Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake google chrome virus/malware can't get rid of this thing


  • This topic is locked This topic is locked
3 replies to this topic

#1 danprince10

danprince10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 13 October 2014 - 12:57 PM

Been trying everything I can to get rid of this. My PC has been running a bit slow lately, so I pulled up task manager to see what's going on. And I see all these processes entries that have a bunch of random letters for their names and in the description are listed as google chrome using up a bunch of memory and CPU power. Here is a screenshot of that.

 

sec2fs.jpg

 

.

So I right click on some of them to attempt to figure out the source, it shows them coming from users/*my user name*/appdata/locallow. Now I have 7-10 various folders in this place and inside several of them are these folders with random letters than have things referencing the google chrome icon and things like that if you go into them. So I'm sure these are the source of the corruption but of course I can't delete these folders because windows says they are in use. (Oh yea, and when you try to end the processes through task manager they will end momentarily but then just immediately pop back up). So I reboot to safe mode and the effects end. My computer is running zippy fast and these random letter things aren't showing up in the task manager. I go in and successfully delete all the garbage folders in the LocalLow folder. Reboot back to regular mode, and I think its fixed for a minute or so. But then all the random letter google chrome entries start showing up in the task manager again. (even though I'm not even running chrome). And all the folders I deleted in LocalLow have reappeared, some in different folders than they were in last time, but theres a bunch of them still there. So I go to the scanners.

 

I go back to safe mode run a full scan of malwarebytes, finds nothing.

 

Run a boot scan of avast, finds nothing.

 

Download and run combofix in safe mode and that seemingly found and fixed a bunch of messed up crap including I think it said my system file? Can't remember exactly what is said but I will attach the log.

 

So I reboot again after the combofix and it's all still happening. So here I am. Help me fix this please.

 

Edit: I see you guys say not to run combofix unless instructed to, but I did all that before even being aware of this forum as I am someone who knows a decent amount about computers and 95% of the time can fix any problems I run into on my own. But this time that was not possible, so I apologize for that.

Attached Files


Edited by danprince10, 13 October 2014 - 01:20 PM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:33 AM

Posted 18 October 2014 - 11:49 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi danprince10,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:33 AM

Posted 25 October 2014 - 02:22 PM

Hi danprince10,
 
This is a 3 day bump:
 
It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:33 AM

Posted 29 October 2014 - 04:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users