Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dtorzae.exe *32


  • Please log in to reply
9 replies to this topic

#1 plqazokm

plqazokm

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 12 December 2017 - 05:38 PM

I suddenly find the above named process running anywhere from 3 to 7 instances consuming large amounts of memory.

A Google search does not find any hits.

Running Windows 7 SP1

Any idea what this is and how to deal with it?

 

Thank you!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:22 PM

Posted 12 December 2017 - 07:20 PM

Welcome to BC....

 

See if you can submit the file to VirusTotal - Free Online Virus, Malware and URL Scanner  to be scanned by numerous security programs.

Don't just submit the file name...submit the entire file.

 

If nothing definitive is the result of scans at VirusTotal then run the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 15 December 2017 - 08:20 AM

Unable to upload process executable to Virus Total. Get message as follows:

"Could not access C:\Users|TallBob|AppData\Local\coeuvmd\dtorzae.exe (5)"

 

Result of scans as follows:

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 12/13/17

Scan Time: 2:47 PM

Log File: 6a6e63fc-e03e-11e7-83fd-001aa0df9e00.json

Administrator: Yes

 

-Software Information-

Version: 3.3.1.2183

Components Version: 1.0.262

Update Package Version: 1.0.3483

License: Free

 

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: TallBob-PC\Tall Bob

 

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 241213

Threats Detected: 0

(No malicious items detected)

Threats Quarantined: 0

(No malicious items detected)

Time Elapsed: 9 min, 51 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

 

(end)

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001

www.malwarebytes.org

 

Database version:

  main:    v2017.12.13.07

  rootkit: v2017.10.14.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.18837

Tall Bob :: TALLBOB-PC [administrator]

 

12/13/2017 3:03:29 PM

mbar-log-2017-12-13 (15-03-29).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 196153

Time elapsed: 26 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 13 20:43:16 2017

# Updated on 2017/29/11 by Malwarebytes

# Database: 12-13-2017.2

# Running on Windows 7 Professional (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

No malicious folders found.

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

No malicious registry entries found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries.

 

*************************

 

C:/AdwCleaner/AdwCleaner[C0].txt - [4393 B] - [2017/12/12 18:12:48]

C:/AdwCleaner/AdwCleaner[S0].txt - [6162 B] - [2017/9/20 16:18:43]

C:/AdwCleaner/AdwCleaner[S1].txt - [7073 B] - [2017/12/12 17:56:44]

C:/AdwCleaner/AdwCleaner[S2].txt - [5080 B] - [2017/12/12 18:11:38]

C:/AdwCleaner/AdwCleaner[S3].txt - [1227 B] - [2017/12/12 19:2:48]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

 

 

 

ESET results

 

C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\10.2.0.5971\wtoolex\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting

C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting

C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\9.1.0.4759\wtoolex\wpsupdate.exe_d_1c59314 a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting

C:\Users\Tall Bob\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsloft_1.0.2.2\download.7z a variant of Win32/KingSoft.D potentially unwanted application deleted

C:\Users\Tall Bob\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsloft_1.0.2.2\update.7z a variant of Win32/KingSoft.D potentially unwanted application deleted

C:\Users\Tall Bob\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsloft_1.0.2.3\download.7z a variant of Win32/KingSoft.D potentially unwanted application deleted

C:\Users\Tall Bob\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsloft_1.0.2.3\update.7z a variant of Win32/KingSoft.D potentially unwanted application deleted

C:\Users\Tall Bob\AppData\Roaming\mgyun\VRoot\CleanMaster.apk a variant of Android/DroidRooter.AC potentially unsafe application deleted

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\down\rt22_res.zip a variant of Android/Exploit.Lotoor.GW trojan deleted

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\down\rt24_res.zip a variant of Android/Exploit.Lotoor.GX trojan deleted

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\down\rt25_res.zip a variant of Android/Exploit.Lotoor.GX trojan deleted

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\down\rt26_res.zip a variant of Android/Exploit.Lotoor.GW trojan deleted

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\down\rt28_res.zip a variant of Android/Exploit.Lotoor.GW trojan deleted

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\res\rt22\getroot a variant of Android/Exploit.Lotoor.GW trojan cleaned by deleting

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\res\rt25\getroot a variant of Android/Exploit.Lotoor.GX trojan cleaned by deleting

