Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

App is preventing shutdown “G.exe”


  • Please log in to reply
23 replies to this topic

#16 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:59 AM

Posted 05 February 2018 - 11:02 AM

This Trojan should have been found by Malwarebytes or the ESET Online scan.  Did you leave RKill running through all of the scans?  If you didn't I would suggest restarting RKill and don't restart the computer until you have run Malwarebytes and the ESET Online scanner.

 

If you read the introduction for RKill you would have found that this program helps to prevent malicious software from interfering with other security scans.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


BC AdBot (Login to Remove)

 


#17 Overflowbr

Overflowbr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 05 February 2018 - 12:49 PM

Dear Dc3,

 

i did all the steps again without reboting following your instructions, the ESET and Malwarebytes didnt find anything but the tdskiller found an hidden service with the "Loaded Modules" checkbox, the problem is that every time i selected to delete but its does not do anytthing and its begins a Loop.

 

Another strange thing, after trying to reboot its show another app:

 

*I tried to upload the image or reference with Image tag, but i got an error mensage that im not allowed to post images in this forum, so i have uploaded to imgur:

 

https://imgur.com/a/hedwO


Edited by Overflowbr, 05 February 2018 - 12:53 PM.


#18 Overflowbr

Overflowbr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 05 February 2018 - 12:55 PM

15:14:12.0959 9080  ============================================================
15:14:12.0959 9080  Scan finished
15:14:12.0959 9080  ============================================================
15:14:12.0967 8796  Detected object count: 1
15:14:12.0967 8796  Actual detected object count: 1
15:14:33.0329 8796  HKLM\SYSTEM\ControlSet001\services\06880071 - will be deleted on reboot
15:14:33.0349 8796  C:\Windows\system32\drivers\42881138.sys - will be deleted on reboot
15:14:33.0349 8796  06880071 ( HiddenService.Multi.Generic ) - User select action: Delete 
15:14:37.0531 6740  Deinitialize success


#19 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:59 AM

Posted 05 February 2018 - 01:28 PM

alGl4NP.png


Edited by dc3, 05 February 2018 - 01:32 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#20 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:59 AM

Posted 05 February 2018 - 01:38 PM

The firs link is unedited from imgur. The second image shows what was needed to be added to produce the third image.
 
 
https://imgur.com/alGl4NP
 
 
[IMG=https://imgur.com/alGl4NP.png]
 
When the link is posted normally you would see the following.
 
alGl4NP.png

Edited by dc3, 05 February 2018 - 01:40 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#21 Overflowbr

Overflowbr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 05 February 2018 - 02:13 PM

[IMG=https://i.imgur.com/pqwQMTE.jpg]

 

pqwQMTE.jpg


Edited by Overflowbr, 05 February 2018 - 02:14 PM.


#22 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:59 AM

Posted 05 February 2018 - 02:18 PM

Wrong:  [IMG=https://i.imgur.com/pqwQMTE.jpg]

 

It should be IMG=https://i.imgur.com/pqwWMTE.png]

 

I left the open bracket open so you would be able to see the whole link.  There should be Open bracket like the following [IMG=https: etc.


Edited by dc3, 05 February 2018 - 02:20 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#23 Overflowbr

Overflowbr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 06 February 2018 - 07:06 PM

Dc3,

 

There is anything else that i can do to remove or find this G.exe app?



#24 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:59 AM

Posted 07 February 2018 - 10:18 AM

Is the computer still having problems shutting down?

 

Open the Control Panel, select Programs and Features.  Look for the G.exe or HiddenObject.Multi.Generic.  Uninstall it if you find it in the list of programs.

 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users