Adware.Temonde

detection icon

Short bio

Adware.Temonde is Malwarebytes’ detection name for a small family of adware variants that use random file and folder names and are installed by bundlers.

Type and source of infection

Adware.Temonde typically drops one executable file in a random named folder under %ProgramFiles% and a Run key to start that executable for persistence. It comes installed by bundlers.

Protection

block Adware.Temonde

Malwarebytes blocks Adware.Temonde

Remediation

Malwarebytes can detect and remove Adware.Temonde without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this:

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 7/24/18
Scan Time: 9:12 AM
Log File: e2476320-8f10-11e8-a41a-00ffdcc6fdfc.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.6035
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 251256
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.Temonde, C:\PROGRAM FILES (X86)\KTBKRII8KA\METALROCKBB.EXE, Quarantined, [13756], [542357],1.0.6035

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Traces/IOCs

File and foldernames are randomized, but the pattern is simple:

HKCU\...\Run: [T0JDCZCIBNG0WVN] => C:/Program Files/KTBKRII8KA/MetalRockBB.exe
C:\Program Files (x86)\KTBKRII8KA\MetalRockBB.exe