Computer Support Forum

Fake google chrome entry in task manager causing popups and system slowness

Question: Fake google chrome entry in task manager causing popups and system slowness

Hello,

First off, I'm a new member to the forum and I would like to express my sincere appreciation for help resolving this problem. I'm usually able to clean up malware but have not been successful in this case. As I've read through the furum, I've noticed other posts with a similar issue so this must be something new going around.

The issue I have is popups (always three windows) which became noticeable about five days ago and prompted my actions. I have two accounts on the infected PC and the issue is present on one account while the other account is free of the issue. As I investigated, I noticed a fake google chrome entry in the processes tab of the task manager. Its name is "cphngsji.exe*32" and its listed description is "google chrome." There are 10 to 15 entries in the task manager and it varies increasing and decreasing randomly. The randomly increasing and decreasing entries are visible and correspond to peaks and valleys in the CPU usage trace on the performance tab of the task manager. I also have an issue with the CPU fan running a great deal of the time when the infected account is active. This began several months ago and I now believe it is a result of this infection.

So far I have run my antivirus (McAfee), a tool called SUPERAntiSpyware Free Edition. They were able to find and fix other bugs but not this one. I also ran a McAfee tool called 'GetSusp' which identified three PUP's and one Assumed Dirty File. I ran AdwCleaner which found and cleaned several items (the PUP's identified by 'GetSusp'). After all this I still have the issue. Lastly, I ran AdwCleaner, ASWMBR & FRSTscan and saved the txt files and have attached them below. They are reflective of the current state of the PC.

Please advise on what you would like me to do next. Thanks!

Relevance 100%
Preferred Solution: Fake google chrome entry in task manager causing popups and system slowness

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Fake google chrome entry in task manager causing popups and system slowness

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

7 more replies
Relevance 81.78%

My computer was running slow so I went to my task manager and seen a whole bunch of Google Chrome processes running. I was confused at first because I don't even have Google Chrome installed. As I tried to stop the processes one at a time, more only popped up. Then I looked it up on the net, found others yall have helped on this site, and know there's something wrong. If possible, would like to know how and when the malware was installed as I have multiple students that use the pc and this is the first time ever had this happen, would like to know if it was a user doing something wrong by accident or on purpose (is even possible to know, but mainly would like to just get pc fixed!)

I right clicked and Disabled Antivirus AutoDetect (Norton); Downloaded zoek and have result log attached. Required a pc reboot and did that too. Problem is still happening. It also changed my home page to google.com (I changed it back). I also uploaded a picture of my task manager if that helps any.

Thanks!!!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 81.78%

Hi TwinHeadedEagle,
I have almost exactly the same problem running on my computer. I have run zoek, malwarebytes, and AdwCleaner and I still have the problem. Rather than create a new post in the forum I have just replied to this post since it seems so similar. I have now run Farbar and have attached the two logs. I also included a pic of my task manager showing the processes that keep loading. Can you help me? Thank you!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 79.75%

I keep getting memory error's. So I opened up task manager and I have about 10 instances of Google Chrome running and they keep multiplying. I don't even have Google Chrome on my machine.
 

Answer:Fake Google Chrome in task manager

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

4 more replies
Relevance 78.88%

I have a Windows 7 Lenovo laptop that is running very slow.  I ran virus scans, including Malwarebytes that returned zero results.  I have noticed in Task Manager that there are several processes running with a description of "Google Chrome". 
 
The exe file is in the \userprofile\appdata\locallow\Sun\ folder. This exe cannot be deleted since there is a lock on it. Even if I kill the processes from Task Manager, they regenerate faster than I can delete.
 
Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome processes in Task Manager

Hi. Please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

7 more replies
Relevance 78.88%

When I restart from Sleep, I have windows open that look like a browser with various ads in them. I looked in my task manager and saw a number of Chrome processes named Wgvsgnxdj.exe *32 that use about 20% of the CPU. When I end the processes, they restart on their own. The processes are all located in the AppData/LocalLow/Adobe/zqjpwqzm folder.

Can you please help me out? I have scanned with MalwareBytes, MaAfee, SpyBot 2, and tdsskiller. None of these have found anything.

I have attached FRST scan logs.

Thank You!
 

Answer:Fake Google Chrome Processes in Task Manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 78.88%

I am experiencing the same issues as some of your other users with a Fake Google Chrome process residing my Task Manager screen. My issue on my Laptop began yesterday, after I tackled removing a dllhost.exe issue over the weekend. I thought I had done well to get rid of it, using information from your forum, but then this file showed up the next day.My file is titled "Immytfefs.exe" and it states that it resides in the "C:\Users\User\AppData\LocalLow\Adobe\nmvkurfye" directory.It says it is a Google Chrome process, but I have uninstalled that program, and it is still there. I have Norton360 and MalwareBytes running, and neither detect this issue. I have downloaded your FARBAR Recovery Tools and ran the process to create the First and Addition files. and will attempt to upload them with this issue request. [Can't upload] If anyone has answers to this, that would be much appreciated.I came to this forum, because I can see others are currently experiencing the same issues.Please let me know what I can do to resolve this.  I think this is a true virus...Sincerely,David I can't seem to upload the FRST and Addition files to this post, so maybe someone can help me with that also. FRST.txt************Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by User (administrator) on USER-PC on 11-11-2014 12:54:20Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFMFWEVJLoaded Profile: User (Avai... Read more

Answer:Fake Google Chrome exes in Task Manager

Ran ESET Powelikscleaner.exe tool and did find Poweliks virus, and cleaned it.  Do not see the multiple files in Task Manager running behind the scenes.  Virus may have been involved with that!
Will keep the forum posted if any other files pop up.  Thanks for your help, and I am being patient...just reading alot of what others are experiencing.

3 more replies
Relevance 77.43%

Hello -
A customer of mine brought their personal laptop to me to look into why large amounts of data are being used up on their Verizon Hotspot.  This is a Windows 7 Home Premium laptop.  I ran multiple virus scans including ComboFix and Malwarebytes that returned zero results.  I then noticed in Task Manager that there were multiple processes running that belonged to Google Chrome.  I then verified that Chrome is not even installed.  I found the running .exe file in the \userprofile\appdata\locallow\Google directory.  Rebooted into 'Safe Mode' and then removed the folder and then scanned the registry for the same .exe name and removed them as well.  I then restarted the pc and the files reappeared, this time in the Adobe directory rather than Google.  I repeated the steps above with the same results.  Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome Running Multiple Processes in Task Manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

10 more replies
Relevance 77.43%

A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 77.43%

Strider said:


A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.Click to expand...

I had the same issue. Hopefully you can help. File attached. The google chrome process was called "Eskuyiyifxt.exe*32"
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 75.69%

The process name is listed as wgjbmmc.exe *32 in task manager.
When I 'Open file location' it is located at...
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\pgngpdf\zhgekhrmttku

I attached the FRST results files.

Thank you
 

Answer:Fake Google Chrome processes named wgjbmmc.exe *32 in task manager slowing computer down

Hello.
Uninstall Microsoft Security Essentials

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

Start
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\Software\Classes\.exe: => <===== ATTENTION!
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\Run: [Wkudeas] => regsvr32.exe /s "C:\Users\Jeff\AppData\Local\{CB212118-3492-4DED-963D-DAB6283A1E07}\Wkudeas.dll" <===== ATTENTION
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {08c6c7e4-0e4a-11e0-9774-96bca1c77bb5} - G:\setup.exe -a
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {e5848bdb-fdad-11e1-8325-8bf135db7bca} - G:\setup.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that bo... Read more

8 more replies
Relevance 75.69%

Infections date probably on 10/26/2014. Fake google chrome processes (a lot of them) are running in the task manager, hogging memory and CPU. Computer is slow.

The process name is listed as Mjjckmsq.exe *32 in task manager, and is running from the location....
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\Uuiputi\fzsdleeocr
.....as mentioned by task manager when I right-click on the process and ask to open file location.

