Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this malware


  • Please log in to reply
5 replies to this topic

#1 peterlonz

peterlonz

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 March 2018 - 12:59 AM

Just deleted by Junkware Removal Tool:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F 
 
Nothing else found (and no viruses), & I see such deletions quite frequently, by either JRT or AdWarecleaner.
 
If it is malware how is it managing to get into the registry & can I stop it permanently?
 
Thanks
 
Moved from Anti-Virus, Anti-Malware, and Privacy Software

NickAu

Edited by NickAu, 25 March 2018 - 02:05 AM.
Mod edit


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:21 PM

Posted 25 March 2018 - 04:55 AM

I often see that in Windows Startups or Tasks. I suggest running a scan using Malwarebytes if you haven't done that.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

  • First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png.c04f40073c8950690b "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
    • run_command.png.b7de635070cd76eabbc0061d
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks

chrome_files_folders.png.ca8091b73232581


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:21 PM

Posted 25 March 2018 - 07:03 AM

According to Farbar Recovery Scan Tool (FRST)...
HKU\S-1-5-21-193590417-541393071-4071897925-1001\...\Run: [GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [916296 2014-11-25] (Google Inc.)

BTW...Malwarebytes Retires Popular Junkware Removal Tool Adware Cleanup Utility

Malwarebytes announced ...they have discontinued development for Junkware Removal Tool...

Junkware Removal Tool to be discontinued

Malwarebytes has chosen to discontinue Junkware Removal Tool (JRT) by announcing the end of maintenance as of October 26, 2017...Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018. If you are using JRT, we recommend switching to Malwarebytes AdwCleaner version 7 or higher. It’s free and incorporates all major JRT functionalities.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 peterlonz

peterlonz
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 March 2018 - 04:31 PM

Thanks for the responses.

 

I still don't know if it is malware. Is there any simple way to determine this?

Malwarebytes which I run frequently says "no threats detected".

 

A scan by AdWareCleaner just now advises:

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 

I have seen this before & frankly I have no idea what the heck this means (the website reference is no help).

 

Do you still advise I follow the routine suggested by Buddy? 

 

Thanks



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:21 PM

Posted 25 March 2018 - 04:41 PM

Since JRT is no longer supported, the detection could be a false positive so you can follow buddy215's instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:21 PM

Posted 25 March 2018 - 05:09 PM

If AdwCleaner or Malwarebytes found something that should be removed from Chrome and you have

synced the Chrome browsers preferences with other computers, phones, etc then you need to follow the instructions

in that link to unsync first or the adware, etc. would just be reinstalled.

 

I always recommend disabling/ deleting that item from Windows Tasks...Chrome auto launch. That's one reason I asked

to see the three lists using CCleaner.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users