C:\Users\Tall Bob\AppData\Roaming\Wondershare\wsroot\res\rt26\getroot a variant of Android/Exploit.Lotoor.GW trojan cleaned by deleting

C:\VTRoot\HarddiskVolume2\Program Files (x86)\Auslogics\Duplicate File Finder\Setup\SetupCustom.dll a variant of Win32/Auslogics.J potentially unwanted application cleaned by deleting

C:\VTRoot\HarddiskVolume2\Program Files (x86)\Auslogics\Registry Cleaner\RegistryCleaner.exe a variant of Win32/Auslogics.B potentially unwanted application cleaned by deleting

C:\VTRoot\HarddiskVolume2\Program Files (x86)\Auslogics\Registry Cleaner\Setup\SetupCustom.dll a variant of Win32/Auslogics.J potentially unwanted application cleaned by deleting

C:\VTRoot\HarddiskVolume2\Users\Tall Bob\Downloads\Auslogics_Duplicate_File_Finder_v6.1.3.0.exe a variant of Win32/Auslogics.J potentially unwanted application cleaned by deleting

 

 

Problem persists with multiple instances of dtorzae.exe running.

 

What  is next step?



#4 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:22 PM

Posted 15 December 2017 - 08:56 AM

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

If you have an Android smart phone you may have downloaded Android/Exploit.Lotoor from your computer to the phone.

Threat Detail | ESET Virusradar  QUOTE:

Short description

Android/Exploit.Lotoor attempts to get root access to the device.

Installation

The trojan must be downloaded and manually installed.

Other information

Android/Exploit.Lotoor attempts to get root access to the device. To gain root access it uses exploit.


Edited by buddy215, 15 December 2017 - 09:18 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 15 December 2017 - 10:12 AM

Yes, I was trying to root my android phone, but have given up.

 

Files as requested:

 

Startup:

 

No avgnt

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run crawfish "C:\Program Files (x86)\Solitary\kruse.exe"

Yes HKCU:Run magnifiers "C:\Program Files (x86)\prefectures\magnifiers.exe"

Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Yes HKLM:Run Syncios device service Anvsoft Inc. C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe

 

 

Scheduled tasks:

 

Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe -check pepperplugin

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task AupAvUpdate Innovative Solutions C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe -UPDATE

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task UninstallMonitor Innovative Solutions GRUP SRL C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe -AUSCAN

Yes Task WpsExternal_Tall Bob_20171101110828 Zhuhai Kingsoft Office Software Co.,Ltd C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external

Yes Task WpsUpdateTask_Tall Bob C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe -from=task

Yes Task {5E9BA8A2-36DB-4F24-8DC0-CE8A97CEA9F5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Tall Bob\Downloads\AcroRdrDC1700920044_en_US.exe" -d "C:\Users\Tall Bob\Downloads"

 

 

Installed programs:

 

7-Zip 16.04 (x64) Igor Pavlov 2/18/2017 4.75 MB 16.04

Adobe Flash Player 28 ActiveX Adobe Systems Incorporated 12/12/2017 8.55 MB 28.0.0.126

Adobe Flash Player 28 PPAPI Adobe Systems Incorporated 12/12/2017 8.41 MB 28.0.0.126

Advanced Uninstaller PRO - Version 12 Innovative Solutions 9/6/2017 48.4 MB 12.21.0.95

Agent Ransack x64 Mythicsoft Ltd 7/10/2015 37.0 MB 7.0.828.1

Allied Machine Insta-Code Allied Machine 11/17/2017 10.0.0.12

BleachBit BleachBit 11/17/2017 1.10

CCleaner Piriform 12/12/2017 5.38

eDrawings 2015 x64 Dassault Systèmes SolidWorks Corp 8/4/2015 173 MB 15.4.0012

Files Compare Tool 11/17/2017

Google Chrome Google Inc. 6/28/2017 63.0.3239.84

Java 8 Update 151 (64-bit) Oracle Corporation 11/9/2017 114 MB 8.0.1510.12

Java SE Development Kit 8 Update 144 (64-bit) Oracle Corporation 10/11/2017 333 MB 8.0.1440.1

Java SE Development Kit 8 Update 151 (64-bit) Oracle Corporation 11/9/2017 348 MB 8.0.1510.12

