Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot end processes in Task Manager; Chrome related


  • Please log in to reply
5 replies to this topic

#1 jbhere

jbhere

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 06 November 2014 - 04:42 PM

OS: Windows 7 Home Premium SP1

 

Avast antivirus keeps popping up with a message that it has shielded my computer from an executable file named yogozjvdaoeg.exe 

I have searched online for references to this, and cannot find a thing.

 

Chrome had also begun launching itself randomly. 

I went into Task Manager and discovered 12 instances of this file running, with a reference to Google Chrome.  I tried ending these processes, and for every one I ended, another one (or more) would start immediately.  

I have uninstalled Google Chrome, and still these processes are running, with no way to end them. 

I tried using Taskkill, but again, for every instance killed, a whole new set would start up immediately.

 

I went to the file location (see image) and tried manually deleting it, but it states that Chrome is running, so it cannot be deleted.  Chrome is not running, it has been uninstalled.

Chromeprocessesfilelocation_zpsd6620a96.

 

Is this a Chrome thing, or could it be malware?  I ran Malwarebytes, and it did not find anything.

 

Thank you for any help you can give.

 



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 06 November 2014 - 07:22 PM

Hi jbhere and :welcome:

 

yogozjvdaoeg.exe

Upload here - https://www.virustotal.com/en/

Post link of result.

 

Thank you!



#3 jbhere

jbhere
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 07 November 2014 - 05:22 PM

Thank you, Alex&Vanko.  Here is the result link:

https://www.virustotal.com/en/file/70010eba09129858af32f03079e70e974ebff8700f5f93dca2ec8a6b0991e2ac/analysis/

 

The results look so innocent. 

 

However, today, Chrome started appearing in the taskbar, with multiple popup messages: 

"Google Chrome cannot read and write to its data directory."  I close the messages, and they reopen.



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 07 November 2014 - 05:52 PM

icon1337347931.pngPlease download RKill by Grinler HERE and save it to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.
 

icon1348768721.jpgDownload Screen317 Security Check HERE and save it to your Desktop or HERE
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

icon1337954655.pngPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

icon1337952077.pngPlease download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

logo.jpgDownload Malwarebytes Anti-Rootkit HERE
    Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Double click on downloaded file. OK self extracting prompt.
    MBAR will start. Click "Next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    "mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"
 

Thank you!


Edited by Alex&Vanko, 07 November 2014 - 05:53 PM.


#5 jbhere

jbhere
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 08 November 2014 - 10:53 AM

Well, here's a funny thing.  I updated CCleaner last night, and ran it before I shut off the computer for the night.

This morning, I turned it on, and checked Task Manager first thing; guess what, the Chrome processes are gone.

The file referenced above is gone, too.

Do you think I should still run the programs you listed?  I really appreciate how much time you have spent on this.



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 08 November 2014 - 01:18 PM

You decide.This executable is clean.

 

Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users