytes: I installed and ran Malware Bytes - and it detected the 64c2f02d_stp.exe lurking in my users/temp/local/ that my Norton could NOT pick up. It also quarantined one or two Registry key files and 2-3 other files.

Since I did part of this manually and part of this with malware bytes. Should I be concerned that there are still lurking bits of Dynamo Combo, Yontoo.C or any other malware bits?

Will I have to reformat my computer? This seems the only sure way to delete all infected files. Although if I backed up infected files into my external hard-drive that really wouldn't solve anything... 

http://botcrawl.com/dynamo-combo-virus-removal/

I also just came across this site and it looks like it was published two days ago. I didn't perform "CClearner", but other than that it looks like the steps I performed were quite similar.

As a side note, this Dynamo Combo seems quite new. With articles on how to remove dating from Dec 2014 and even some in January 2015. 

Thanks everyone for your guidance. Hoping that others can read this and remove accordingly the first time round. 

Proto

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hello Proto

The Community as always asserts DIY malware remediation is at your discretion and risk.   The web is overflowing with self help malware removal.  
  Please use extreme caution

Visit one of the free Malware Removal Forums recommended by the Community
http://www.bleepingcomputer.com (link is external)
http://forums.whatthetech.com/ (link is external)
http://www.geekstogo.com/forum/ (link is external)
http://www.cybertechhelp.com/forums/ (link is external)

Please be aware that removing Malware is a potentially hazardous undertaking.  
The trained experts at the free Malware Removal Forums will try their best to clean your system and minimize the risk. 
Resist self fixes and using your computer as normal until your system is declared clean.   Please register and start a Thread at one of the recommended Malware Removal Forums

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Proto:

Will I have to reformat my computer? This seems the only sure way to delete all infected files. Although if I backed up infected files into my external hard-drive that really wouldn't solve anything...

I agree with bjm_ - there's no need to reformat your hard drive.  If you have any concerns that you still have active malware on your system that wasn't detected and disabled by Norton or Malwarebytes, just register on one of the free malware removal forums recommended here by flopot and the malware removal specialist assigned to your case will ask you to run some diagnostic tools so that s/he can review the logs and look for any hidden malware still lurking on your system.  I've used the WhatTheTech site myself and thought they did a great job.  See my comments below about the advantages of creating a complete backup image for emergency system recovery.

Proto:

** At this point I googled how to remove Dynamo Combo to achieve the steps below. I knew for sure Norton didn't pick up every bit of Dynamo Combo because the websites listed file names that Norton still didn't quarantine after a full system scan: **...

...Which brings me to my next question... is it possible for malware to fake the Manufacturer name (Run > msconfig> Services)?

The name of the file is irrelevant because, yes, hackers can try to hide malware by using names of common Windows files (e.g., svhost.exe) or re-releasing the same malware executable using a different file name.  However, each file has a digital signature (fingerprint) called a SHA256 or MD5 hash that virus scanners like Norton use to identify virus signatures, and this hash is what your should be searching for on VirusTotal.com, and not the file name.  See the instructions in gablegal's thread Trojan.Swifi? on how to find and submit the SHA256 hash for your Yontoo.C file to VirusTotal.com for analysis.  If you look at the Yontoo.C description in Symantec's A - Z Listing of Threats & Risks, it has a risk level of Very Low and states that "Yontoo.C is a potentially unwanted application that installs a browser extension to display advertisements".  A Potentially Unwanted Application (PUA) is Symantec's terminology for lower-risk PUPs, so I don't think you need to be too concerned.  You can also check your Norton security history (Advanced | History | Show | Resolved Security Risks) and it likely shows that the status of Yontoo.C is Removed or Quarantined.
_____________________

In future, you might want to consider using backup software to create a complete image backup of your system (which is a snapshot of your entire system and different than a Windows restore point) for emergency system recoveries like a really nasty malware infection.  I'm sure other users will chime in if they have a favourite free or paid program they could recommend, but see the PCWorld article Introduction to Backup for a good primer on the subject.  Kudos to Rainbow_2 for posting the original link to this article in her thread Top 10 Fixes for Common PC Problems.
-------------
32-bit Vista Home Premium SP2 * Firefox 34.0.5 * NIS 2014 v. 21.6.0.32 * MBAM Premium 2.0.4.1028
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi Proto