This EmieUserList is a hidden folder and is not visible in the LocalLow folder even if I enable the "show hidden files and folders" option.

I have run the Farbar Recovery scan tool and have attached the results with this post.

Please let me know if there is anything else I can do to help solve this problem.
 

Answer:Fake Google Chrome processes named Mjjckmsq.exe *32 in task manager slowing computer down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 95.12%

Could you please help me considering this is my work computer. I have added both files from the program I downloaded from your website first64
 

Answer:Help with fake chrome in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 93.07%

My laptop runs slower than usual and is creating new folders in weird places. I did notice task manager processes for chrome and did an online search to find a few connected to fake processes like
programdata\ntuser.pol and programdata\Roaming and windows\XSxS.

I ran MGlogs and attached the zip that was one my desktop after it completed.
 

Answer:Task Manager Shows Fake Chrome Processes

Can you upload all of the other requested logs please?

I will post to procedures for your reference.

READ & RUN ME FIRST - Malware Removal Guide
 

10 more replies
Relevance 92.25%

My computer is being taken over by fake chrome processes using the vast majority of my CPU.

Answer:Massive amounts of CPU being used by a Fake chrome process in task manager

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553421 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 91.84%

Hello TSGF,
I caught something-- your help is much appreciated!
-on desktop: "Warning: Spyware threat has been detected on your PC."
-popups, including "Your computer is working slowly",
"Warning: Your computer is infected..., "Click here", etc.
IE pages auto-opening with "Top-rated Spyware Removal..." etc. etc.
-"Task Manager has been disabled by your administrator"
Nothing new for you, yes?
Thank you very much---

My HJT log............

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:48:20 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis_v2.e... Read more

Answer:Solved: Task Manager disabled, fake Spyware removal popups, etc.

Update---
I have run and/or am running
AVAST!, Spybot SD, and Ad-Aware,
Was told by "expert" that I have Zlob.trojan and/or smitfraud,
both of which reportedly may be cured via Spybot or Ad-Aware.
But still have same issues affecting:
Task Manager (not available)
Desktop (hijacked with spyware ad)
Toobar (regular ad/warning popups)
IE (regular ad/warning popups)
...please someone help soon--
been waiting for days-- thank you...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:59:41 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explo... Read more

2 more replies
Relevance 89.38%

I have windows vista. The computer is only a year or two old. i tried (like a dumbass) to download a torrent. and now ive got mega issues. The first of was microsoft defender pro. rougeware. i got rid of that. but ive still got issues with random popups, redirects, and google chrome doesnt work. I updated my java after i ran the scans. so it is up to date with 6 19. If you need anymore info ill be happy to supply it. Thankyou for giving me your time.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Taylor at 0:12:56.79 on Sat 04/03/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2047.1007 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Win... Read more

Answer:virus causing popups and google chrome isues

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

19 more replies
Relevance 87.33%

I recently acquired a virus that was causing frequent popups and other problems. Now it just seems to be making things run slow.

I followed all the required steps. I could not run CounterSpy, but I ran AVG instead. I was only able to run PandaActiveScan in Normal Mode (not Safe Mode).

Thanks for any help.
 

Answer:Help: Virus (was) causing popups, now causing slowness #1

Help: Virus (was) causing popups, now causing slowness #2

See #1 for more info.
 

17 more replies
Relevance 86.92%

Hi, I just found a neat little feature in Google Chrome and I'd like to share it with others who might not have noticed it.

First you'll click the wrench in the top-right of your browser.



Then navigate to the option 'View Background Pages'

Then in the open window you can manage the processes Chrome is currently using. To get a more detailed look click the 'Stats for nerds' option.




And you should find yourself at a page that looks like this:



Hope this helps!

More replies
Relevance 86.1%

Basically every time i start up chrome about 5-8 other chrome.exe 32s appear. 
Side note: its only doing it in chrome, i tried opening internet explorer and no .exe appeared in my task manager. 
They are slowing my browser massively, any help will be greatly appreciated.  

Answer:Multiple Google chrome .exe 32 in task manager

Why Does Chrome Have So Many Open Processes

10 more replies
Relevance 85.69%

Hi there.
A couple of months ago my main e-mail account was compromised to gain access to an old battle.net account, ever since then my computer hasn't been quite as normal.
I have been keeping my AV up to date, run malware scans quite regularly but i can't seem to fix it completely.
I've been running into the google redirect ads issue (not as much now) and in the last few days my HOSTS file keeps getting reset.
I also have PING.EXE running constantly in my processes which i know shouldn't be happening, i can kill it but it will come back within a few minutes and since none of my scanners are finding anything now i'm stumped.

I am running Windows 7 x64 Ultimate, with Avira free antivirus and a trial copy of malware bytes (Which i am considering buying very soon).
Hope i've not left any important info out, thanks in advance.

Answer:Google Redirects, Various popups, PING.EXE in task manager

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

7 more replies
Relevance 85.28%

Hello, I've seen a few topics relating to my problem but wasn't sure if the steps are exactly the same for each person or if they are customized from problem to problem.
 
I'm running windows 7 and as other users have stated, my computer was running slowly, freezing up periodically and minimizing programs I was using. I checked task manager and at that time I saw many dllhost with description COM surrogate running, and trying to end the processes they just kept appearing again. At that time I had AVG as my antivirus and malwarebytes. Only AVG detected the file but it could not delete it. I then uninstalled AVG and changed my antivirus to Bitdefender and that seemed to have stifled the symptoms although I don't believe it ever fixed the problem. My computer was running smoothly for about a week and now I have a filename uirrvmzweu.exe with description google chrome. My computer symptoms are about the same as they were when the dllhost process was running. They both act very similar as far as I can see.
 
Any help would be much appreciated, thank you.

Answer:COM Surrogate and google chrome processes in task manager

Welcome njsLets start with this ...Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.Next run Autoruns.Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.txt).Please attach the text file to your next reply.

15 more replies
Relevance 85.28%

Hi,
 
I noticed a few days ago that my computer was running slow.  I opened the task manager and noticed that the dllhost.exe*32 was in my Task manager over 20 times.  I ran my antivirus and nothing came up, I have both Malware, and Comodo.  I read through some removal logs and found one that was the same issue as mine basically.  I downloaded the Farber Recovery Scan Tool.  At first, I didn't read ALL the way through it and ended up downloading someone else's fixlist.txt that was part of a reply.  At the time I just figured it was a blanket fix for everyone, didn't realize it was for that specific computer.  So I pressed fix and it seemed to work......temporarily.  I also deleted Chrome but it still pops up in my Task Manager although I don't have the program. 
 
So...now I have read more and am going to do this the right way.  I ran a new scan and am including it in the post.  Hopefully someone can help me fix the problem.  I really appreciate all the help. 
 
I have a HP Pavillion dm4, 64 bit, running Windows 7 Home Premium
 
Here are my logs:
 Addition.txt   40.46KB
  4 downloads
 

 FRST.txt   82.95KB
  5 downloads
 

 Shortcut.txt   81.92KB
  1 downloads
 
 
Any help would be greatly appreciated.  Thanks so much,
 
Mik

Answer:dllhostexe*32 and google chrome app appear over 20 times each in Task Manager.

Hi Mik,please do the following steps:Step 1Please download this attached
 fixlist.txt   2.7KB
  7 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste this log in your next reply.

