Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HitmanPro picked up UpdateTask.exe? Riskware? (Adware.DealPly.D?)


  • Please log in to reply
25 replies to this topic

#1 Dieselz

Dieselz

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 February 2014 - 05:24 PM

Hello, recently my computer was attacked by a virus/trojan but I was protected by AVAST (i have terminated it using it).

 

I plan on cleaning up my PC to make sure it had left no damage. I ran a few Malwarebyte scans to clean up most of the files and it has (Mostly PUPs from what I remeber). Today I Ran a full scan and it has found nothing so I decided to use other programs to seek out other files,

 

Shortly after I installed Hitman Pro (3.7.9) and ran a scan, it has picked up a bunch of cookie trackers and a riskware titled "UpdateTask.exe" and labeled underneath it said "Adware.Deaply.D" twice with two different icons.

 

I labeled it as quarantine and clicked next, and the program froze shortly for me (was still able to move my cursor), I restarted my computer while it froze and now it is idle/working. I have not ran another scan on Hitman or MALWAREBYTES.

 

I am really clueless about this so I did some research and found a similar thread to mine:

http://www.bleepingcomputer.com/forums/t/521229/adwaredealplyd-dangerous/

 

Do I have the same problem and should I follow the same steps?

Or is UpdateTask.exe friendly? is it a toobar?

 

can you provide me with other cleaning programs to make sure my computer is clear and clean?

 

Thank you

(i may not be able to respond tomorrow (28th Febuary) due to having a new PSU installed in my computer but maybe later in the day)

 

(I have a laptop and a PC)

 

PC:

I use Windows 8

Firefox

Mcafee Paid membership

AVAST free

Malwarebytes free

 



BC AdBot (Login to Remove)

 


m

#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 27 February 2014 - 06:56 PM

I think that this UpdateTask.exe has come from the programs Ask Toolbar, KMPlayer Toolbar and PandoraTV Toolbar which I suppose you had installed.Next time you can use for example freeware version of Anvir Task manager - http://www.anvir.com/download.htm

not to hesitate.Just locate the process,right click on it and upload and it will be brought up to VirusTotal.

You can check your system with Superantispyware - http://www.bleepingcomputer.com/download/superantispyware/

and Emergency kit - http://www.bleepingcomputer.com/download/emsisoft-emergency-kit/

To get rid of this toolbars I am sure you need a AdwCleaner - http://www.bleepingcomputer.com/download/adwcleaner/

About those illegal or malignant toolbars first is well to uninstall them by standard way.


Edited by Alex&Vanko, 27 February 2014 - 07:09 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 AM

Posted 27 February 2014 - 06:59 PM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
.
4. As a final step, rescan again with Malwarebytes Anti-Malware and post the log. They are automatically saved and can be viewed by clicking the Logs tab.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 27 February 2014 - 07:16 PM

quietman7 :thumbup2:  absolutely agree with you!



#5 Dieselz

Dieselz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 February 2014 - 07:48 PM

it posted the log to my desktop, is this it?
oh, and before you posted your guide i ran a scan of Adwcleaner as the 2nd post suggested, i should have a log of the scan (Before this)

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/28/2014 12:39:02 AM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/28/2014 12:40:03 AM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)

Edited by Dieselz, 27 February 2014 - 07:49 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 AM

Posted 27 February 2014 - 07:54 PM


AdwCleaner should have created a folder located at C:\AdwCleaner. AdwCleaner.txt logs are all stored in that folder including the Cleaning report log. Please copy and paste the contents of AdwCleaner[S0].txt in your next reply for review.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Dieselz

Dieselz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 February 2014 - 08:08 PM

i ran adw cleaner (i have it notify me if i want to make changes but i didnt run as admin....Im the only user on this pc)  ...so it said i have found some files, but they were not visible in the table in the below, but i still clicked on clean. here is the first scan i did:

 

# AdwCleaner v3.020 - Report created 28/02/2014 at 00:06:03
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Ross - ROSS
# Running from : C:\Users\Ross\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Ross\AppData\Local\genienext
Folder Deleted : C:\Users\Ross\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Ross\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Ross\Documents\Mobogenie
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\pf8qztt7.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [2769 octets] - [28/02/2014 00:03:03]
AdwCleaner[S0].txt - [2212 octets] - [28/02/2014 00:06:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2272 octets] ##########
 

 

ahh, wajam.. that was installed on here, i removed the files with malwarebytes some time ago.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 AM

Posted 27 February 2014 - 08:12 PM

Now run JRT.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Dieselz

Dieselz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 February 2014 - 08:31 PM

It took some time to check registry, here are the results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Ross on 28/02/2014 at  1:17:11.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/02/2014 at  1:28:59.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 AM

Posted 27 February 2014 - 08:49 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.


-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Dieselz

Dieselz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 February 2014 - 09:07 PM

I'm at Computer scan settings/Start, It says another antivirus software was detected, May affect the performance and quality of the scan.

Those two antivirus programs being:

 

Avast! Free Antivirus

Mcafee Antivirus plus

 

Should I ignore this and change the settings/Advances settings and continue?



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 AM

Posted 27 February 2014 - 09:24 PM

Are you using both Avast! Free Antivirus and Mcafee Antivirus Plus? If so, see the IMPORTANT NOTE about not using more than one anti-virus program in this topic: Choosing an Anti-Virus Program

-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. In some cases you may have to disable the real-time protection components of your existing anti-virus if you encounter a problem and try running the scan again. If you do this, remember to turn them back on after you are finished..
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Dieselz

Dieselz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 February 2014 - 09:55 PM

Sorry for the late reply

 

I am able to disable real time scanning on MCAFEE but I need assistance on disabling AVAST! Free antivirus realtime scanning. :unsure:

 

I'm not very used to the program, i am recently new to it, it came installed on the computer when i purchased it from someone else.

(i plan on removing it soon)
 



#14 Dieselz

Dieselz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 February 2014 - 10:23 PM

I may have found a way (My apologies for my lack of knowledge)

 

In Avast status monitoring there are Three shields (File System,Mail and Web Shields).

Are these the Real-time scanners? shall I disable all three and continue on with the ESET scan?



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 27 February 2014 - 10:36 PM

You need to uninstall one of the antivirus applications. When you choose which one to remove run the removal tool after and reboot.

http://kb.eset.com/esetkb/index?page=content&id=SOLN146

 

Then carry out the rest of Quietmans instructions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users