I still stand by what I said in this post.https://community.norton.com/en/comment/6146871#comment-6146871

Even if you think the malware is all gone, you can still pick 1 of the sites, register with that site and have them determine if your computer is now clean or not. Whether it is a serious infection your computer may have or "just" some PUPS or PUAS, it is still not too late to go to them to have your computer checked out. The only problem you might have now is that you have done a lot of monkeying around with your computer trying to clean it up. They like to have the malware there without you doing anything more than a virus check and spyware check to find out if something is wrong with your computer. In fact some people go there just to make sure that there is no malware in there computer. It's always good to go for a checkup for your computer.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

I might as well add my 2 cents.

I too say that the way to verify your system is clean is to use one of the free malware removal sites quoted above. They have the tools to check you system for malware and can also diagnose Windows system problems.

Believe it or not, there are actually some malware that can survive a disk format. So a format will not necessarily ensure a clean system.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi bjm_: Thanks for your reply. I understand what you are saying - I will register and describe my problem with the logs. +1 kudos

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi Imacri: Thanks again for your reply.

Yes that makes sense - that the name of the file is irrelevant. I just wasn't sure if "Manufacturer" could also be faked. I heard somewhere that inorder for the "Manufacturer" field to be filled you needed it to be digitally signed. I mean this "manufacturer" field: http://www.get-in-control.com/how-to/msconfig-services.gif

That's interesting to know about the digital signature. I have copied the SHA and MD5 info from Norton but both (dynamocombo.compatabilitychecker.dll and Yontoo.C) give me

  • File Thumbprint - SHA:Not available
  • File Thumbprint - MD5:Not available

Any idea why their SHA and MD5 fingerprints may be unavailable? 

As for Yontoo.C's results, yes Norton has marked it as quarantined - it looked pretty extensive. I think I should be OK with Yontoo.C (meaning Norton probably wiped out most of this malware off my machine). And as you stated, it's low risk.

File Actions

File: ...appdata\local\temp\ yontoolayers.pem No Action Required

File: ...appdata\local\temp\ yontooffclient.xpi No Action Required

File: ...appdata\local\temp\ yontoolayers.crx No Action Required

File: ...appdata\local\temp\ launchie.vbs No Action Required

File: ...appdata\local\virtualstore\program files (x86)\yontoo\ yontoolayers.crx No Action Required

File: c:\program files (x86)\yontoo\ yontoolayers.crx No Action Required

____________________________

Registry Actions: (there were many)

Registry change: HKEY_USERS\S-1-5-21.....\Software\ SecretSauce No Action Required

....

____________________________

Suspicious Actions

Service change: Update MossNet No Action Required

Service change: Update MossNet No fix attempted

____________________________

Dynamocombo.compatabilitychecker.dll was not as extensive. In fact it warns me of a TROJAN. 

dynamocombo.compatibilitychecker.dll:

  • Launched: No
  • Threat name: Trojan.Gen.2Locate
  • File location: ...\ dynamo combo\bin\plugins\ dynamocombo.compatibilitychecker.dll (Norton status: Blocked
  • File Thumbprint - SHA:Not available
  • File Thumbprint - MD5:Not available
  • Concern: I thought Dynamo Combo was merely a adware? If so, why does it have a trojan involved?
  • Norton did NOT remove the actual Dynamo Combo from my C:/Program Files. I had to manually remove it from Add/Remove Programs
  • I could not search up anything to do with "dynamo" in the Norton dictionary http://www.symantec.com/security_response/landing/azlisting.jsp?azid=D

And for consistency, here was Malware Byte's logs since I had to prepare these for the malware removal forums:

Malwarebytes Anti-Malware

www.malwarebytes.org

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled //is this a problem?

