Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Installer


  • Please log in to reply
9 replies to this topic

#1 ner

ner

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 20 November 2011 - 10:10 PM

Hi, I'm having a suspicious program trying to install itself on my computer (image shown) and I'm suspicious of it. I'm on Windows 7 and every time i boot up and surf the web, an unnamed installer pops up. It has been doing this for 2 weeks now and i've ran avg scans and malwarebytes anti-malware scans with no avail, i get no infected files. My computer has been acting normal and all seems to be fine, but i want to make sure this does not affect my computer. Thanks for your help.

Posted Image

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:51 AM

Posted 21 November 2011 - 05:43 PM

Welcome aboard Posted Image

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 ner

ner
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 21 November 2011 - 10:19 PM

thanks for the reply

http://www.filedropper.com/autoruns_7

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:51 AM

Posted 21 November 2011 - 10:42 PM

Re-run Autoruns and UN-check following items:

In "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" section:
+ "AdobeAAMUpdater-1.0"
+ "IgfxTray"
+ "Persistence"

In "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" section:
+ "Adobe ARM"
+ "iTunesHelper"

In "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" section:
+ "Google Update"

In "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" section:
+ "Java™ Plug-In 2 SSV Helper"

In "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" section:
+ "Somoto Toolbar"

In "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" section:
+ "Somoto Toolbar"

In "Task Scheduler" section:
+ "\AdobeAAMUpdater-1.0-flip-VAIO-flip"
+ "\ESTsoft RunAsStdUser 7898580Task"
+ "\SONY\Java Update"
+ "\SymInstallStub"

In "HKLM\System\CurrentControlSet\Services" section:
+ "WacomVKHid"
+ "vidc.444p"
+ "vidc.mpng"
+ "vidc.mvjp"

In "HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" section:
+ "Video Memory Render Filter"

Restart computer.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 ner

ner
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 21 November 2011 - 11:10 PM

all right i did that, so unchecking the auto runs will stop the pop up? Thanks again for your help.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:51 AM

Posted 21 November 2011 - 11:15 PM

so unchecking the auto runs will stop the pop up?

Did you uncheck all items? Did you restart computer?
Is the pop-up still there?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 ner

ner
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 21 November 2011 - 11:22 PM

i unchecked all of them and restarted, but the thing is, which i should have stated earlier, is that the pop up shows up at random times while surfing, its not consistent. So far since the restart it hasn't popped up. I'll keep running my browser and see what happens, i'll let you know. :thumbup2:

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:51 AM

Posted 21 November 2011 - 11:36 PM

Sounds like a plan.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 ner

ner
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 November 2011 - 12:15 AM

i think that did the trick it hasn't popped up. thanks for your time i really appreciate it.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:51 AM

Posted 22 November 2011 - 12:41 AM

You're very welcome Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users