Malwarebytes version 3.3.1.2183 Malwarebytes 12/12/2017 186 MB 3.3.1.2183

Mastercam X4 CNC Software, Inc. 9/19/2017 830 MB 13.0.3.31

Mastercam X4 Maintenance Update 3 CNC Software, Inc. 9/19/2017 586 MB 13.3.0.22

Microsoft Silverlight Microsoft Corporation 6/15/2017 150 MB 5.1.50907.0

Microsoft Sync Framework 2.1 Core Components (x86) ENU Microsoft Corporation 4/23/2015 0.98 MB 2.1.1648.0

Microsoft Sync Framework 2.1 Database Providers (x86) ENU Microsoft Corporation 4/23/2015 1.04 MB 3.1.1648.0

Microsoft Sync Framework 2.1 Provider Services (x86) ENU Microsoft Corporation 4/23/2015 2.27 MB 2.1.1648.0

Microsoft USB Hub and Controller Test Tool (MUTT) v2.2 Microsoft 11/16/2017 7.02 MB 2.0

Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 6/30/2015 300 KB 8.0.56336

Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 6/27/2015 708 KB 8.0.61000

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 6/27/2015 788 KB 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 6/30/2015 788 KB 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 6/27/2015 596 KB 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 6/30/2015 600 KB 9.0.30729.6161

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 11/17/2017 17.1 MB 12.0.30501.0

Syncios 6.2.5 Anvsoft 11/17/2017 6.2.5

Unlocker 1.9.2 Cedrick Collomb 6/18/2015 1.9.2

VirusTotal Uploader 2.2 11/17/2017

VLC media player VideoLAN 11/17/2017 2.2.6

WPS Office (10.2.0.5978) Kingsoft Corp. 11/17/2017 337 MB 10.2.0.5978

ZTE 3GPhone USB Driver 5.2066.1.6 ZTE Corporation 11/14/2017 17.0 MB 5.2066.1.6

ZTE Handset USB Driver ZTE Corporation 11/14/2017 12.8 MB 5.2104.1.02B06



#6 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:22 PM

Posted 15 December 2017 - 11:29 AM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run crawfish "C:\Program Files (x86)\Solitary\kruse.exe"

Yes HKCU:Run magnifiers "C:\Program Files (x86)\prefectures\magnifiers.exe"

Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

Yes HKLM:Run Syncios device service Anvsoft Inc. C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe

 

Delete this Task: Use CCleaner by clicking on it and selecting Delete on the right.

Yes Task AupAvUpdate Innovative Solutions C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe -UPDATE

 

Disable these Tasks:

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

 

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task UninstallMonitor Innovative Solutions GRUP SRL C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe -AUSCAN

Yes Task WpsExternal_Tall Bob_20171101110828 Zhuhai Kingsoft Office Software Co.,Ltd C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external

Yes Task WpsUpdateTask_Tall Bob C:\Users\Tall Bob\AppData\Local\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe -from=task

Yes Task {5E9BA8A2-36DB-4F24-8DC0-CE8A97CEA9F5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Tall Bob\Downloads\AcroRdrDC1700920044_en_US.exe" -d "C:\Users\Tall Bob\Downloads"

 

Uninstall these programs: (Use Download Revo Uninstaller Freeware to uninstall them)

Advanced Uninstaller PRO - Version 12 Innovative Solutions 9/6/2017 48.4 MB 12.21.0.95

Java SE Development Kit 8 Update 144 (64-bit) Oracle Corporation 10/11/2017 333 MB 8.0.1440.1

WPS Office (10.2.0.5978) Kingsoft Corp. 11/17/2017 337 MB 10.2.0.5978 (A good office program...Home | LibreOffice - Free Office Suite - Fun Project - Fantastic People

 

After doing the above and rebooting the computer....let me know if those processes still appear.


Edited by buddy215, 15 December 2017 - 11:32 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 15 December 2017 - 12:37 PM

Have done as you suggested and process(es) are still running.



#8 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:22 PM

Posted 15 December 2017 - 12:56 PM

I think it best to start a new topic in the malware removal forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 plqazokm

plqazokm
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 15 December 2017 - 05:49 PM

Have started a new topic in VTSaMRL forum as you suggested.

Do not know how to link to new topic, but it has the same name as this one.

Thank you for your help; OK to close this thread.



#10 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:22 PM

Posted 15 December 2017 - 08:04 PM

Good....your new topic...dtorzae.exe *32 - Virus, Trojan, Spyware, and Malware Removal Logs

 

You're welcome...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users