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 3

  • PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\....., Quarantined, 
  • PUP.Optional.InstallCore.A, HKU\S-1-5-2.....\SOFTWARE\INSTALLCORE\1I1T...., Quarantined, 
  • PUP.Optional.InstallCore.A, HKU\S-1-5-21.....\SOFTWARE\INSTALLCORE, Quarantined, 

Registry Values: 1

  • PUP.Optional.InstallCore.A, HKU\S-1-5-21-....\SOFTWARE\INSTALLCORE|tb, ...Quarantined, 

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 3

  • PUP.Optional.BPlug, C:\.....\AppData\Local\Temp\is195539...\3F43A633_stp.EXE, Quarantined, 
  • PUP.Optional.BPlug, C:\....\AppData\Local\Temp\is195539...\64C2F02D_stp.EXE, Quarantined, 
  • PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{....Gw64.sys, Quarantined, 

Physical Sectors: 0

(No malicious items detected)

(end)

Btw I placed "..." to replace some of the the file path names and registry paths in my logs above as I'm not sure how sensitive the file path names are. Can you shed some light on that? Or will be it be OK to share the complete path to the key registries once I'm on the malware forums?

Interesting... I must admit I have been lazy about backing up my files. Is it too late for me to backup since I know for sure my PC has already been infected? My friends way well as long as I don't back up any executables I should be ok. If I had accidentally backed up my entire username folder I would've in fact backed up appdata/local/temp/is1995.../64c2f02d_stp.exe which is what Malwarebytes quarantined :P So... I supposed I have to inspect every file I back up to my external hard drive now that my system's been compromised?

Thanks again, this is very informative and interesting.

Proto

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi floplot and peterweb: Thanks both, to your replies. I posted the Norton and Malware bytes logs just up above if you were interested. 

@floplot: you're right and I agree with you. I could probably have a serious infection and just because Dynamo Combo had been labelled as a PUP or PUAS doesn't mean I shouldn't be concerned. In fact, I was even MORE concerned that Norton wasn't able to prevent me from installing Dynamo Combo and was unable to scan for anything except for the logs I posted above to Imacri. It warned me of a Trojan and that was it. Whereas for Yontoo.C, Norton produced a very extensive log on what files they repaired (both files and registries).

True, it may not be too late to have a malware forum help me out - in fact I've already gone and registered and posted. I never messed with my windows registries (well for one, I couldn't find any of the suggested registries to change :P), it was Malware Bytes that helped to repair my registries in the end. I get what you're saying though - to leave the virus or malware in it's original state before attempting to do anything. So I shouldn't have even Add/Remove programs from my control panel for Dynamo Combo, right? I need to know for future references for next time if I get infected. 

@peterweb: Thanks again Peterweb for your reply. Every opinion helps and counts, especially from Norton Fighters and Norton Gurus such as yourselves. 

@Everyone: I appreciate the vast wealth of technological and theoretical knowledge you have all brought to this forum. Of course I am afraid of using my personal machine now, but I suppose being paranoid now is better. I have to admit knowing a little more about this is also a bit fun and interesting. Even though I'm the one who got attacked by the malware. Perhaps I can help my friends better by gaining this knowledge and that brings me peace.

Proto

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Proto

When you post logs at the malware removal sites you will need to leave them intact. The removal experts create scripts to help with the removal process and if you change the path, the script will not find the files it needs to work on.

Things happen. Export/Backup your Norton Password Manager data.
Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi Proto:

That's good to hear that you've posted on one of the malware removal forums.  I'll leave it to the malware removal expert assigned to your case to answer any questions about your infection (e.g., if your backup could be infected) but here's a few answers to your other questions:

Proto:  I just wasn't sure if "Manufacturer" could also be faked. I heard somewhere that inorder for the "Manufacturer" field to be filled you needed it to be digitally signed.

Yes, it's not common but some malware can fake a security certificate and spoof the manufacturer.  See the recent Seculert article Malware Deployed by Fake Digital Certificates Bypassing Endpoint Security.

Proto:  Any idea why their SHA and MD5 fingerprints may be unavailable? 

