Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Malware


  • Please log in to reply
3 replies to this topic

#1 jfparla

jfparla

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 30 April 2011 - 05:45 PM

I have a friend with a Windows 7 laptop that randomly pops up a Rogue AV. I have run RKill then MBAM, TDSSKiller, SuperAntiSpyware in safe mode, yet all show no infection. After some random time running IE8, a Rogue AV pops up claiming massive problems. I think I need some expert to help me solve this.

BC AdBot (Login to Remove)

 


#2 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 30 April 2011 - 11:08 PM

Finally after about 4 hours, the pop-up did display. The title is PC PowerSpeed, with a message stating "Registry Contains Errors" and "Registry Errors Found: 188". There is also a button to "Remove Now". Task Manager shows an application named PCRx and two suspicious tasks "PCPowerSpeed.exe *32" and "PCPowerTray.exe *32". I hope that gives you some clues to what might be happening.

#3 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 02 May 2011 - 01:17 PM

PCPowerSpeed is listed in All Programs and even has it's own uninstall program. The malware behavior I see makes me very suspicious of this program. I do not trust the uninstall to really do only that. Is there a safe way to remove this without executing the PCPowerSpeed uninstall? I am afraid the Windows 7 uninstall in Control Panel will launch the PCPowerSpeed uninstall program.

#4 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 03 May 2011 - 01:50 PM

My friend needs her computer. No response from BP, so I did the best I could. Started in safe mode. Uninstalled PCPowerSpeed using Windows 7 Control Panel > Programs and Features. The uninstall did not seem to use the PCPowerSpeed uninstaller. It did remove files from Program Files (x86), Startup list in MSCONFIG, files in AppData, etc. I restarted in safe mode. I ran CCleaner again to clean temporary files and registry errors. I searched with regedit for any occurences of PCPowerSpeed (none found). I rebooted in normal mode, deleted all restore points, and created a new restore point. I have been running the system for about 5 hours and no pop-ups or other messages. My friend will continue to monitor. This posting can be closed as I will not have access to this computer. If it re-occurs I will open a new post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users