17 more replies
Relevance 85.28%

I had been using AVG & found it adequate. I got this computer in fall 2009 with Windows 7 32-bit on it. Since then, I've been using Microsoft Security Essentials.But it never found anything, until this month.Nov 21, I decided to try AVG again. D/Led the 30 day trial version & ran it. It found 4 Trojans in less than an hour. There was a "buy right now" sales pitch - pushy already; I was suspicious. Deleted AVG on 26th.Dec 30, I found right away that my computer is infected with a serious, really active bit of Malware/virus. I don't know its name; it apparently settles into or at least uses a directory in Windows ... C:\\Windows\sysWOW\dllhost.exe is said to be the culprit. MalwareBytes was continuously blocking "ads," I guess they are, generated by dllhost.exe? Try as I may, I've not been able to do anything about it.(Update: I bought & used Malwarebytes in 2014, March thru July I think. It used a lot of CPU while running. Slowed me down. I thoughtlessly deleted it ... at least, I think I did.)The very frequent message that Malwarebytes is blocking outgoing "stuff" must have been generated by the virus itself, as MWB wasn't on here at that time. My CPU was running at=close to 100%. The main user seemed to be C:\Windows\SysWOW64\dllhost.exe.Dec 31, MSE found something!: Trojan:Win32/Powessere.A!reg - "severe, active." I said Remove it.Jan 1, MSE found Trojan:Win32/Powessere.A!reg - "severe, active" again. I said Quarantine it. I was in over my head.I'd "lost" my tru... Read more

Answer:More Badness & Task Manager Credits "Google Chrome"

Can you re-run malwarebytes this time remove the infections and post the new log.   Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile a... Read more

1 more replies
Relevance 84.05%

hello I have been playing with this multiple google chrome processes in task manager past few days it is malware but haven't been successful in removing it I have traced file to multiple disguised fake folders it created saved the location in note pad and booted computer in safe mode deleted the folder only to have it reappear in a new folder it created.  done this three times before investigating more on line about the issue. if im understanding correctly it requires a more practiced hand than my own to fully remove it I will post a farbar txt of its findings in this chat and if anyone is available to walk me through how to remove it I would greatly appreciate your time and help I hate  to say this but I really admire this one normally I can handle basic malware but this is really out of my league
I work during the day Monday through Friday 8 to 5 so any time during evenings or weekends I can really spend time and get this removed with a practiced hand
sincerely
EvilAxis
 
this is the current paths the infected folders took while I vainly tried to remove it doing the find folder reboot in  safemode and delete its  made quite a journey and is really a amazing little bug
 
1st attempt original location    C:\Users\Jason\AppData\LocalLow\AVG SafeGuard toolbar\Iqlhknlcn\Dyzpbxtjfb
 
jumped after safe mode delete and reboot
 
2nd  location          ... Read more

Answer:Multiple google chrome found in task manager on computer

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.  Please post the addition.txt as well.

5 more replies
Relevance 84.05%

I am suddenly unable to use Google Chrome (nothing happens), task manager (nothing happens). I have tried clicking on a system Reset, nothing happens. I have tried a restore, message says it is unable to start restore. PC is taking ages to come on and switch off.

Other things are slow. PC is practically unusable. Any suggestions?

Answer:Reset, task manager, Google Chrome plus other things not working

Do a repair install.
It will allow you to keep your files, settings and apps.
No product key is required.
Activation is automatic.
Repair Install Windows 10 with an In-place Upgrade

14 more replies
Relevance 84.05%

My lap top is running slow my google has been taken over by yahoo and i have lots of chrome,exe*32 files in mt task manager. i've removed yahoo as my search and put google as my deault but yahoo just comes back again. i havent used the lap top in a while my daughter uses it more she doesnt know whats happened, im a complete novice and dont know one end of the lap top from the other so will need a patient helper and no pc jargon as i wont understand, im not even sure if ive posted this thread right.
thanks
 

Answer:google taken over by yahoo and lots of chrome.ex*32 files in task manager

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

11 more replies
Relevance 82.82%

Greetings,

It appears this is not an uncommon problem. I'm sure hoping you folks can help.

The file is Rfhzyoqz.exe and is currently in the /AppData/LocalLow/EmieUserList/Wtzvbhu/Ebuagpaabob/ folder. There are apparently other related folders involved, including Tejgrfd in this same folder.

I will download the scan log tools and upload the logs shortly.

Thanks for being there,
grandpayoda
 

Answer:Fake Google Chrome Process running on my system

Here are the files from execution of FRST and AdwCleaner - run under Safe Mode when the Fake Google Chrome processes are not active. If I need to run them again under a normal boot, let me know, but note that I had trouble trying to run FRST under a normal boot (though it may have been because Norton 360 was active).
 

12 more replies
Relevance 82.41%

Hello there,
 
I recently noticed my laptop running very slow, especially when using Youtube videos.  I deleted some old junk to free up some memory but that didn't help.  Defragged my laptop and ran several virus scans, but no improvment and nothing found on the scans.  I found a new program installed on my laptop called "Spigot Search Protection" which I uninstalled.  No improvement after this.  I then noticed about a dozen processes running on my Task Manager that appeared to be Google Chrome windows.  They were using up a ton of memory... and I use Firefox not chrome so I thought it was weird.  I uninstalled Google chrome, but they remained open and listed as google chrome programs.  I opened the file location and ran a virus scan directly, and it came back with no threats detected  (I ran Kaspersky). The image name for each process that is running is Lnzdypqnuf.exe*32 and appears as a GoogleChrome file.
At this time I did a Google search and came up with this website (it seems others have had the exact same problem).  I saw that each case should be handled specifically, so I decided to register and post instead of trying to figure it out myself. 
 
If anyone can assist me with getting rid of this problem I would greatly appreciate it.  I have never downloaded a virus before, and do not open ads or clickbait on websites.  I do use Utorrent once in awhile and expect that is how I downloaded this vir... Read more

Answer:Multiple Google Chrome Processes in Task Manager; Cannot close and laptop slow

BTW, am running on Windows 7

4 more replies
Relevance 82%

Logfile of HijackThis v1.99.1Scan saved at 1:33:16 PM, on 02/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\... Read more

Answer:Pornographic Popups, Fake System Warnings, Fake Antivirus Download Popups

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

6 more replies
Relevance 80.77%

Computer running very slow, a couple of dozen tasks show up in Windows Task Manager with Image Name Nuyxhacoxa.exe having Decription 'Google Chrome'.

Chrome has been uninstalled from the system.
 

Answer:Malware/Virus infection - dozens of jobs showing in task manager with Description = 'Google Chrome'

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 78.72%

Hello,I seem to have contracted a virus or malware of some description that generates fake, "Your Computer may be infected" - type alerts in my Windows taskbar and attempts to install a fake antivirus onto my pc called XPShieldSetup.exe. It also causes advertising popup, though this is fairly rare (once or twice an hour, max).I am running Windows XP, Service Pack 3, and I have Trend Micro PC-cillin Internet Security 14 for antivirus software. I have also turned on Windows firewall, as per the instructions on this site.My antivirus program detects an infected file called C:\WINDOWS\SysNotifier.exe, and classifies it as something called "Mal_FakeAV-9". It Quarantines this file repeatedly, but it always comes back, even if I manually drag it to the Recycle Bin.I have run HijackThis and attached a copy of the log file it created.Thanks in advance for your help. Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:32 PM, on 4/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:&#... Read more

Answer:Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

4 more replies
Relevance 77.9%

Hi,

Recently it became pretty obvious that my computer was infected with something. When using Firefox, Google links were being redirected and new tabs were popping up. When using Explorer there were similar problems. Chrome didn't even work anymore. Couldn't do a system restore to any time. I tried running AVG, Ad-Aware, Malwarebytes, SuperAntiSpyware, and maybe another, I can't remember, but the infection was still there.

Before I got to this forum I saw on other forums that everyone seemed to be running Combofix and Hijackthis, so I ran them too, unfortunately before I saw the instruction not to. The good news is that it didn't seem to hurt anything. In fact, I stopped having most of the issues. However, after running Combofix AVG picked up several viruses/malware. I'm probably getting the names wrong, but here's what AVG's history log says: Virus identified Win32/Patched.DX, Trojan horse Generic18.AEXT (twice) and several instances of Runtime packed fsg, whatever that is, related to AAWService.exe, svchost.exe, and Explorer.EXE. Most of these were picked up by AVG while Ad-Aware was running a scan.

