Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

offerchecker.exe?


  • This topic is locked This topic is locked
12 replies to this topic

#1 cassiereroni

cassiereroni

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 12 November 2011 - 12:59 PM

While cleaning some old programs out of ZoneAlarm I found this file "offerchecker.exe". I did a quick look on google for some information on this file. Everything that came up (and there really isn't a lot of webpages devoted to this) says that it's a dangerous file and should be removed. However, I don't see a website I know and trust that I can find any information on.

Does anyone know what this is, what it does and is it dangerous?

Thanks for any help.

cassiereroni

 


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 19 November 2011 - 11:21 PM

Looks like a Drpper malware of the Delf family

http://www.threatexpert.com/report.aspx?md5=a3a33b3504e2b1e5efceb02e4efe3afa

Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button Posted Image
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button Posted Image then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 21 November 2011 - 12:15 AM

Just got your message. Running Kaspersky now. Will get back to you with results A.S.A.P.


 


#4 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 21 November 2011 - 01:58 AM

Well, it's been running for just about 2 hours now and still has about 15% more to go. I am going to let it finish and I'll finish this up in the morning as I have to get up early and it's almost 1 am here now.

 


#5 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 21 November 2011 - 09:58 PM

Ok, since 3 this afternoon I've been trying to copy and paste from the scan logs as you instructed. But, it will not do it. As soon as I "select all" my computer slows to an agonizing crawl. After about 15 to 20 minutes it finally selects everything but it stops there. It will not copy to the clipboard, it won't do anything as far as Kaspersky is concerned.

When I try to use task manager to stop it I get "End 9387692.exe" "Can not be shutdown because it is locked by system."

So, I have just deleted Kaspersky and redownloaded it. Figured I would try running it again with a fresh install until I hear something different.

Am I doing something wrong?

cassiereroni

 


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 22 November 2011 - 12:12 AM

Try an alteranate please.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 22 November 2011 - 01:06 AM

Not any better with the second install and try with Kaspersky. Am on my way to ESet now. Will let it run overnight because from past experience there it will take 2 to 3 hours for a full run.

Be back tomorrow with a report on what happened.

cassiereroni

 


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 22 November 2011 - 10:08 AM

OK
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 22 November 2011 - 08:08 PM

Ok, well, there is no threats reported and no log. So does that mean something good or do I need to do something else?

 


#10 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 22 November 2011 - 08:11 PM

I just deleted Kaspersky and when I went to empty the recycle bin it asked me if I wanted to delete these 5 files. Only, there was only one file in there.....what on earth is that?

 


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 22 November 2011 - 09:26 PM

Well there are too many things wrong here and I do not want to lose the PC.. We should get a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:09:58 PM

Posted 23 November 2011 - 04:17 PM

When trying to run Gmer I got the BSOD with the following information:

"A process or thread crucial to system operation has unexpectedly exited or been terminated."

"Stop 0x000000F4 (0x00000003, 0x8649DDA0, 0x8649DF14, 0x805FB1D6) Beginning Dump of Physical Memory"

Going over to the other forum you suggested and will finish up there.

cassiereroni



 


#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:58 PM

Posted 23 November 2011 - 04:39 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic429074.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users