Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DealEExpress, Unknown File Type found in many folders on System


  • Please log in to reply
6 replies to this topic

#1 danielle.skinner

danielle.skinner

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 24 August 2015 - 06:29 PM

Earlier today one of your members was kind enough to help me remove the DNSUnlocker malware that has infiltrated my system. Previous to that I had run AdwCleaner, Malwarebytes, Junk Removal, eScan, and others, removing a lot of junk in the process. This morning while browsing through my temp files I found an entry with the file type "DealEExpress", which looked very much like the names of some of the malware I had just nuked.

 

On a whim I decided to run a search for that name, and it brought up 40 entries of that file type (see screencap), all of various sizes and in all sorts of innocuous places like iTunes, Photoshop Plugins, and The Sims 2.

 

Would it be safe to just manually delete these? None of my virus scans picked them up, but they don't seem right to me.

 

Thanks very much for your help.

 

DealEExpress_2_zpstevnw7qh.jpg



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 AM

Posted 25 August 2015 - 02:47 PM

Or run TFC...

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 danielle.skinner

danielle.skinner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 25 August 2015 - 05:06 PM

It has been done, boopme. No prompt to reboot.

 

I have done a little further digging, and the following registry keys exist on my machine:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\. (Data: DealEExpress)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\..10 (Data: GoSAove)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\..9 (Data: DealEExpress)

HKEY_CLASSES_ROOT\.

HKEY_CLASSES_ROOT\..10

HKEY_CLASSES_ROOT\..9

 

For instance, "sentinal" (according to Apple) is a normal integrity file that is updated when the iTunes library is updated, but it should not be this file type. Neither should it be in any of my game folders, etc. My only concern is that this is something that will execute the next time I run iTunes, etc. Am I being paranoid?

 

Thank you for all your help!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 AM

Posted 25 August 2015 - 08:11 PM

Update and run Malwarebytes once more and see if it removes them for you first
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 danielle.skinner

danielle.skinner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 26 August 2015 - 08:10 PM

Boopme, Malwarebytes did not flag any suspicious registry files, however running CC Cleaner flagged the above ones from my previous comment as an "ActiveX/COM Issue". I am unsure what registry keys will be safe to let it delete. Some are obvious, some not so much.


Edited by danielle.skinner, 26 August 2015 - 08:18 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 AM

Posted 27 August 2015 - 12:40 PM

Let me get a second opinion
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 AM

Posted 31 August 2015 - 10:53 AM

Ok it would be OK o remove those.. either back up the registry first or make a new restore point so if something goes wrong you can go back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users