Anyway, the problem seems to have gotten better but I don't yet trust that my computer is clean. I ran DDS and GMER. DDS ran fine, but my computer didn't like GMER at all. The scan would finish, but I couldn't save it, and the computer was generally unusable after the scan, forcing me to restart each time. Took 4 tries to run it and save the log, but I finall... Read more

Answer:Google links redirect, popups, chrome and system restore don't work

Welcome to TSF :)

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

9 more replies
Relevance 77.49%

See if you can follow me here.  I have google chrome version 35 on a Win 7 PC and I have noticed to be slow and pages that are hanging.  I have uninstalled comodo firewall and adaware anti virus.  I have turned on windows firewall.  I also have MBAM 2.0.1012 and someone said on another website that could be a cause as well.  Has anyone have the same issue and what are possible solutiions.  I do not have a antivirus program right now not sure which one is good and if it will cause slowness on my browser.

More replies
Relevance 77.08%
Answer:In windows task manager: 8 chrome procceses in chrome built in task manager: 4 procceses

that's normal, Chrome uses multiple processes to increase stability/performance.
 

1 more replies
Relevance 77.08%

Yeah, as you can see from the title - I'm a little stumped.

I recently did some Windows updates on my new laptop (running Windows Vista), half way through the updates, my laptop crashed out. I restarted it and upon starting, I noticed that Google desktop would not start. The Google Desktop widgets try and load up on the right of the screen, but then it just freezes and nothing opens. This was also the case for IE7 - clicking on it, just wouldn't open it and won't access the net through it. I tried to access the task manager, and this too would not open up, but it does show the little green square icon in the bottom right hand corner. I was going to try and do a system restore, but this doesn't start up either - it's as though task manager and system restore ARE running somewhere, as when I try and open system restore again, it simply says 'system restore is already running'.

I'm puzzled. I can get on the internet with Firefox and Opera but I just can't seem to do much else with regards to utilities and what not.

The laptop is brand new. It's a DELL Inspiron 1565. 3GB RAM, 250GB HD. Core 2 Duo.

Any ideas? I can give you some more information if required.

Cheers in advance.
 

Answer:Task manager, System Restore, IE7, Google Desktop won't open...

Also, can I add, that when I attempt to reboot/shutdown my laptop - it just doesn't want to shut down. It gets to the 'Logging Off' part, and then simply just hangs. If I want to shut down the laptop, I have to do it manually.
 

2 more replies
Relevance 75.85%

My system - Windows XP Pro - sp1
I use McAfee Personal Firewall plus.
I did not have the automatic MS update on.

After endless searching I found others who had similar infestations but not exactly the characteristics of the one I have. I am guessing this one is some variant of a sasser virus? I been the the MS site and looked over their sasser variations but each one shows what might appear in the registry and I do not find any of them in my registry.

I realize now that there are a couple of MS security updates that I should have installed that might have protected me from this.

Can somebody please help me remove this malware out of my system?
About the messages
A few days ago is when this all started.
When I start up the system a fake Windows Security Center menu pops up on the desktop. It does not say there is any problem.
It has a subtitle 'Security essentials' and under it are three third party listings for download and install.
1. UltimateFixer. 2. SystemDefender 3. SysCleaner.
Then there are several FAKE messages that separately pop up at random, whether I am working on the computer or it is just sitting idle. I do not have IE7. I use IE6.
The shutdown popup has a 60 second countdown then shutsdown windows and restarts it unless I am there to cut if off with by running 'shutdown -a'.

Another freaky thing this malware does is overlays a fake Free scan image over an existing image on any web page I might visit. The image flashes ... Read more

Answer:Infestation causing fake sys popups,shutdowns

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

18 more replies
Relevance 75.85%

I am using dell latitude E5410 system with Biometric deveice which causing slowness, system performance is becoming worst day by day, I have tried desabling biometric device as I dont use it.... But those drivers are getting installed automaticaly...
Everytime I have to uinstalled biometric drivers, to improve performance...
Any solution for this???

Answer:Biometric Device causing system slowness.

Do you need this biometric device?
If you don't need, you have the opportunity to disable the device instead of uninstalling.
This can be made via Device Manager.
You can also check the Windows Event Viewer for getting more information about the problem.

5 more replies
Relevance 75.44%

Whenever I am online, if I bring up Task Manager I see: FlashUtil32_11_7_700_169_ActiveX.exe *32. What is this & why is it there? I can End the process w/o any problems arising, but it comes back after a while.

Answer:Task Manager entry question

It's because you have Flash Player installed and went to a site that required it.

4 more replies
Relevance 75.03%

I think I got some mal-ware from this fake printer driver i downloaded it brings up fake pop-ups saying i have Trojan-Downloader.Win32.Agent.bq which i don have and the when i click on the box it takes me to some fake antispyware site please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:07 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\azwvslmx\gbuvqped.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\W... Read more

Answer:Malware causing fake windows security popups

You never replied here: http://forums.techguy.org/malware-r.../747298-random-malware-adware-spyware-my.html
 

1 more replies
Relevance 74.62%

I had noticed that the machine seemed to be running slow so I tried to bring up Task Manager to see what was running and kill a few processes. TM wouldn't come up. So I rebooted and called up TM as my desktop was coming up. In the "applications" window of TM I get a funny (funny wierd/odd as opposed to funny ha ha) entry. I don't have all the characters but it begins {DFDDD4E . Now that looks like something I would expect to find in in the registry in HKeyClassesRoot or suchlike. I tried a search on the hard drive for a program/directory that began with {DFDDD but got no hits. Also, installer comes up shortly after the {D etc. program goes away - on its own or after I put a bullet in its brain. Right now I am killing it and installer as they come up but would like to know if anyone has seen similar behavior and where to look in the registry to stop this once for all. I am experienced with direct NT/2K/XP registry manipulation to keep from permanently puking the OS.

Any assistance would be appreciated.

Bill

Answer:Odd Entry Showing Up In Task Manager At Startup

DFD stands for data flow diagram which may be used for viewing satellite maqps ie Google Earth.Do you have that ap installed on your pc?In any case, I would recommend disabling it in the startup menu before deleting it and see what repercussions that may have.I would also recommend doing several web based antivirus and anti-malware scans (using Internet Explorer as they require Active X) in addition to a scan with your resident av ap, updated to the latest definitions.Panda Activescan http://www.pandasoftware.com/activescan/co...n_principal.htmhttp://www.pandasoftware.com/products/activescan.htmTrend Micro antivirus and malware scan:http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scanEtrust Anti-virus web scannerhttp://www3.ca.com/securityadvisor/virusinfo/scan.aspx.Avast Online scanhttp://onlinescan.avast.com/F Secure online scanhttp://support.f-secure.com/ols/start.htmlEwido Online scanhttp://www.ewido.net/en/onlinescan/Trojan scans ? Sygate Trojanscanhttp://scan.sygatetech.com/pretrojanscan.html Windows Security Trojanscanhttp://windowsecurity.com/trojanscanSee instructions for it here:http://www.windowsecurity.com/trojanscan/trojanscan.aspParasite scan from Aumha:http://www.aumha.org/a/noads.php or here:http://www.aumha.org/win5/a/noads2.htm

2 more replies
Relevance 74.62%

Hi all. could someone please help me.
I just had to install a new hard drive and reinstall everything. I looked into my task manager and there is 2 entries for the same subject . I had a little problem installing drivers for my graphics card and had to reinstall a couple of times. I checked the path where the file is loading from ( system32 ) and there is only one entry. not really sure what is going on. just wondering if I am having conflicts with the drivers for the graphics card and the programs with my monitor .

Thanks

Answer:Double Entry In Windows Task Manager

Hi caveanimal, welcome to BC!

What's the name of the duplicate process?

5 more replies
Relevance 74.62%

A bunch of these jpkncmkh.exe *32 processes are always open in my task manager and my cpu is running at 90 to 100% and I don't have google chrome and the description is google chrome.  These must be viruses I need to get rid of im going to attach a frst files and logs because I saw other posts that did that. Please Help!!??
 
I want to copy and paste a fix list like I saw other people do to get rid of them but I don't know  how?
 
