Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? goopdateres_xx.dll


  • Please log in to reply
5 replies to this topic

#1 JulesRuby

JulesRuby

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 02 June 2015 - 11:51 PM

Hey guys,

 

I'm wondering if I have some form of malicious infection. Every so often, I get a collection of active guard warnings from my Avira AntiVir. They list a series of files that are goopdateres, and stating that they are TR/Crypt.XPACK.Gen3 Trojans.

 

C:\Users\Account\AppData\Local\Temp\...\goopdateres_da.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_de.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_en.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_ca.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_bn.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_cs.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_am.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_bg.dll

C:\Users\Account\AppData\Local\Temp\...\goopdateres_ar.dll

 

Are the files that pop up, and if I attempt to delete or deny access, the pop-up warning is immediately replaced by a new one. It is possible to get them to stop coming up after persistent denial/deletion. However they always resurface almost a set time later.

 

I ran a a few scans, using different spywhere detection/removal programs. Which hasn't really helped the situation. I got to reading around online about the file name. Some sources are saying that it's just google updater essentially getting frisky with the actives guards security limits, causing false positives. I'd like to actually have a professional opinion on the matter, though. Any advice/help that anyone could offer to clear this up would be very much appreciated.

 

Thank you!



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 03 June 2015 - 04:29 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 JulesRuby

JulesRuby
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 07 June 2015 - 08:43 PM

Alright, so I got around to all of these step. Except after the last step, my computer rebooted. Once I hit the login screen to enter my password, my keyboard and mouse cease to function. They work in the BIOS menu, and I checked to ensure that my USB port were enabled at boot-up. Which they were, but I just can't login anymore, essentially. Any advice you could offer would be appreciated.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 07 June 2015 - 09:12 PM

So Adware cleaner has caused this issue, try a system restore from the recovery console.

http://www.bleepingcomputer.com/tutorials/windows-7-recovery-environment-command-prompt/



#5 JulesRuby

JulesRuby
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 19 June 2015 - 12:58 PM

Sorry for my slow responses, I'm really busy with work lately. So I don't find the time to act on this very quickly.

Well, I looked at the link informing me of how to do a restore. However, I'm currently using Vista (I know :/), and I lack an installation CD. I think I may have a recovery partition on my HDD though. I tried to boot into restore mode and select the last "good" configuration option. It lead to the same results. I am still stuck with not mouse or keyboard use at the login screen. I think I saw another recovery option besides the last good configuration one. However I didn't want to use it, because I'm not totally sure how that one in particular works.

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 AM

Posted 19 June 2015 - 08:28 PM

post a new thread in the virus removal area, they have experts that deal with this sort of issue,

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

 

Even though you can not get the logs just create  a new thread there,.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users