Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple google chrome found in task manager on computer


  • This topic is locked This topic is locked
5 replies to this topic

#1 EvilAxis

EvilAxis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 07 January 2015 - 10:14 PM

hello I have been playing with this multiple google chrome processes in task manager past few days it is malware but haven't been successful in removing it I have traced file to multiple disguised fake folders it created saved the location in note pad and booted computer in safe mode deleted the folder only to have it reappear in a new folder it created.  done this three times before investigating more on line about the issue. if im understanding correctly it requires a more practiced hand than my own to fully remove it I will post a farbar txt of its findings in this chat and if anyone is available to walk me through how to remove it I would greatly appreciate your time and help I hate  to say this but I really admire this one normally I can handle basic malware but this is really out of my league

I work during the day Monday through Friday 8 to 5 so any time during evenings or weekends I can really spend time and get this removed with a practiced hand

sincerely

EvilAxis

 

this is the current paths the infected folders took while I vainly tried to remove it doing the find folder reboot in  safemode and delete its  made quite a journey and is really a amazing little bug

 

1st attempt original location    C:\Users\Jason\AppData\LocalLow\AVG SafeGuard toolbar\Iqlhknlcn\Dyzpbxtjfb

 

jumped after safe mode delete and reboot

 

2nd  location               C:\Users\Jason\AppData\LocalLow\Microsoft\Iqlhknlcn\Dyzpbxtjfb

 

jumped after safe mode delete and reboot

 

3rd  location               C:\Users\Jason\AppData\LocalLow\EmieUserList\Iqlhknlcn\Dyzpbxtjfb           oh yea its in hidden folder now as well ...fun fun

 

 

Attached Files

  • Attached File  FRST.txt   44.13KB   3 downloads


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 AM

Posted 08 January 2015 - 06:51 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Please post the addition.txt as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 EvilAxis

EvilAxis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 08 January 2015 - 08:18 PM

Hello Marius

 

I thank you for the quick response to my plea for help ....I finally broke down and purchased Bitdefender . I normally do not use the anti virus programs due to the lag it has on devices in the past thanks to AVG it ruined me for a while. after reading reviews I forked over the money got a great deal for Bitdefender plus 2015 only cost me 24.99 from a website. I installed it and ran it through its removal tools and it took care of 3 items I had not found and also the multiple chrome apps bogging down my system. I am currently goingto see if the issues remain solved at this point and will not take up your time. if by chance they do return I shall take you up on your offer with a new post of a problem if it occurs.

Sincerely

 

EvilAxis

 

BitDefender is awesome............



#4 EvilAxis

EvilAxis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 08 January 2015 - 08:26 PM

here are the scans from farbar after bit defender did its removals I do not see the virus at all

 

 

 

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 AM

Posted 09 January 2015 - 07:44 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 AM

Posted 21 January 2015 - 06:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users