 

Answer:Fake Chrome Processes Please Help jpkncmkh.exe *32 description google chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554784 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

20 more replies
Relevance 74.21%

My problem started this weekend. All of a sudden, my machine started grinding to a halt. I also started getting unwanted pop-ups. I have tried in vain to remove some items. I just cant get it to stop. I am posting a HijackThis log.

Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 1:36:22 PM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\ChannelDeploy.sys
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Program Files\Synaptics\... Read more

Answer:Solved: PopUps and System Slowness

12 more replies
Relevance 74.21%

I've had this issue for a few days: when I watch a video in fullscreen on google chrome the sound starts "crackling" and it takes forever to switch to and from fullscreen.

The issue presents itself on all flash-based video sites.
Watching videos in small view works fine.
The issue only appears on Chrome. Firefox and Opera work fine.
Disabling hardware acceleration in the flash options has no effect.
Reinstalling Chrome and flash has no effect, nor does disabling/removing all plugins.

I tried the adobe flash troubleshooting and they offer a comparison between HTML5 and non-HTML5 videos. I noticed the HTM5 video works ok and the non-HTML5 doesn't.

I don't think it's my computer, because the other browsers work perfectly. Any ideas?

Thanks.

More replies
Relevance 74.21%

Windows 7 32 bit. Went through a lot of trouble today. Started with a fake MTR.exe that plagued my system and forced me to run MWB in safe mode just to rid of it. Then I deleted my Temp folder. Afterwards, the MTR problem went away only for me to find that webpages kept popping up randomly directing me to infected websites. Also, MWB couldn't delete a Winlogon (Shell) registry file that was infected. My friend said that I should try ComboFix and it rid of the popups and the Winlogon problem. I ran another MWB scan and it said my computer was clean. However, a few hours later, my netbook became infected again and used the Fake System Cleanup into tricking my mom (owner of the netbook) to letting it infect the netbook. I quickly switched into Safe Mode w/ Networking (what I'm on right now) and let MWB run (log will be posted). I deleted the files that MWB found but to no avail, the redirects kept happening. In addition, the malware hijacked my start menu leaving me with no shortcuts and hiding all my files. (Is there anyway to "unhide" all of these files?)Anyways, I used Defogger just in case and ran dds. Then I ran gmer but I had an error which it said an instance of a driver was already running. This limited me to only Services, Registries, and Files. I'm not sure if this is because of the malware or b/c I'm in safe mode. Here are the logs (dds, gmer, Malwarebytes in that order.).DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 8.0.7600.16... Read more

Answer:Redirects/Fake System Cleanup/Fake MTR.exe/Popups

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427342 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

26 more replies
Relevance 72.57%

The Current Issues and Steps Taken pretty much cover it. Any help would be much appreciated!
 

Answer:Fake Chrome task after opening Steam

Hello,

Please follow this topic and attach required reports

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

1 more replies
Relevance 72.57%

I'm running Windows XP Home. About six weeks ago my computer was hit with the virus that mimics the AntiVir virus removal software; I downloaded Malwarebytes Spyware remover, ran it, downloaded a complimentary copy of Norton (via my ISP), ran that, and came up with a clean report. However, in the ensuing weeks when using Firefox I've gotten repeated pop-ups (generally directing me to a site telling me about an amazing way to make money from home off Google) and occasional Google searches redirected to other, unrelated sites. Meanwhile Microsoft's Windows Update site remains unaccessible and the machine generally continues to run slow.I'm attaching the requested files after running the recommended programs; note that running GMER took multiple attempts, as the first few times I ran it the program locked up my computer to the point that I had to manually switch it off. Re-downloaded and ran the recommended scan and was able to save a log, but am not entirely sure the scan was complete, and even saving the puny log file took a very long time before computer eventually had to be switched off again.Would much appreciate any help/guidance. Posting the logs below and happy to take whatever other steps recommended. Thanks in advance.

Answer:Infection: Google $-making popups in Firefox / Windows Update inaccessible / general slowness

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

11 more replies
Relevance 71.34%

Hello a computer at our company was recently infected by a fake antivirus program. More than one apparently one called Anti-Malware Pro and Security Master AV. Also a browser hijacker that keeps taking me to Gala.com.

I already deleted what I could of the fake antivirus programs but it seems to be recreating parts of itself.

I am also unable to open task manager. I am unable to activate it even when I use gpedit.msc. I tried various fixes but was unable to enable the task manager so I can not see what processes are going on. The button used to be greyed out but after a few fixes I was able to make the button appear but clicking on the task manager button does nothing.

I would also like to know how to make the search function more powerful because it is unable to see files I know that exist and am looking at hidden in certain places. Can I enable it to scan all locations on my C: drive? For example it was unable to find this file SM3c38.exe using it but luckily I was able to trace the location of it due to another file linking to it.

Thanks for the help.



DDS (Ver_10-03-17.01) - NTFSx86
Run by djackson at 17:44:17.35 on Wed 06/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.375 [GMT -5:00]

AV: Security Master AV *On-access scanning enabled* (Updated) {8694A4DD-598A-47BE-87C3-CF75716861EC}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ... Read more

Answer:Fake antivirus removal + task manager

Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it ... Read more

2 more replies
Relevance 71.34%

I have had TwinHeadedEagle help this last week at this link: http://malwaretips.com/threads/fake...dont-even-have-google-chrome-installed.35660/

It worked to remove fake google chrome malware, but now I have in the task manager under processes tab, many "dllhost.exe.*32" with description "COM Surrogate" that is basically doing the same thing as the other one. I try and end their process, but they just keep coming back. I tried to download the zoek.exe, and even after I disabled my antivirus, it said my security settings wouldn't allow the download, so I can't run the scan!

Help! Attached is what it looks like in my task manager and also, what it looks like in volume mixer.
 

Answer:FAKE COM Surrogate in task manager (dllhost.exe*32)

Hello,

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

9 more replies
Relevance 71.34%

Hi all,
 
First of all I want to say thank you, you are just wonderful guys and we are lucky to have you in our lives.
I've searched and found here similar posts by other users. But I thought it would be wise to troubleshoot this one together.
As one of the admin said that using some tools without the guidance of a professional troubleshooter\penetration tester is not recommended, so you know thought not to take the chances
 
Here is a log file from AdwCleaner
 
# AdwCleaner v5.102 - Logfile created 14/03/2016 at 19:38:48
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : h***z - DESKTOP-EN7P12P
# Running from : C:\Users\ha\Downloads\adwcleaner_5.102.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\_acestream_cache_
Folder Found : C:\ProgramData\mntemp
Folder Found : C:\Users\h***z\AppData\Local\Temp\Video Converter
Folder Found : C:\Users\h***z\AppData\LocalLow\.acestream
Folder Found : C:\Users\h***z\AppData\Roaming\.acestream
Folder Found : C:\Users\h***z\AppData\Roaming\acestream
Folder Found : C:\Users\h***z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
 
***** [ Files ] *****
 
File Found : C:\Users\h***z\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\h***z\AppData\Local\Go... Read more

Answer:While in Chrome mouse cursor move by itself and opened Google Chrome Task Manage

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please run the AdwCleaner tool and clean everything that was identified.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.Let me know what problems persists.

