Adware.Temonde
Short bio
Adware.Temonde is Malwarebytes’ detection name for a small family of adware variants that use random file and folder names and are installed by bundlers.
Type and source of infection
Adware.Temonde typically drops one executable file in a random named folder under %ProgramFiles% and a Run key to start that executable for persistence. It comes installed by bundlers.
Protection
Remediation
Malwarebytes can detect and remove Adware.Temonde without further user interaction.
- Please download Malwarebytes to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
Malwarebytes removal log
A Malwarebytes log of removal will look similar to this:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 7/24/18
Scan Time: 9:12 AM
Log File: e2476320-8f10-11e8-a41a-00ffdcc6fdfc.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.6035
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 251256
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 8 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
Adware.Temonde, C:\PROGRAM FILES (X86)\KTBKRII8KA\METALROCKBB.EXE, Quarantined, [13756], [542357],1.0.6035
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Traces/IOCs
File and foldernames are randomized, but the pattern is simple:
HKCU\...\Run: [T0JDCZCIBNG0WVN] => C:/Program Files/KTBKRII8KA/MetalRockBB.exe
C:\Program Files (x86)\KTBKRII8KA\MetalRockBB.exe