Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Something is taking over admin rights, changes to programs and register

  • Please log in to reply
No replies to this topic

#1 Bibbiz


  • Members
  • 1 posts
  • Local time:08:46 PM

Posted 09 September 2015 - 10:35 AM


My name is Tobias.
Im sitting on a MSI GT70 2PE Dominator Pro.
Intel Core i7-4810Q @2.8GHz (8 cpu)
12Gb memory
Nvidia GeForce GTX880M
Killer Network e2200
Windows 8.1

So my laptops story so far.
Yesterday i thought that i should update my graph card. So i downloaded the update through the nvidia software. I download the update and begin to install (fresh custom) and it prompts me for the usual restart. But when the laptop starts my extra screen dosn't work.
Thats when all hell break lose.

Side note:
I have been under the imprescion that my pc have been under some sort of malware attack, one reason was that i couldn't add extensions to Chrome.
So i made a fresh install of Chrome and added ghostery extensions, but i can't remember if i removed chrome remote desktop or videostream.

So there i am with a blacked out screen and only got my laptop.
But nvidiq dosn't start, even after a couple of minutes.
I notice a doublet of Rundll32 in taskmanager, chrome acting wierd.
Finding a googleggupdater.exe in the google folder, videostream activated as well as nvidia (but can't start it).
As i said before, i thought there was something wrong with lap. So i downloaded an ip tracker and found 3 ip's active, getting up the cmd to see where it comes from. But before i could do that i see one new ip and then it "split" into several inbounding so i decide to look that one up fast instead got ahold of the ip.

I quickly turn on recovery and set it back. But i can only set it back 2 months, but stressed out as i am i do it.
"Back" 2 months later and everything starts up fine i start up the prog & feat fast to uninstall chrome and started looking for the file googleggupdater, deleted it.
But then the fight over admin rights starts.
The time was maybe 01:00, at 05:00 i had what i thought secured my admin rights with changing the user in the regedit on the local path. But now im home and it still tries to take over.
I'm afraid to connect the pc to internet since i read the error logs in Computer Management that says Kernel-processor-power proces. 0 in group 0 limited by firmware event 37.
Perflib and perfnet trying to start different system32 dll's but the four bytes DWORD stops it. Also i think that the Virus has infected quite alot of the system.
I got some several users as well.
User folders stored in temporary locations.
So my friend is coming over so that i can at least download all your softwares that you might be needing to help me, if thats an option. I dont mind doing a recovery otherwise, but i don't know if it's safe.

If there is anything that you need me to do just tell me.

Thanks alot

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users