7 more replies
Relevance 70.93%

Hi, recently I moved to a new apartment and the first day I was on the network I discovered a couple strange .exe files around my computer. I was stupid enough to click on one called "games.exe" that showed up in my shared network places folder, and since then I've had strange problems. For starters, the main symptom is that most non-microsoft .exe files have changed color quality to about 16 colors, and not just on the desktop, but EVERYWHERE on my computer (even the miniature icons in the start menu). What I have discovered is that clicking on any of these programs starts up a process called "Nvsvc32.exe" that causes my regular task manager to close immediately upon opening, and also makes my computer and internet unbearably slow. I can easily end this process using Security Task Manager, which sees this process as a 97% threat, but it starts back up any time any of the infected icons are accessed, either directly or indirectly. I understand that the real "Nvsvc32.exe" is an Nvidia driver file of some sort - this is merely a disguise that some sort of virus or worm is using. I have found the malicious and self-regenerating .exe file in my C:\WINDOWS\system32\drivers folder, whereas the real "nvsvc32.exe" should and does reside in the C:\WINDOWS\system32 folder. I have spent several days searching the internet for these symptoms, but since all I really have to go off of is this fake .exe name which I assume is ... Read more

Answer:Fake Nvsvc.exe 97% threat in Security Task Manager

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 70.93%

Help guys, this virus is really pissing me of to the point where I am about to chuck my pc out the window. On bootup I will not get any taskbar/start menu etc, alt+tab doesn't work or anything. I get a fake screen telling me I have been illegally downloading software, if I press CTRL+ALT+DELETE then I get no option to open the task manager, I don't have any administrator access. In safemode it will still boot with the message, no task manager still. I attempted to do a recovery from the safemode menu thing, but it will still boot into the virus screen. I am on windows 7, and I cannot run a hijack this log or anything .
 

Answer:Fake Piracy warnings! Cannot access task manager

Hi, lost4468

Welcome.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30

Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
Please post the contents of these files in your next reply.
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during t... Read more

3 more replies
Relevance 70.93%

Hello a computer at our company was recently infected by a fake antivirus program. More than one apparently one called Anti-Malware Pro and Security Master AV. Also a browser hijacker that keeps taking me to Gala.com.I already deleted what I could of the fake antivirus programs but it seems to be recreating parts of itself.I am also unable to open task manager. I am unable to activate it even when I use gpedit.msc. I tried various fixes but was unable to enable the task manager so I can not see what processes are going on. The button used to be greyed out but after a few fixes I was able to make the button appear but clicking on the task manager button does nothing.I would also like to know how to make the search function more powerful because it is unable to see files I know that exist and am looking at hidden in certain places. Can I enable it to scan all locations on my C: drive? For example it was unable to find this file SM3c38.exe using it but luckily I was able to trace the location of it due to another file linking to it.Thanks for the help.DDS (Ver_10-03-17.01) - NTFSx86Run by djackson at 17:44:17.35 on Wed 06/02/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.375 [GMT -5:00]AV: Security Master AV *On-access scanning enabled* (Updated) {8694A4DD-598A-47BE-87C3-CF75716861EC}AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Security Master AV *enabled* {8C5D978... Read more

Answer:Fake Anitivirus, browser hijack, and task manager

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 69.7%

Please help me! I have read up a lot on the other people with this problem. A file called "rchnxsshh.exe" appears, and it's description is "Google Chrome" although I've uninstalled Chrome. When I open file location, it is in my appdata/locallow/ various folders. I've read this is a backdoor Trojan that has entered my system through a flash/java exploit present in past versions.

I'm generally capable and good with computers but I am not sure what to do, as all the other solutions have been machine/user specific. Please help! Thank you.
 

Answer:Fake google chrome .exe

Will upload Zoek scan soon. Also, I'm noticing this weird thing where it will scroll to the bottom of a web page or document after like, 5 seconds. Very weird and annoying.
 

2 more replies
Relevance 69.7%

Hello,
 
In my Windows task manager, I have  multiples file labeled " Dcvdpgzxc". It is listed as Google Chrome in the description and it is location is AppData/localLow/ Adobe. Please help me get rid of it
 
 
 
EDIT: I forget to mention this is the second time, this has happen on the same computer. I had it once, I rebooted the computer, then deleted the location it was in " AppData/LocalLow/* (it was located somewhere else before).

Answer:Fake Google Chrome.....

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi smoth1,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run ... Read more

14 more replies
Relevance 69.7%

Hi, I am new to this site. I am drawn to this site because I am having the same "fake Google Chrome Malware" problem that several members have posted on this site recently. After googling for an hour, it seems this is the only place that offers viable solution!
 
I started to notice this a couple of days ago when the laptop was making loud noises even though I was not doing anything. From the task manger, there are over 15 fake chrome processes clogging up. I have Malwarebytes and Symantec installed, but they both failed to screen out the malware. I ran the Farbar Recovery Scan Tool as some the previous threads suggested and included the two txt files in this message.  Please help.
Thanks!
xun

Answer:Fake Google Chrome exe

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Malware WarningAll passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.
 Step 1
Please uninstall some programs:
... Read more

34 more replies
Relevance 69.7%

Many instances of a fake Google Chrome are running in the background and I traced them using task manager to "Users/(My Name)/AppData/LocalLow/vprixmf". This is leading to a slow PC. A google search took me to this site and I found a thread with someone that had the same problem (http://malwaretips.com/threads/fake-google-chrome-virus-malware-cant-get-rid-of-this-thing.35419/). I did the scan with ZOEK but the fake Chrome is still present.
 

Answer:FAKE GOOGLE CHROME (10-20-14)

Hello,

In the top right corner of Chrome, click 3 lines, and then About Chrome. Picture of that windows would be good. If not, just tell me exactly what is written under Version.
 

10 more replies
Relevance 69.7%

So I was on my computer trying to find some cheap clothing websites and I happened to stumbled upon a video that I then watched but shortly after was asked to update my google chrome.. from reading other forms I am thinking there is a few people with a similar problem.. I didn't even realise it could have been a virus until my computer start to run a little slower so I googled it and came to this page. I downloaded FRST and done as the forum suggested although when I visited virustotal it said the file which I copied was not recognised so I'm just wondering what I should now do?
 
This was the forum I used, http://www.bleepingcomputer.com/forums/t/548427/fake-google-chromeexe-virus/

Answer:Fake Google Chrome.exe app

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following: Analysis and research take some time, also sometimes real life gets in the way, please be patient. Limit your internet access to posting here, some infections just wait to steal typed-in passwords. Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good. Paste the logs in your posts, attachments make my work harder and more complicated. Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational. Note that we may live in totally different time zones, what may cause some delays between answers. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt!
Let's start and enjoy the fight! Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:
createsrpoint;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedpr... Read more

2 more replies
Relevance 69.7%

I see that many people here are having the same problem, and have had success in resolving it in these forums, so this seems to be the place to go to get help. I've followed the instructions listed in the preparation guide, and have enclosed the FRST files. Thanks in advance for your help.
 

Answer:Yet Another Fake Google Chrome

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 69.7%

Hi,
  I may have a similar problem to the person who posted http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
  This seems to be a very new thing, because a Google search for it brings up mostly posts from this month, the only practical information about it is on this site, and standard anti-virus software seems to miss it entirely.
   This all started when I was browsing some sites about health food or exercise.  Suddenly, I was getting messages from Windows asking my permission to run regsrvr to register some dll, and I kept saying no, but it would come back up.  In the details, it said it was coming from some executable named by a really long random-looking string beginning with an X.
  There were a bunch of copies of that process in my task manager, taking up a lot of memory and CPU, and every time I tried to force-quit them, more appeared.  They show up in the task manager as Chrome, but the name of the process was this long string beginning with an X. It was an exe file under a strange folder within appdata/locallow/Adobe.
   I ran a quick scan with Windows Security Essentials, and also ran a custom scan of locallow, but it didn't find anything it thought was suspicious.
   I wanted to get back up and able to do stuff, so I rebooted in safe mode, reset my machine back a few days with system recovery, and deleted that entire folder inside appdata/locallo... Read more

Answer:Fake Google Chrome too

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552959 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

5 more replies
Relevance 69.7%

Hi,
 
New to the site and having issues with that google chrome .exe fake program.  It generates a bunch of the program and run it in process.  Could anyone help me?  I ran malwarebyte have norton installed and even ran AdwCleaner but its still there and causes my pc to lag and flashes sometimes.  Oh here is the 2 FRST files.
 
Edit:  After trying out some malware removal programs I seem to have been able to remove it and here is the updated FRST logs in case you catch anything else or if I didn't really solve the root of the problem.  Thank You.

