Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome announced an update: but installed "Solid Savings" lost internet connect


  • Please log in to reply
4 replies to this topic

#1 JoanneMT

JoanneMT

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:07:38 PM

Posted 17 March 2013 - 10:10 PM

Greetings: this might just be a warning. I am running Windows XP SP3 on an HP desktop.  I was on Chrome, and got a message that there was a new version available. It  looked, authentic, and I clicked the download the "new version" of Chrome. I did not uninstall the existing version.

 

I lost my "Ethernet" adapter. And even though the ISP was sending a signal, the Network settings were hosed. During a scan, I found a folder named "Solid Savings" that I'd never seen before (it was probably the malware that downloaded  during the Chrome update). I used Revo to uninstall Solid Savings (it was all over the registry), but still missing an ethernet file for my network. . So I finally decided to restore to an earlier point.which restored my connectivity, but now Chrome says it cannot find data, and wants me to uninstall and reinstall.

 

I did find some adware in Microsoft Security Essentials quarantine that I deleted.  Right now I am keeping my restore points, wanting to see if this error has been resolved;  encountered. by Bleeping and what, if anything, I should do before uninstalling Chrome (besides hopefully saving its favorites). This machine was a gift and I do not have an OS disk, only a backup/recovery disk.  I had fought to upgrade it to SP3, before MS came out with its instructions..

 

I think I found two "Hosts" files, and one is in the trash.  I have 2 PCs on the same OS, but am having so much trouble with this machine, I wonder if I should upgrade to Windows 8 so I can have a proper disk. I know I have to test this machine to see if it can handle Win 8 (or whatever is the best upgrade).  I still see lots of MS 8 error cases, so they seem to be allowing their cutomers to test it.

 

If someone gets a chance to read this and thinks of something I should do before uninstalling Chrome; please advise. I also wanted to warn Bleeping about this threat.

 

Thank you for your time reading this.

 

Best wishes.


Edited by hamluis, 18 March 2013 - 06:31 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:38 AM

Posted 17 March 2013 - 10:55 PM

Hi JoanneMT -

Just as a quick extra, these 2 cleanup tools may also make sure that you have removed most of it - 

 

Download AdWare Cleaner and install it - Click on Remove if you have an old version and reinstall it -
Close all open programs and browsers as the program will reboot your computer
NOTE: You may need to disable your Antivirus while this runs Information on A/V control (temp disable) HERE if needed
XP users Double click on the program to run it
Note: Vista and Windows users, Right click and select Run as Admin......
Select DELETE
Confirm each time with OK
Your computer will Reboot and a notepad text will show the results
Please post that back here, but only if you wish to -

 

Also - Junkware Removal Tooll by thisisu
If you have an earlier version, remove it first and download a fresh copy of the tool

Download Junkware Removal Tool
Disable your Antivirus program if required
For vista and windows 7 right click on the tool and select run as administrator
After the scan is completed, post the generated log here if you wish to -

 

Always good to use as clean-up tools for these type of problems -  :) 



#3 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:07:38 PM

Posted 18 March 2013 - 04:07 PM

Hi Nokojon - I am in much deeper trouble than I expected, but I think I have the root causes. Reminder: this HP machine is about 5 years old and was at Win XP 1. I got it to SP2 then XP3 before MS gave us instructions. I have not done any of those repairs, and the "D:" (virtual?) drive is the OS and FAT (not NTFS) file system.. This is an HP desktop with 17 out of date drivers (I got the list from some scan I ran, found in someone elses post,and. I have I'll paste in last. The machine lost its Ethernet driver when I
1. updated Chrome and got some badware called "Solid Savings"  I uninstalled it using Revo and got it out of the Registry as well.
2. and then plugged in a Logitech Camera into one of the front USB ports. The machine recognized it immediately and it worked (I could see my bad hair) and I was connected to Facebook but there was an etherial white screen between the two and I could not set up the video-call.
 
At this point, this machine could not access the Internet, even though I had a signal from my ISP. After I restored to a point before I downloaded the fake update to Chrome, my network connections came back and I have access but it is wrong: IE crashed with a "hungapp" and it always has a little note at the bottom left of the window "done but with errors". I don't see the errors.
 
When I looked at the Network Connections settings that are on here now and at least giving me access to the Internet,
the first configuration is for Broadband which I think is wrong b/c it referred to dial-up.
the second config is Connection Manager named MSN. (I am trying to stay away from big brother, and have avoided Silverlight
The third config is Lan or High-Speed Internet. I do not run both machines plugged into my modem, because I do not want to share malware. There are two entries: "Local Area Connection" and "1394 Connection".  1394 properties is a hardware icon and "1394 Net Adapter" that I think is associated with the NIC on this machine. It also now has an option to install TCP/IP.
 
On my other machine that is working, the first configuration is "Local Area Connection "NVIDIA nForce Networking Controller". that has the option to install TCP/IP. The second option is "Network Setup Wizard" and "New Connection Wizard". 
 
Question: Is it more important for a driver to match the hardware? Or to the OSystem.? I need to know where to get my drivers updated, and if it is more important to get malware off first? 
On http://www.microsoft.com/en-us/download/details.aspx?id=19364    there might be all the updates I need forHere are the reports from the programs you advised me to run, But I failed to reboot after each run. (crowd boos) NOTE: Super Anti Spyware free edition ALWAYS finds Adware to quarantine and to delete. I must confess I ran it and it found over 100 entries.. I see the same entries being deleted and quarantined regularly.
 