Sorry, I'm not sure why they're missing. As far as I know the standard SHA256 and MD5 hash algorithms can be applied to any file (see sample code in the MSDN article SHA256 Class) so I suspect it has something to do with the fact that it was a detection for the dynamic link library (.DLL) for the browser add-on dynamocombo.compatibilitychecker.dll and not the actual executable (.EXE) that installed the library.  You could ask Norton Customer Support via LiveChat at www.norton.com/chat if you're really curious and someone else can't provide a better answer.

Proto: I thought Dynamo Combo was merely a adware? If so, why does it have a trojan involved?...I could not search up anything to do with "dynamo" in the Norton dictionary http://www.symantec.com/security_response/landing/azlisting.jsp?azid=D

You should be searching for the name of the detection/threat classification assigned by Norton (e.g., Yontoo.C) and not the name of the program you see listed in your browser extensions or Control Panel (Add/Remove Programs).  It looks like Norton detected Dynamo Combo as Trojan.Gen.2.  "Gen" stands for generic and Trojan.Gen.2 is a generic detection with a very low risk that Symantec uses to flag files that exhibit some sort of suspicious behaviour that is characteristic of other trojans (e.g., a suspicious .doc or .jpg in an e-mail attachment) even though Symantec does not have definitive evidence that the file is actually malicious.

If you go to Advanced | History | Show | Resolved Security Risks and double-click on any entry to view the details of the detection, the name of the Threat in the pop-up window is actually a hyperlink that will take you directly to the full report on the Symantec Security Response site when clicked.

Proto:  Norton did NOT remove the actual Dynamo Combo from my C:/Program Files. I had to manually remove it from Add/Remove Programs

This could have something to do with the trust level assigned to the file - see the support article Download Intelligence.  Norton will quarantine or remove known malware with a poor trust rating (e.g., if the file has a SHA256 hash for a known virus in the virus definition set) but users will often be prompted to choose a suitable action (e.g., run the installation, cancel the installation or remove the file) in the case of PUPs/PUAs or unknown files.  Antivirus programs like Norton, McAfee, Kaspersky, etc. are best for handling viruses and other high-risk malware but MBAM is better suited for the detection/removal of lower-risk PUPs/PUAs.

Proto: Rootkits: Disabled //is this a problem?

That's normal - see the MBAM support article Why is scan for rootkit off by default?  Rootkits embed themselves deep inside Windows OS and the infected Windows system file can be damaged if the rootkit isn't remove properly so you should always work with a trained malware removal specialist to remove these types of infections.  I would only use a rookit scan if I suspected my computer was infected with malware that could not be detected by standard Norton and MBAM scans and my Windows OS was unstable (e.g., my system was constantly crashing and I hadn't made any recent changes to my system like a hardware driver or Windows update).

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hello Proto

Since you have now signed up with one of the removal sites, we can no longer help you with any of the malware matters. If you have any questions about  malware detections concerning the malwares that you have now. Please do not doctor up any of the files or findings that have been already made. When your security program points out to you that you have malware, that is the time to sign up with a removal site and don't do any other scans on your own. Don't try and fix things by yourself. Even if the security program doesn't tell you that you have malware, but you see things that appear on your monitor that haven't appeared before or if your computer becomes very sluggish, that's the time to sign up and find out if your computer is ok.

As far as backing up stuff, the modern way of doing it now is to have like a mirror image of your computer when it is in a clean state or some people just back up music, pictures and documents and emails. There are all sorts of programs out there now.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi Imacri,

Thanks for your response. And for linking to such interesting articles! I didn't realize that the trust level was a factor of whether Norton will quarantine/remove a malware. I'm even more surprised that Dynamo Combo wouldn't have anything but a low level... A good point that antivirus programs like Norton, MCAffe, Kaspersky is better for handling high-risk malware including viruses rather than PUPS/PUAs. I now have MBAM installed for on-demand scans for my family as well. They were a little concerned that my computer had viruses/malware that could potentially spread across the Windows HOMEGROUP and infect their computers as well. Well I did a Norton Security scan and MBAM scan on their computers as well. 