Answer:Fake Google Chrome .exe

Can someone help and look to see if my pc is clean now?  Thanks

15 more replies
Relevance 69.7%

Hi all,

My laptop has been growing laggier over the past month or so, responding much slower than usual, and today I started getting random popups every few minutes or so, even when my internet is closed. Every popup window's title is 'CiD: whatever name here' but the url's are all different so they are impossible to block. I opened task manager and there was an instance of iexplorer there that had a high CPU usage number, and it wouldn't close no matter what I did. My iexplorer processes multiply themselves on their own, and I have to keep closing them.

I ran a spybot check and a Norton full system scan. Spybot caught some stuff, but had trouble with a virtualmonde (however it's spelled) instance and had to restart the computer, but it still couldn't totally catch it since iexplorer was still running and wouldn't close in task manager.

I ran spybot again a bit ago and it didn't find that instance, but I am still getting popups and the iexplorer process in task manager refuses to close.

Oh, and it killed the serial registration code on one of my art programs. I was pretty shocked by that...it's saying I need to 'contact IT' or reinstall the program. I hope this isn't going to become a domino effect.

(on a side note my keyboard is acting strange, certain keys aren't responding well, but I *did* spill some water on it months ago...lol. Strange that it is only surfacing as a problem now, though.)

Anyway ... Read more

More replies
Relevance 69.7%

About a month ago I was sleeping, I had not done much on my computer at all that day, and I woke up to find my computer about ready to start smoking. There were random dialog boxes filling my screen and I could barely even get my cursor to move. I restarted and got the same problem, but managed to get into Task Manager to find at least 130 processes running, about 1/8 of those processes were things I needed, everything else was just a bunch of processes that were duplicating themselves again and again, some obviously causing dialog boxes to appear. I ran every virus and spyware scan I could find and even tried fixing it manually by deleting files I thought might be causing the problem. I'm still experiencing the same issue but I have to run in safe mode because the computer amounts to a really great doorstop in normal mode but that's it. Any help would be VERY appreciated because as I've said I've been dealing with this for over a month at least, and Im pretty close to taking a hammer to the computer. Any one who has any ideas PLEASE feel free to speak up.

Thanks much
Sarah

Answer:*HELP*.. Duplicating processes in Task Manager causing serious problems

Oh and I should add that there have been multiple times when after awhile of the dialog boxes appearing, I would get a blue screen saying something like "STOP- The system process has terminated with a status of..." sometimes the message is longer than others, or in the case of last night, I just ended up with a blank black screen.

2 more replies
Relevance 69.29%

Hi! I'm looking for a solution to hide Lenovos Power Manager gauge in windows task bar.I'm deploying a big numer of computers and I don't want to change it manually on every computer, what I want is a way to disable it through windows registry or a config file. I still want the program running in the background and if a user want it shown he can "unhide" it. Regards, Nabel

Answer:Hiding Lenovos Power Manager gauge in windows task bar throught a config file or registry entry

It's a standard taskbar toolbar... (Right-click taskbar, Toolbars, Power Manager)No clue how you'd deploy it though.

8 more replies
Relevance 69.29%
Answer:mshta hijacked and multiple instances of fake programs in task manager

Thanks for reading,

I have a windows xp laptop that is severly infected.
Mshta has been duped in task manager and there are other fake programs running. When connected to the web it redirects any search or address bar submissions. Home page redirects aswell even with it set via Internet options.

Avg didn't catch anything and acted as if it was operating 3 times it's normal speed which was very odd to me and it only found tracking cookies but a prompt popped up saying I needed to update before it could delet the tracking cookies....I called bs to that and downloaded rkill ran it and like magic my avg was terminated along with all the fake mshtas/fake programs. So I downloaded mbam,emsisoft,hijackthis,dds,gmer,defoger,superantispyware. Before I got started I tested the severity of reoccurances if I ended a fake proccess. Ending each in task manager was fine with no issues even the web would work with fewer redirects any time a page was closed a fake program would appear in the proccess list. I then ran mbam It found 7 Trojans they deleted fine but now the computer was slower than before and now mbam needed to update? I launched task manager and now instead of 8 mshtas running I now had 20 and other fake programs running. I ran rkill again but this time it didn't remove any fake processes from running. Any attemp at ending a fake proccess like before now results in access denied and a fatal error occurring shutting down with a timer. Says I have 1 min before the la... Read more

4 more replies
Relevance 68.88%

Noticed other people having the same issue. Hopefully this can get fixed.
 

Answer:Fake Google Chrome processes

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

1 more replies
Relevance 68.88%

Hello and help! My infection began November 8. Task manager shows 10 to 15 processes with identical names jpokptfz.exe*32 Google Chrome, using up to 40% of CPU. The processes reappear immediately after ending manually. Chrome is not currently installed on my machine. Computer is running very slow; fake Google Chrome is causing high CPU usage. Also, today I uninstalled Java, but I can't delete folder appdata/locallow/Sun; looks like subfolders contain the fake Google Chrome .exe files. I ran SuperAntiSpyware, Malwarebytes Anti-Malware 2.0, and Norton 360 AV with no success.
 

Answer:Another Fake Google Chrome infection

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 68.88%

I'm waiting on the Zoek application to complete. I'll then run FRST and attach the Zoek and FRST logs to this post.
 

Answer:Fake Google Chrome virus

Zoek results - .exe file still running after running Zoek. I may have been able to delete the "Temp" file it was in, but am afraid it is still in the registry and will re-load if the computer is rebooted.
 

3 more replies
Relevance 68.88%

My computer is running super, super slow. When I open my task manager I find several (usually about eight) Google Chrome processes (with the image name of mnmtbcm.exe) going on all at once, all sucking up loads of memory and completely bogging down my computer... Annnnd I don't even have Google Chrome installed. So, something must be up.
 

Answer:Fake Google Chrome Virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 68.88%

Have a Windows 7 Pro 64bit system that has multiple chrome.exe processes running. The system does not have Chrome installed.Have run a full virus check with NIS and it did not find anything.Ran TDSSKiller and it came back clean.Do you have any suggestions as to how I might remove the Trojan or virus that infected my system? Thank You,Decatur31

Answer:Fake google chrome ( browser.exe)

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkbox:
 
List Installed Programs
 
Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

2 more replies
Relevance 68.88%

Hello,
 
Our HTPC got infected with virus:
C:\Users\Rita\AppData\LocalLow\Move Networks\Tssjgwzkpwxk\Qtnhygxoegxf\bewzwczd (bewzwczd.exe *32)
 
Here is FIRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Rita (administrator) on LIVINGROOMPC on 03-11-2014 12:57:41
Running from C:\Users\Rita\Desktop
Loaded Profile: Rita (Available profiles: Rita & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited                                                  ) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
() C:\Program Files\NVIDIA C... Read more

Answer:Fake Google Chrome Process

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554585 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 68.88%

It looks like a bunch of other people here might be having similar problems with a Fake Google Chrome application running malware.... I'm having this problem too. I appreciate any help you can give me!
 

Answer:EmieSiteList Fake Google Chrome

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

5 more replies
Relevance 68.88%

No idea where to begin with this. Please help!
 

Answer:Fake Google Chrome Processes

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
===================================


Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware wa... Read more

7 more replies
Relevance 68.88%

I need help with a fake google chrome problem. Many processes are running and slowing my computer way down. I've taken multiple steps to attempt to fix this but my problem is still here. please help me
 

Answer:Need help on fake google chrome processes

Here are zoek results, I realized they may be helpful. Like I said above, the problem is still afflicting my computer after this.
 

11 more replies
Relevance 68.88%

Looks like my grandmother's computer has succumbed to some malware and she's not having too great a time with it. Any help would be greatly appreciated. Thanks, and Merry Christmas!
 

