Need quick answer plz

mrsphxbabe

mrsphxbabe

Member
Have a google chrome virus. I uninstalled google chrome, but I still have 10 of them running in my task manager. I cant delete or stop the process, or it just opens 5 more of them. I ran Norton 360, but it comes back with nothing.
I located the file but I cant delete it C:\Users\me\AppData\LocalLow\Apple Computer\Sqsomidrbof\Fqglgdm. its taking up mass CPU usage. plz help thanks
 
Let's start with the basics.


1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
I've seen this with multiple Firefox processes. The above apps should solve it, but if not there might be a script file auto running that starts the Chorme process. I would try Starupcpl and locate the .exe or the script that is starting the chrome process. Autoruns could be used to find startup items too. Then use everything.exe to locate the script file and delete it along with the chorme.exe. You might have to use unlocker.

http://www.majorgeeks.com/files/details/unlocker.html

https://web.archive.org/web/20131106030702/http://www.mlin.net/StartupCPL.shtml

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

http://www.voidtools.com/downloads/
 
Last edited:
I was finally able to get rid of it, but it also installed a Microsoft program called share work space. was I hacked? I used the SUPERAntiSpyware and used the force delete part of it to get rid of the programs. Is there anything else I need to worry about? and do you think my personal information was taken and /or a keylogger installed? I use Norton 360. Is there anyway for me to be sure my system is secure without having to reinstall windows? Thanks for your quick advice.
 
Malwarebytes Log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/19/2014
Scan Time: 10:27:49 AM
Logfile: mallog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.19.07
Rootkit Database: v2014.10.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: me

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326187
Time Elapsed: 7 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent, HKU\S-1-5-21-2796092854-2641504923-1574623374-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Fwsnwlcofph, regsvr32.exe /s "C:\Users\me\AppData\Local\Warframe\Fwsnwlcofph.dll", , [2c9ea372b4c8241259c2d3f16e95d828]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.OptimumInstaller.A, C:\Users\me\Downloads\Setup.exe, , [b2188c89443856e074444d159f6225db],
Trojan.Agent, C:\Users\me\AppData\Local\Warframe\Fwsnwlcofph.dll, , [2c9ea372b4c8241259c2d3f16e95d828],

Physical Sectors: 0
(No malicious items detected)


(end)
 
attachment.php
here is my startup
 

Attachments

  • start.jpg
    start.jpg
    16.2 KB · Views: 55
I would recommend following Voyagerfan99's post and run the all the programs and post the logs so we can be sure you are clean.

Your startup list photo is too small to even see.
 
I restarted my computer and windows wouldn't load. I ended up having to reinstall windows. Repair wouldn't work, nothing would, I couldn't even boot into safe mode. A new boot option was put on my computer and locked into it, it was called Boot X. I couldn't get around it.
Thanks guys for trying to help me out! I keep wondering if Norton is even worth the cost any more.
 
Virus protection isn't all that well anymore. I mean signature based. You should use Sandboxie. They have a forum so ask questions there. Configure sandboxie to delete contents on exit and allow access to bookmarks and the profile and you should be good to go. I would use Bitdefender Free and disable autoplay.
 
You must log in or register to reply here.
Back
Top