Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by pcmax and 48 others, pcmax is only risk


  • Please log in to reply
15 replies to this topic

#1 bouncier

bouncier

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 26 June 2014 - 04:15 PM

Hi,

 

Upon full scan, 49 infections were found.  However there is a program called pcmax that is the culprit.  I cannot remove this program.  I contacted Microsoft but have not received response after initial.  The program claims to be MS certified.  Not. 

 

On first infection, there was a program or file called Browser Guardian.  I am unsure if pcmax and Browser Guardian came together or separately.  I managed to get rid of BG, but am stuck with pcmax.

The first I knew I was infected, my entire system started deteriorating right before my eyes.  It took me quite awhile to get clean install of windows and start building again thinking I was good.  It wiped out all but my C:/  None of my flash usb sticks were recognized and a ton of errors in the event viewer.

 

It changes the way things work- I cannot open many documents because the Outlook on Windows did not install this time nor can I find it anywhere. 

 

There are two files that I did not authorize 1-Free File Viewer and 2-Filetypeassistant

 

I am not real computer lingo savy and do not know what else you might want.

 

I have the logs EEK and FRET and Emissoft.

 

Thanks,

 

Shellie Maynard



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 PM

Posted 26 June 2014 - 07:34 PM

Hello bouncier -

 

pcmax.exe belongs to a program called PC Speed Maximizer. (Scam Program)<< My Opinion
This program is a part of Win32/Conduit.SearchProtect.O, Adware.Downloader.

 

You do not mention the programs used, but are the any logs to Copy and Paste.

 

First - This is a "basic clean-up" and we will go further depending on your answers.

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
At most the tool will usually run for about 2 minutes
Please Copy / Paste the small log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

* NOW :
Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Check the removals and see if you are OK with the list.

* Now
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.



#3 buddy215

buddy215

  • Moderator
  • 13,121 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:09 AM

Posted 27 June 2014 - 11:50 AM

Whatever programs, adware, malware you had on your computer before the 'clean reinstall of Windows' are no

longer affecting your Windows installation.

 

What version of Windows are you using?

What medium did you use to perform the clean install?

 

The problems you mention sounds more like a bad reinstall or a failing hdd.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 28 June 2014 - 12:38 AM

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/27/2014 11:35:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/27/2014 11:36:20 PM
Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)



#5 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 28 June 2014 - 02:48 AM

I ran the RKill (the black box did not flash but stayed).

 

I ran AdwCleaner (pcmax was not shown anywhere) and that is where Emissoft indicates the medium risk malware is located.  I said ok to restart.  When it restarted, nothing would come up, said "no signal".  I had to unplug to restart.  It appeared to boot and came to the window "windows did not" shut down correctly and did I want to start normal or in restore mode.  I chose normal.  Same thing happened, same actions except this time I chose restore mode.

 

It ran in this attempted restore mode for for 40 minutes minimum.  Nothing happened so I pulled the plug.

 

A little more history --

 

I recall reference to the MBR but I cannot say what or when.  It was obviously between now and clean install.

 

I have had numerous BSOD before reinstall and after, including one this afternoon.  I shut down and left.  When I returned and turned on computer, the normal windows did not shut down and error - go to minidump and ...

 

I went.  Only file in minidump needed a special program to open it.  Went to look for other file:  c:\users\bouncier\AppData\Local\temp\WER-45037-0.sysdata.xml 

 

There was no such file.

 

I am running Windows 7 Home Premium, I believe SP1.  IE11, and have been so careful since reinstall because I didn't want this to happen again. 

 

I did not download pcmax or speedial, and always uncheck the third party boxes because I don't want this garbage on my system.  I make my living online and without computer, I'm done!"File Type Assistant" which also showed up outta nowhere.  I deleted this folder with the uninstall in the folder prior to coming to see you this evening. 

 

I removed the speeddial and have tried to remove pcmax but it will not come off!

 

In response to comments/questions above from you -

 

My install was from the disk that I used 2 years ago and everything has been perfect until about a month ago when this all started.

 

I purchased an external harddrive hoping that might help avoid this problem but not so far.

 

I am on laptop which will suffice for now but...

 

Any help here?  What about Hiren's MBR tool?  Anything. 

 

If I have to start over, can you  give me guidance about partitioning?  so that if something there, it will be locked out. 

 

Maybe I should just get a new HD (pretty spendy huh)?  If I do this, will the bug/risk/malware be hiding somewhere other than the HD?

 

Thank you very much for your help and advice/guidance.

 

bouncier



#6 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 28 June 2014 - 02:50 AM

oh yes, I had logs that were prepared to submit this to your virus removal help, but I think they are gone with the rest of my files...unless you know how to get it back up??

 

Thanks again



#7 buddy215

buddy215

  • Moderator
  • 13,121 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:09 AM

Posted 28 June 2014 - 08:46 AM

If the DVD you used to install Windows 7 was a legit Windows install Disk or a DVD you created when the

computer was new, then it is more likely that you have either a bad hdd or bad install of Windows.