Answer:Fake Google Chrome malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 68.88%

Hello, my name is Michael and I have a virus on my computer. It disguises itself as Google Chrome. There are at least 30-40 of these suckers on my computer. I clearly know it's not ACTUALLY google chrome because of one simple reason.... I don't have Google Chrome on my computer. I am running 8.1 and ComboFix doesn't run on 8.1. The file is called ccbzyuln.exe with the chrome symbol. I see in my task manager. I'm also typing this on my phone. Last night I was playing on my PC perfectly fine. I play games such as DayZ and Counterstrike : Global Offensive. I was updating DayZ to the newest patch and I noticed it would spend a large amount of time being "BUSY WRITING TO DISK" I opened task manager and I see that 100% is on my disk tab and I'm stumped. Please help.
 

Answer:Google Chrome Fake program On my PC Plz Help!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 68.88%

I have a laptop that is running slow and after checking task manager I see several processes named Oigisuhyfs.exe and the description says that it is Google Chrome, I uninstalled Chrome, booted into safe mode and deleted the files in the Oigisuhyfs location but the virus just came back, after doing some research online I noticed that this was a recurring problem and read several posts on this website, all with a similar theme of instructions so I downloaded FRST and ran the scan, here are the results of the scan.......
 
Thanks in advance.

Answer:Fake Google Chrome virus

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire cont... Read more

14 more replies
Relevance 68.88%

My computer is running very slow. I found several Google Chrome processes (with the image name of okursqwayt.exe) going on all at once. I don't have Google Chrome installed.
 

Answer:Fake Google Chrome Virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

28 more replies
Relevance 68.88%

I have seen this same problem on the forums but I need a specific fix that works for me. There is a process that appears on startup that claims to be Google Chrome but obviously is not. You can't end the process and even when you boot into safe mode and delete the file, it just loads up from another location. It roams around in: C:/Users/gordon2/AppData/LocalLow. I found the same problem on another page on the forum but the fix that was used does not work for me due to file and folder names being different. Please create a fix like the one used in the other forum that I can use to remove this malicious process. http://www.bleepingcomputer.com/forums/t/551943/fake-google-chrome-processes/
 
I have attatched logs from FRST that will give you the information you need.
 
Also attatched is the fixlog.txt file that was used in the last forum, but does not work for me since the file and folder names are different.
 
Thanks for your help.
 
-Benjamin

Answer:Fake Google Chrome Process

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555149 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 68.88%

I'm at the affected PC to communicate and hopefully resolve this issue. Thanks for any help that you can give me. Tried to end process but keeps replicating and is using up large amount of memory. Google Chrome is not installed on this PC.
 

Answer:Fake google chrome process

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

20 more replies
Relevance 68.88%

Hello, I have followed the instructions for posting to this thread and uploaded the two documents from FRST. I am having the fake google chrome process virus as well, please help!
 

Answer:Fake Google Chrome Process

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 68.88%

The description pretty much says it all, I ran FRST and those files are attached.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 68.88%

As described, multiple fake Chrome processes. As opposed to just the fix, I'd also like any details you can give me about this issue and what causes it.
 

Answer:Fake Google Chrome Processes

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and w... Read more

9 more replies
Relevance 68.88%

Hello,
 
I've seen others with the same problem, but I am getting a process in Windows Task Manager that won't go away even if I go into Safe Mode and delete the file.  It is located in User\AppData\LocalLow.  I have attached the image of Windows Task Manager and the 2 FRST files.
 
Thank you for any help!
 

Answer:Fake Google Chrome Processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
I will reply back later today with a fix.
 
 
Regards,
Georgi

8 more replies
Relevance 68.88%

Hello, I found this forum today when trying to determine if what I keep seeing on my laptop is actually a virus. Found a bunch of similar posts/responses here from people that seem to have been having the same problem as me. I keep noticing dozens of Google Chrome processes that are constantly running, slowing my laptop down. I don't see how it could possibly from Chrome, since I have uninstalled it from my laptop. Anyway, I need some assistance at this point. I have tried everything I know how to do. Any assistance or advice would be greatly appreciated. Thank you!
 

Answer:Trying to get rid of that fake Google Chrome .exe virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 68.88%

Hi - I'm new here, and found that I'm having the same problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
I've read through the above mentioned post above along with many others. I also followed a post on Reddit about this - below:
http://www.reddit.com/r/sysadmin/comments/2kl04m/fake_google_chrome_browser_process_max_out_cpu/
 
This process was continually running and spawning new processes.
C:\Users\Mike\AppData\LocalLow\Roblox\Lxjonxrom\lqsxdhhzll.exe
 
I also noticed information was being cleared and rewritten to this folder continuously:
C:\Users\Mike\AppData\LocalLow\Google\Dcdeecveb
 
I followed the suggestion about using Taskkill in the Reddit post and killed the process then immediately deleted the two folders mentioned above. I actually have all the contents of these folders still in my recycle bin (if needed).
 
Since killing the processes and removing the folders the offending processes have not restarted, however I am concerned there may be more lurking. Can you please assist with this?
 
Also, any idea how this virus/malware is being spread?  I noticed the create time on the folders was on 11/3/14 and 6:28pm.
 
Thank you in advance for all the great work you do!  This appears to be a great community!
 
Logs from DDS are attached.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344... Read more

Answer:Fake Google Chrome Processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

10 more replies
Relevance 68.88%

Mine is another case of fake Google Chrome processes running. I deleted the relevant files in the C:\Users\XXXX\AppData\LocalLow directory, but they start back up again! Thanks in advance for your help!
 

Answer:Another fake Google Chrome issue

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
==================================



Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Downl... Read more

4 more replies
Relevance 68.88%

Like others on this site, I have been infected with a program that says it's Google Chrome but actually isn't.  Briefly, there is an executable file named “XSIAKQJE.EXE” (in Task Manager, the image name is the same with *32 afterwards) and has a description name of “Google Chrome” in Task Manager.  Google Chrome is not installed on the computer, nor any other Google application, but there are a minimum of 4 processes of this application running at the same time at any given time which easily goes up to 15 or so processes within a short period (<15 minutes) of computing.  As long as the internet connection is disabled, each running process is below 70mb of memory usage; after connection is made, 2-4 of the processes jump up to 100-400+MB of memory usage.  The application is running on an HP DV6T laptop computer, i7 Q720 Intel processor, 8gb ram, Windows 7 professional w/service pack 1 and all current updates performed.  The internet browser used is IE version 11.
 
Shown below is the DDS.txt file contents.  I have also attached the "attach.txt" file and 3 other files in a Zip file which details more specific information that I found while researching the behavior of this rogue application that I have not found others to have reported.  These 3 other files are in a Microsoft WinWord document - please let me know if that format is not able to be read.
 
I really do appreciate any help you can provide me... Read more

Answer:Fake Google Chrome application

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554736 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

23 more replies
Relevance 68.88%

Apparently there's malware in my CPU. Getting errors stating Google Chrome has crashed and I do not use Google Chrome nor is it installed in my computer. Do I follow the Windows 7 malware removal procedure? Any help would be appreciated.
 

Answer:Fake Google Chrome errors

Yes.
 

7 more replies
Relevance 68.88%

Windows 7 PC just started running very slowly.  Noticed numerous (sometimes up to 25) processes named "mmxctdbwkm.exe" running, spawning, re-spawning constantly.  Norton 360 popups indicating "Google Chrome using excessive memory resources" - task manager shows processes having descriptions "Google Chrome" which obviously they are not as Google Chrome is not installed on this PC!  Files are under C:\users\John\appdata\LocalLow\.... I would like to follow the procedure in the link below as it describes my problem fairly accurately.  However, the process appears to require 2-way collaboration and information sharing so wanted to check first before diving in.  Thank you in advance for your help.
 
http://www.bleepingcomputer.com/forums/t/551186/fake-google-chrome-running-multiple-processes-in-task-manager/
 

Answer:Fake Google Chrome processes

Start with the scanning for Poweliks. If it is found and removed there will be more cleanup of other malware to do.
 
Please download Powelikscleaner (by ESET) and save it to your Desktop. (let me know if poweliks was found and removed as shown in the last image)
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
 

 
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
 

16 more replies