Adware.Temonde

Short bio

Adware.Temonde is Malwarebytes' detection name for a small family of adware variants that use random file and folder names and are installed by bundlers.

Type and source of infection

Adware.Temonde typically drops one executable file in a random named folder under %ProgramFiles% and a Run key to start that executable for persistence. It comes installed by bundlers.

Protection

block Adware.Temonde

Malwarebytes blocks Adware.Temonde

Remediation

Malwarebytes can detect and remove Adware.Temonde without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this:

Malwarebytes
www.malwarebytes.com

-Log Details- Scan Date: 7/24/18 Scan Time: 9:12 AM Log File: e2476320-8f10-11e8-a41a-00ffdcc6fdfc.json Administrator: Yes

-Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.6035 License: Premium

-System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username}

-Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251256 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 3 min, 8 sec

-Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect

-Scan Details- Process: 0 (No malicious items detected)

Module: 0 (No malicious items detected)

Registry Key: 0 (No malicious items detected)

Registry Value: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Data Stream: 0 (No malicious items detected)

Folder: 0 (No malicious items detected)

File: 1 Adware.Temonde, C:\PROGRAM FILES (X86)\KTBKRII8KA\METALROCKBB.EXE, Quarantined, [13756], [542357],1.0.6035

Physical Sector: 0 (No malicious items detected)

WMI: 0 (No malicious items detected)

(end)

Traces/IOCs

File and foldernames are randomized, but the pattern is simple:

HKCU\...\Run: [T0JDCZCIBNG0WVN] => C:/Program Files/KTBKRII8KA/MetalRockBB.exe
C:\Program Files (x86)\KTBKRII8KA\MetalRockBB.exe

Select your language