In case you were curious, Bleeping Computer recommended I download and run:

* rkill.exe ( to detect the processes by malware)

* adwcleaner.exe

* JRT - junk removal tool

* re run MBAM

* re run MBAM with antiroot kit enabled

I have personally never heard of rkill.exe, adwcleaner.exe nor JRT. I googled around and asked some of my friends - some have vaguely heard of rkill.exe and maybe adwcleaner.exe (although I argued that these names sound so similar so I'm not exactly sure how to take their opinions). What is your thoughts on this? I'm usually against running non-big corp programs because they aren't as reputable. For example I have Norton Security because it *is* reputable and from a fairly big company. I did back up my important files and if I really really had to, I could reformat if anything goes wrong in the next few days. 

I did one more thing before engaging Bleeping Computer which was checking every process in task manager... things looked ok but yeah, human eye is prone to failure which is why I ultimately decided to post on Bleeping Computer (thanks to the experts on this forum for their guidance)

Btw what is the little trophy by your name with the number "25" mean? :)

Much thanks,

Proto

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Thanks floplot for your continued advice and support. To be honest, after I had add/remove Dynamo Combo, I stopped seeing suspicious things. In particular I stopped seeing the Dynamo Combo tool bar. And I stopped seeing pop up ads. The computer wasn't any more sluggish than it should be...But I still had a sinking feeling and ultimately that made me download Malware Bytes (after asking around) and sure enough, more things were detected. So that's why I took your advice for one of the malware removal forums - because I still have that sinking feeling. I posted some of the things Bleeping Computer recommended to me in my post above. I hope it goes well! I haven't heard of any of the programs they are proposing, sadly, except for Malware Bytes (and that was a recommendation by a personal friend). Nothings 100% and it sort of boils down to a blind faith while I download things like rkill.exe and adwcleaner.exe... I backed up my data just in case..

Funny story, as I was backing up my stuff on an external, I scanned my external and it found a virus on my previously backed up date. I guess I somehow backed up a virus that wasn't detected back then. 

Proto

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hello Proto

Since you're working with Bleeping.  You may want to respect their instructions and not post anywhere else. 

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Proto:

I have personally never heard of rkill.exe, adwcleaner.exe nor JRT. I googled around and asked some of my friends - some have vaguely heard of rkill.exe and maybe adwcleaner.exe (although I argued that these names sound so similar so I'm not exactly sure how to take their opinions). What is your thoughts on this? I'm usually against running non-big corp programs because they aren't as reputable.

Hi Proto:

Yes, I've heard of these tools.  Every free malware removal site recommended here by delphinium might use a slightly different set of tools, but the malware removal expert assigned to your case is trained to select the appropriate tool based on the results of your diagnostic logs and type of infection.  If you have any questions about the instructions provided by your malware removal expert just ask them for clarification before proceeding - they're used to helping users with different levels of expertise. The post Malware Removal Training Program has some background information on the type of training the bleepingcomputer malware removal experts go through before they're allowed to provide assistance in the forum, and the UNITE Against Malware site has links to the malware removal sites (including bleepingcomputer) who host training programs.

Proto:
Btw what is the little trophy by your name with the number "25" mean? :)

 Users are given a different rank based primarily on the number of posts they've made in the forum - the list here of forum ranks is likely outdated but gives you some idea of how the rankings work.  The "25" next to my username just indicates I've made enough posts to reach the rank of Norton Fighter.

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi bjm - yes, I have only posted on Bleeping Computer as you and others recommended only to go to *one* of the selected forums. And, I have also asked this thread here, and friends around to make sure they have heard of things like rkill.exe and adwcleaner.exe, as I have not heard of any of these programs before. 

Proto

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi Imacri,

Thanks again for your reply. And that's great that you have heard of it (whew!). I briefly looked at the sites delphinium posted to see other people's problems and general solutions, and it definitely looked like different forums used different set of tools - which also made sense why you should only post on one of the forums since the solutions will vary.

The big thing for me was whether the programs were heard of, reputable and safe to use. So it's definitely good to know you have heard of rkill.exe and adwcleaner.exe. They also recommended Temp File Cleaner too, by the description it sounds good, but again the whole downloading more tools to my machine that I don't know makes me uncomfortable. (Although aren't I one to talk about downloading reputable... since I downloaded CamStudio without reading the wiki page about how it had history of having malicious software bundled. And then, Dynamo Combo gets installed. ) Perhaps CamStudio's page should be marked as unsafe.

