Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Chrome Process Malware


  • Please log in to reply
3 replies to this topic

#1 profuse101

profuse101

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 17 October 2014 - 09:49 PM

Hello,

 

I have seen a handful of people with what appears to be the same virus/malware I am suffering from on this website. I am hoping you guys can help me generate the appropriate fixlist file i need to remedy my computer of this issue.

 

I have disconnected the infected computer from the internet per reccomendation on some other posts which seems to have stopped the virus/malware from continuing to open up tons of fake chrome procceses. However I assume If I were to recconnect to the internet the problem would once again begin. have downloaded FRST in preperation to run it and share the log with you to get a head start. Any assistance you can provide to help resolve the issue would be a big help.

 

Thanks



BC AdBot (Login to Remove)

 


m

#2 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 17 October 2014 - 11:35 PM

Hello, 
 
FRST logs are not permitted in this section. However, if this is the malware I suspect, we should be able to deal with it using the following method. 

 

STEP 1
6gkmKHQ.png Autoruns

  • Please download Autoruns and save the file to your Desktop.
  • Right-Click Autoruns.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Wait until you see Ready in the bottom left corner. 
  • Click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel.
     

STEP 2
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    (
    echo Enumerating Contents of Directory. Please wait...
    echo.
    dir %userprofile%\AppData\LocalLow /s 
    echo.
    echo -== EOF ==- 
    ) 1> results.txt 2>&1
    notepad.exe results.txt
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file dirlook.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate dirlook.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • A log (results.txt) will open on your DesktopUpload the log (results.txt) to my channel.

Posted Image

#3 profuse101

profuse101
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 19 October 2014 - 01:58 PM

Hey,

 

Thank you for the speedy response and pardon my delay. I have been out of town the past day but I am now back and should respond much quicker. I have sent both the autoruns log.arn as well as the results.txt files to your channel.

 

Thanks



#4 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 19 October 2014 - 10:46 PM

Hello,

 

Your log shows obvious signs of cracked software. AutoKMS, keygens, etc. 
 
The warning below is what I provide to users with cracked software present. 

Unfortunately, I cannot provide assistance unless all cracked software is removed. This includes Microsoft Office. 

 

Another user may be prepared to provide assistance, but I cannot do so unless the software is removed. 
 

goGMWSt.gifCRACKED SOFTWARE WARNING

------------------------------

One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.


Edited by LiquidTension, 19 October 2014 - 11:27 PM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users