Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0% complete box with green bar upon startup on my desktop


  • Please log in to reply
10 replies to this topic

#1 jidicavu

jidicavu

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 PM

Posted 30 June 2017 - 03:55 PM

Hello,

 

Thanks for reading my post. I'm using Windows 10 & Chrome. Google & searching here didn't return my problem. T is:

  • A rectangle (box) keeps popping up on my desktop whenever I start my laptop. 
  • It reads "0% complete" & has a half green bar below it,  and the green color fills up fast from left to right and then this pop up disappears. 
  • It lasts about 2 seconds so I couldn't screen capture it.  

I'd like to know whether you think I might be infected or whether it's part of one of the programs I have downloaded. They are:

  1. AdBlock
  2. Malawarebytes
  3. Keyscrambler
  4. Windows Media Encoder
  5. WildTangent (1 legit trial game from WT website)
  6. Windows Movie Maker (I think version 6) 
  7. CCleaner

 

 

Other programs I had downloaded but uninstalled:

  1.  hippo k-lite codec pack by FileHippo 
  2. a video file converter (??)

 

Windows Defender doesn't pick up any threats.

Malwarebytes regularly picks up some HackTool.IdleK...; I quarantine it each time then hit delete and then reappears almost every time I run MBAM. (I reboot). Back when, I googled and went in my C files and deleted it from there as well. I just ran MBAM, it picked it up again. It is: "SECOH-QAD.EXE". 

 

I'm hoping the box is part of the keyscrambler? I have used the above named programs before, except 3 & 4, and I never had this pop up when used in my old laptop. I didn't notice this box from the start of my using it, but it possibly could have been there. This laptop was given to me over a month ago, by an IT & hacker-savvy guy, and I'm wondering if there's any spying going on? He said he didn't want the laptop back, however he strangely left his user account in, password protected. I went ahead and deleted him completely about 2 weeks after he gave it to me. He also randomly & strangely stopped talking to me, shortly after I did the above alterations to the laptop, but could be coincidence. 

 

Also, I did delete the Google Chrome Remote Desktop tool early on. 

Sorry for the length, tried to make it short. 

 

(PS: I looked into downloading other protectors (kapersky, spybot, search & destroy etc.) but read 2017 reviews which claim these programs were great but are no longer good, and some are now spyware and/or useless. So I didn't download anything else.)

 

Thank you for reading and for any help.

 

I haven't rebooted yet so I could post this;

Here is the MBAM log:

 

Log Details-

Scan Date: 6/30/17

Scan Time: 1:38 PM

Log File:

Administrator: Yes

 

-Software Information-

Version: 3.1.2.1733

Components Version: 1.0.160

Update Package Version: 1.0.2265

License: Free

 

-System Information-

OS: Windows 10 (Build 10586.494)

CPU: x86

File System: NTFS

User: MyName-LAPTOP\MyName

 

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 296449

Threats Detected: 1

Threats Quarantined: 1

Time Elapsed: 7 min, 54 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 1

HackTool.IdleKMS, C:\WINDOWS\SECOH-QAD.EXE, Delete-on-Reboot, [2719], [106788],1.0.2265

 

Physical Sector: 0

(No malicious items detected)

 

 

(end)

 

 

ETA: WMM as downloaded programs

ETA: CCleaner added  (forgot I had DL'd it)


Edited by jidicavu, 30 June 2017 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 30 June 2017 - 04:06 PM

HackTool.IdleKMS -

 

https://blog.malwarebytes.com/detections/hacktool-autokms/

 

Malwarebytes states...

 

HackTool.AutoKMS is the detection for tools that are intended to enable the illegal use of Microsoft products like Windows and Office.


Edited by jwoods301, 30 June 2017 - 04:08 PM.


#3 jidicavu

jidicavu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 PM

Posted 30 June 2017 - 04:23 PM

Oh yes, thank you, I had seen that page before! :) It got me confused at first (why would anyone choose to leave it? Am I safe deleting it?) but each time I do delete, it comes back! The first time I deleted one, it was linked to his account, the date of infection was 2015. 

 

Any idea at all what is the rectangle pop up that goes 0% complete? (I guess the 0% goes to 100% when it disappears, it happens so fast, I can't read the whole thing but this I know, SFAICS: there's no indication on the box as to what program it pertains to). 

