Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 PetarSickey


  • Members
  • 151 posts
  • Local time:06:39 AM

Posted 20 August 2009 - 08:33 AM

Each day I take a look at Windows Task Manager and look for stuff I don't recognize - like eg. isass.exe posing as lsass.exe or something like that. Well today, I found apxfjur.exe and dealassistant.exe so I shut them both down. Then I searched for DealAssistant.exe and there isn't one. So they use a sort of renaming or encryption technique as some websites have discussed in their discussion of this adware/malware. Just thought I'd throw this out to people now in case you know of a tool that can hunt this one down. But this malware came right on the heels of mirar which I tried to remove yesterday by simply running the uninstall in Add/Remove programs. So far, I don't see it again. And that in turn came on the heels of a huge hijack of my security in my hosts file. And that in turn came from some sort of Windows Protection Suite malware. So it's like this: Windows Protection Suite -> mirar -> DealAssistant.exe -> etc. It's sort of like dominos but I don't think it's appropriate to be general in this specific topic which is "what do you want help on" right now. Well, now it's DealAssistant.exe. In the meantime, I'll do my best to look at all the file-sizes, registry settings, files, etc. and try to get rid of it. But one comment so far: Some of it is in C:\Documents and Settings\Owner\Application Data\DealAssistant where if find the following files: config.cfg, dealassistant.exe, and DAUninstall.exe but it is listed under the Add/Remove programs in control panel. So it looks as if I should just run the uninstall in Control Panel. I just have one question: Should I uninstall it as I did with mirar? Just looking for a 2nd opinion so I can get back to work. I have spent the last 7 days fighting malware.

Thank you very much.

BC AdBot (Login to Remove)


#2 Guest_superbird_*


  • Guests

Posted 26 August 2009 - 03:11 PM


I am sorry for the delay in posting to you. We have a large community, with hundreds of topics being created every day.

Do you still need help with your problem?

- If not, please tell me also.

- If so, please tell me what problems you have exactly at the moment. Also, do this:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users