Thanks also for the links - I couldn't find my BC member in the list of instructors or experts, but the solution they provided sounded reasonable. 

And neat - I quite like those forum rank names. Congrats on the Norton Fighter - and thank you also for helping the community with your detailed, and very well explained posts.

Proto

Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hello Proto

Please just remember the things they tell you to do is based on what they found in your computer. BC has a very good reputation as does all the malware forums that we recommend. You have to trust them and do not go around asking about programs that they told  you to use. If you have any concerns about the programs, then just ask the one that is helping you. You can post here again once the malware forum tells you that you computer is clean. These programs that you mentioned are only for your computer at the time it was examined by BC. This is why we can't do malware removal in this Forum because there is no way to enforce the 1 on 1 rule that they have at those recommended Forums.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos1 Stats

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Hi Proto:

I just found your post in the bleepingcomputer forum at http://www.bleepingcomputer.com/forums/t/563164/dynamo-combo-and-yontooc-malware-infection/.  It appears you've posted your question in the Am I Infected? What Do I Do? discussion board, and according to the FAQ for that board "Advice or instructions in this area should be limited to non-invasive scanners or tools that create a report that can be reviewed by a trained helper. If it is determined that you are infected with something that needs direct interaction by a staff member, your topic will be moved to the appropriate area. The use of Combofix or any other high level removal tool is not for this area...

...As this is an open area, available for any member to post in, please use caution when following the advice given. Instructions from the following member groups is to be considered trusted: Admin | Site Admin | Global Moderator | Moderator | Malware Study Hall Admin | Malware Response Instructor | Malware Response Team | BC Advisor "

If you had followed the link for bleepingcomputer in delphinium's thread Malware Removal Forum Recommendations  it would have taken you directly to bleepingcomputer's Virus, Trojan, Spyware, and Malware Removal Logs board where you would be connected with a trained malware removal specialist.  As shown below, there is a link titled Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help at the top of that board, and those instructions ask users to post a diagnostic log gathered by the DDS tool in their initial post in that board.


You are currently posting in an open bleepingcomputer forum board where any user can post advice, and user noknojohn does not appear to part of the BC Malware Response Team or a BC Advisor. I would use extreme caution when following any advice given by this user until you have confirmed that they are a trusted advisor, especially if they are asking you to use tools such as RKill and AdwCleaner to make changes to your system.

Kudos0

Re: [HIGH MALWARE PROBLEM] Dynamo Combo malware undetected by Norton

Oh dear. You are correct, Imacri. I feel very bad.Thank you for telling me that and you're right, I should've followed the original link. 

Without thinking, I went the bleeping computer home page and posted on the wrong category.

I don't know why this description

Am I infected? What do I do?

You never thought that it could happen to you, but it did. You went out and got infected with a nasty bit of malware that has dug its smelly claws into the very bowels of your computer. Fret not, for help is at hand! Use this forum to vanquish the evil intruder! 
No DDS, HijackThis, or ComboFix logs should be posted in this forum.

was more attractive than this one at first glance:

Virus, Trojan, Spyware, and Malware Removal Logs

One of the last bastions of computer security warriors and healers. Bring your troubled PC here for top-of-the-line help with Malware Analysis and Removal by our trained professionals. This forum is only for those seeking aide with Malware removal. For security purposes, only authorized personnel may respond to requests for assistance.

I have posted a new thread in the *correct* forum "Virus, Trojan, Spyware and Malware Removal Logs about my mistake. I could run the DDS tool as the Introductory thread there states, but I decided it will be better to let them know my current mistake (posting to a different thread) and what their advice is. http://www.bleepingcomputer.com/forums/t/563683/dynamo-combo-malware-inf...

Thanks again Imacri - that was very nice of you to point that out to me. I really appreciate that.

Yours,

Proto

This thread is closed from further comment. Please visit the forum to start a new thread.