 

As I understand it, you did a complete CLEAN INSTALL of Windows 7. That would reformat your hdd and install

Windows using the entire drive except possibly the hidden partition that contains a backup of the original Windows software

and the manufacturer's software specific to your computer that the manufacturer installed.

 

I suggest either doing another reinstall (be sure no external drives are connected to computer during install) to test the existing 

drive or biting the bullet and getting a new hdd and install Windows 7.....if the medium you are using is legit.

 

Once installed go immediately to Windows Updates and update the computer. If all goes well you can begin adding programs. 

I suggest you look at the programs offered at Ninite - Install or Update Multiple Apps at Once first as the programs they host

are adware free....unlike almost all other sites including the home sites of programs.

 

It would also be a good idea to reset your modem and router by turning off power to both, waiting a minute then turning power back on.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 PM

Posted 28 June 2014 - 04:50 PM

>> I ran the RKill (the black box did not flash but stayed) << It may show for 1 minute (will edit my text)

 

>> I ran AdwCleaner (pcmax was not shown anywhere) << It exists under several names, so we ask for a log.

A reboot is the only way that AdwCleaner removes the problems to quarantine.

 

>> Upon full scan, 49 infections were found. << I did mean, What program(s) found 49 infections. I can run any scam registry cleaner and find 50 to 150 problems at any time.

 

Please follow the ideas from buddy above also -



#9 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 29 June 2014 - 12:01 AM

i have been trying to follow what you have suggested.  Upon trying to reinstall, it appears that all drivers are missing.  Is this a hd meltdown?

 

Yes, the install disk is legit.  I  have a second disk that I am trying, it said Boot___ is missing.  Attempting to find more.  

 

I used Emissoft to detect the errors.  I ran AdwCleaner after RKill, that's when the whole thing shut down so all logs are lost.

 

If you have other suggestions, I welcome.  If I find solution, Ill let you know.  If cannot get running by Monday, I will have to get new hd.  Any idea on brand, cost, size?



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 PM

Posted 29 June 2014 - 12:24 AM

Any idea on brand, cost, size? << Totally depends on your location.

 

Yes, the install disk is legit.  I  have a second disk that I am trying, it said Boot___ is missing.  Attempting to find more.  << Please Note:

You can only INSTALL once from 1 DVD or set of DVDs and not from someone else's install DVD. I contacted my Toshiba dealer for Reinstall DVDs when mine went "funny" (only $40 odd dollars here delivered in 1 day) But I needed my Reg Numbers to quote to them.

 

Just to clear this up at the start, each PC must only have a single registered license number, so if you use another disk, you are hijacking their install property. When you try to register it the numbers / letters will match another install and both will be declared illegal.



#11 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 29 June 2014 - 06:41 PM

It is my understanding that you can purchase additional licenses. My son had 3 on this when he purchased it.  Now, by disks above, the first reference was to the install, the second reference to disk was hard drive, my mistake.  I have successfully, thus far, got the other hard drive to load.  So, my last questions are

 

1   Can "AdwCleaner and RKill be effective all the time when trying to maintain system?  I mean could I use them now and have them get rid of bugs?

 

Thank you,  I appreciate all of your help.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 PM

Posted 29 June 2014 - 08:01 PM

>> It is my understanding that you can purchase additional licenses. My son had 3 on this when he purchased it. << This is best to check with Microsoft with yours and his.

 

>> Can "AdwCleaner and RKill be effective all the time when trying to maintain system?<< I have never had any problem, unless the install was not correct.

 

I would (personally) run RKill as it is an "internal B.C. program" and is a tool that covers many options.

EDIT for typo -


Edited by noknojon, 29 June 2014 - 08:02 PM.


#13 buddy215

buddy215

  • Moderator
  • 13,121 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:09 AM

Posted 29 June 2014 - 09:18 PM

AdwCleaner updates by uninstalling and reinstalling. RKill will stop processes from running but does not remove them.

 

If you are looking to protect in real time...not just removing malware after getting infected....then MalwareBytes AntiMalware

premium would be a good choice.

There are a few free to use antivirus programs such as Avast that will protect in real time.

 

There is one website where you can download many popular programs that do not contain adware like almost all free to use

programs and many browser add-ons have these days. Ninite - Install or Update Multiple Apps at Once

 

QUOTE:  RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill. For a list of changes in Rkill, please see the change log at the bottom of this post.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice.

 

SOURCE: RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus and Anti-Malware Software


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 PM

Posted 29 June 2014 - 09:28 PM

http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/page-55#entry3391795

My reply was based on this post and then the following responses from quietman7 and Grinler

 

 

The SOURCE: from buddy was the original introduction on RKill program. It has been upgraded several times and versions since then. A new version was just released .........


Edited by noknojon, 29 June 2014 - 09:33 PM.


#15 bouncier

bouncier
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 30 June 2014 - 05:31 AM

Thank you all.  I have learned something anyway and hopefully won't stop there.  I appreciate your comments, expertise and time!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users