Adware.Temonde
Short bio
Adware.Temonde is Malwarebytes' detection name for a small family of adware variants that use random file and folder names and are installed by bundlers.
Type and source of infection
Adware.Temonde typically drops one executable file in a random named folder under %ProgramFiles% and a Run key to start that executable for persistence. It comes installed by bundlers.
Protection
Malwarebytes blocks Adware.Temonde
Remediation
Malwarebytes can detect and remove Adware.Temonde without further user interaction.
- Please download Malwarebytes to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
Malwarebytes removal log
A Malwarebytes log of removal will look similar to this:
Malwarebytes www.malwarebytes.com-Log Details- Scan Date: 7/24/18 Scan Time: 9:12 AM Log File: e2476320-8f10-11e8-a41a-00ffdcc6fdfc.json Administrator: Yes
-Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.6035 License: Premium
-System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username}
-Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251256 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 3 min, 8 sec
-Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect
-Scan Details- Process: 0 (No malicious items detected)
Module: 0 (No malicious items detected)
Registry Key: 0 (No malicious items detected)
Registry Value: 0 (No malicious items detected)
Registry Data: 0 (No malicious items detected)
Data Stream: 0 (No malicious items detected)
Folder: 0 (No malicious items detected)
File: 1 Adware.Temonde, C:\PROGRAM FILES (X86)\KTBKRII8KA\METALROCKBB.EXE, Quarantined, [13756], [542357],1.0.6035
Physical Sector: 0 (No malicious items detected)
WMI: 0 (No malicious items detected)
(end)
Traces/IOCs
File and foldernames are randomized, but the pattern is simple:
HKCU\...\Run: [T0JDCZCIBNG0WVN] => C:/Program Files/KTBKRII8KA/MetalRockBB.exe C:\Program Files (x86)\KTBKRII8KA\MetalRockBB.exe