Is anyone familiar with KeyScrambler and would that be the cause? I sort of doubt it because when I type here, right above, it has a pale green bar with a gold K and it says "Personal   Encrypting:" I did download it from the legit Qfx website. I also have never downloaded any torrent thingy and I don't visit torrent pages. Thanks. 

ETA: I forgot!! I have also downloaded CCleaner. 

But I had it on my former machine and never did I have the 0% Complete pop up box on desktop.


Edited by jidicavu, 30 June 2017 - 04:30 PM.


#4 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 30 June 2017 - 04:30 PM

It would probably be best at this point to send you over to the Virus, Trojan, Spyware, and Malware Removal Logs forum.

Please read the Preparation Guide before proceeding.

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/



#5 jidicavu

jidicavu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 PM

Posted 30 June 2017 - 04:32 PM

Thank you. Do you mean you want me to copy paste my OP at that forum?
Or should I wait till a mod moves this thread there? 


Edited by jidicavu, 30 June 2017 - 04:34 PM.


#6 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 30 June 2017 - 04:35 PM

Thank you. Do you mean you want me to copy paste my OP at that forum?
Or should I wait till a mod moves this thread there? 

 

Read the Preparation Guide and then start a new thread there.



#7 jidicavu

jidicavu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 PM

Posted 30 June 2017 - 04:43 PM

Ok, thank you for all your replies, much appreciated.  
I have this page open:

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

I have to take the time to read this and understand it. As I am working right now, I cannot do it right this moment. I also must prepare things to back up my files on my end which means it's gonna take me a while to gather what I need. So I'm looking at a few days here.

In the interim, is there anyone here who could please tell me what this pop up box described in my title and OP is

Or are you convinced it's the HackTool thingy? This HT has been detected by MBAM from day 1 (meaning the day that I acquired this laptop), however I don't think the 0% Complete pop up (which does look like a Windows box, btw, with the Windows blue frame on top) was there day 1. 



#8 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 30 June 2017 - 04:48 PM

Ok, thank you for all your replies, much appreciated.  
I have this page open:

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

I have to take the time to read this and understand it. As I am working right now, I cannot do it right this moment. I also must prepare things to back up my files on my end which means it's gonna take me a while to gather what I need. So I'm looking at a few days here.

In the interim, is there anyone here who could please tell me what this pop up box described in my title and OP is

Or are you convinced it's the HackTool thingy? This HT has been detected by MBAM from day 1 (meaning the day that I acquired this laptop), however I don't think the 0% Complete pop up (which does look like a Windows box, btw, with the Windows blue frame on top) was there day 1. 

 

It could be several things.

 

That's why you're continuing your issue in the other forum.



#9 jidicavu

jidicavu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 PM

Posted 30 June 2017 - 04:59 PM

Alright thanks again, so much for your time. I wish my mind was a bit clearer right now and I was less stressed so I could take care of it and be done. I shall return but might take me a few days. 

Thanks again! 



#10 jidicavu

jidicavu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 PM

Posted 04 July 2017 - 05:01 PM

Hello again,

My question today is: how can a hacker bypass the KeyScrambler
I'd like an answer to that, please.

 

You see, right after I posted the above OP, the next day that I started my laptop, the pop up box with the 0% complete green bar is completely GONE! I haven't had the time to deal with this instructions reading, assimilating and implying so I did nothing so far... and yet, day after day, restart after restart, that pop up no longer appears.

This leads me to believe the hacker somehow read what I posted here and got that box (or program which caused it) deleted so I wouldn't find him out! 

But, I had  and have KeyScrambler installed since before I posted this OP here. So how could he have bypassed KeyScrambler to read what websites URLs I visited and the text that I type? 



#11 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 04 July 2017 - 05:10 PM

In theory, anything can be "hacked"...

 

It could also be a legitmate program that was trying to update itself.

 

I would be interested in seeing what you have automatically starting when you boot.

 

Download and run the free Sysinternals' tool Autoruns.

 

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

Use the built-in Windows Snipping Tool to grab screen shots.

 

Include the VirusTotal checks in the extreme right hand column.

Post the images on a site such as Dropbox, Imgur, etc. and paste the links to the images in the thread.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users