Adware cleaner: I did download a new copy and disabled online scanning:
# AdwCleaner v2.115 - Logfile created 03/18/2013 at 01:44:59
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - HP-27E1513D96
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner.HP-27E1513D96\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\END
***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.172
*************************
AdwCleaner[S1].txt - [614 octets] - [18/03/2013 01:44:59]
########## EOF - C:\AdwCleaner[S1].txt - [673 octets] ##########
 
Junkware Removal Tooll by thisisu
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Microsoft Windows XP x86
Ran by HP_Owner on Mon 03/18/2013 at  1:57:19.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner.HP-27E1513D96\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner.HP-27E1513D96\Application Data\drivercure"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/18/2013 at  2:04:35.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
And finally, here are the Explorer errors I got today and the list of outdated drivers. (so sorry this is so wordy)
 
explorer error report: (hung app) after the above two scans.

C:\DOCUME~1\HP_OWN~1.HP-\LOCALS~1\Temp\WER4f49.dir00\iexplore.exe.mdmp
C:\DOCUME~1\HP_OWN~1.HP-\LOCALS~1\Temp\WER4f49.dir00\appcompat.txt
Internet explorer error ver 8.0.6001.18702 hungapp szModVer 0.0.0.0
offset 0000000
 
Here are the out of date drivers:
 
mvidia geforce 62000 SE turbocache driver update
display adapter
plug and play monitor
Linksys wireless-G PCI adapter
network adapter
Creative Audiology audio processor (WDM)
Intel 828001 GB Serial ATA Storage Controllers - 27DF
storage controller
Intel 82801 PCI Bridge - 24E
system devices
Intel 945G/P Processor to I/O Controller 2770
system devices
Intel 9456/P PCI Express Root Port 2771
Intel 82801GB LPC Interface Controller - 2788
system devices
Intel 82081GB Intel 820801GB USB Universal host controller 27C8
system devices
Intel 82081GB Intel 820801GB USB Universal host controller 27C9
system devices
Intel 82801GB USB Universal Host Controller
27CA
system devices
Intel 82801GB USB Universal Host Controller 27CB
system devices
Intel 82081GB SMBun Controller 27DA
system devices
 
eof - out of date drivers
 
Thank you for your time. I am so sorry this turned into such a long read. I tried to highlight the scan findings,

Edited by JoanneMT, 18 March 2013 - 04:11 PM.


#4 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:07:38 PM

Posted 21 March 2013 - 06:25 PM

I read about AutoRun and AutoPlay and how they spread worms and IRC backdoor Trojans using iexplore.exe file in startup entries to do their dirty work. Mine appeared to be downloaded with Google Chrome and  Windows USB Control Driver I downloaded when I installed the fake update to Chrome.  I got a great Hosts file from Grinler's write-up, and have a shortcut to it on my desktop so I can add advertisers that manage to make it through.  I used Recovery points twice to get my network connecitions working again.  Now I have a "broadband" setup but I can get online.  I didn't find a utility to run to stop iexplore.exe from executing.

 

It looks like the resolution is just to keep it from spreading...  I tried to learn about CCleaner's output.  I sort of understand what some of the entry types are for, but I do not understand  what good CCleaner does for this type of case. The filenames seem okay.  But did CC pick out only these entries because they are more than suspicious. EG: are the ones reported duplicates or do not belong in the file path they are in?

 

I can no longer see, for the third day in a row.  I do not have much personal info on this machine and I've copied it down; but I'd bet that the Worm is in my backup CD/DVD and might be in my other PC b/c I did plug them both into the modem to try and get XP to set up my network programs.

 

I have some serious work to do via internet and this problem has kept me from is.  I thought I found a link at Bleeping the first time I searched for IExplore but  I cannot find it again.

 

Any hints?  Chrome is gone and needs to be downloaded. I was lucky to have so many restore points to choose from.

 

Thanks, peeps.



#5 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:07:38 PM

Posted 24 March 2013 - 12:59 PM

Hello peeps, is the "silence" my queue to do my own research?  I've found great articles in the Library, and since I have two PCs on the sameOS I am not completely shut down.

 

Please PM me re: opening cases if I have offended. If so, I apologize and really would like a PM about it. 

 

I did download that huge Hosts file, and it might be slowing that PC down.  So on this machine, I am going to run Adware cleaner and post all its findings to my hosts file and see how that works. It's so nice to not see those advertisements.

 

News re: Secunia-- I found several activeX "programs" in Secunia that were being updated.  Until I could do the research, I disabled updating these things.  Secunia should probably be watched for what programs it is updating; I found several being updated that do not appear on my Programs list or in Revo uninstaller.  Any comments on that? Or is there a place to post "warnings" that the moderators can review?

 

The "Solid Savings" download from an update to Chrome really did mess up my network connections on the HP.  And I think the answer to my problem here is the TCPView program to see who is in my PC.  I've since downloaded Firefox and like it a bunch.

 

If appropriate, this case can be closed.  

 

Thank you for your help on this, Aussie Addict.  I do appreciate the info on when to delete and create a new program. Is that sort of a rule of thumb on the free downloads?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users