Computer Support Forum

Fake Google Chrome Processes in Task Manager

Question: Fake Google Chrome Processes in Task Manager

When I restart from Sleep, I have windows open that look like a browser with various ads in them. I looked in my task manager and saw a number of Chrome processes named Wgvsgnxdj.exe *32 that use about 20% of the CPU. When I end the processes, they restart on their own. The processes are all located in the AppData/LocalLow/Adobe/zqjpwqzm folder.

Can you please help me out? I have scanned with MalwareBytes, MaAfee, SpyBot 2, and tdsskiller. None of these have found anything.

I have attached FRST scan logs.

Thank You!

Relevance 100%
Preferred Solution: Fake Google Chrome Processes in Task Manager

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Fake Google Chrome Processes in Task Manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.

Please attach all report using button below. Doing this, you make it easier for me to analyze and fix your problem.

Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

4 more replies
Relevance 98.02%

I have a Windows 7 Lenovo laptop that is running very slow.  I ran virus scans, including Malwarebytes that returned zero results.  I have noticed in Task Manager that there are several processes running with a description of "Google Chrome". 
 
The exe file is in the \userprofile\appdata\locallow\Sun\ folder. This exe cannot be deleted since there is a lock on it. Even if I kill the processes from Task Manager, they regenerate faster than I can delete.
 
Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome processes in Task Manager

Hi. Please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

7 more replies
Relevance 95.99%

Hello -
A customer of mine brought their personal laptop to me to look into why large amounts of data are being used up on their Verizon Hotspot.  This is a Windows 7 Home Premium laptop.  I ran multiple virus scans including ComboFix and Malwarebytes that returned zero results.  I then noticed in Task Manager that there were multiple processes running that belonged to Google Chrome.  I then verified that Chrome is not even installed.  I found the running .exe file in the \userprofile\appdata\locallow\Google directory.  Rebooted into 'Safe Mode' and then removed the folder and then scanned the registry for the same .exe name and removed them as well.  I then restarted the pc and the files reappeared, this time in the Adobe directory rather than Google.  I repeated the steps above with the same results.  Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome Running Multiple Processes in Task Manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

10 more replies
Relevance 95.99%

A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 95.99%

Strider said:


A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.Click to expand...

I had the same issue. Hopefully you can help. File attached. The google chrome process was called "Eskuyiyifxt.exe*32"
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 93.96%

Infections date probably on 10/26/2014. Fake google chrome processes (a lot of them) are running in the task manager, hogging memory and CPU. Computer is slow.

The process name is listed as Mjjckmsq.exe *32 in task manager, and is running from the location....
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\Uuiputi\fzsdleeocr
.....as mentioned by task manager when I right-click on the process and ask to open file location.

This EmieUserList is a hidden folder and is not visible in the LocalLow folder even if I enable the "show hidden files and folders" option.

I have run the Farbar Recovery scan tool and have attached the results with this post.

Please let me know if there is anything else I can do to help solve this problem.
 

Answer:Fake Google Chrome processes named Mjjckmsq.exe *32 in task manager slowing computer down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 93.96%

The process name is listed as wgjbmmc.exe *32 in task manager.
When I 'Open file location' it is located at...
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\pgngpdf\zhgekhrmttku

I attached the FRST results files.

Thank you
 

Answer:Fake Google Chrome processes named wgjbmmc.exe *32 in task manager slowing computer down

Hello.
Uninstall Microsoft Security Essentials

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

Start
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\Software\Classes\.exe: => <===== ATTENTION!
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\Run: [Wkudeas] => regsvr32.exe /s "C:\Users\Jeff\AppData\Local\{CB212118-3492-4DED-963D-DAB6283A1E07}\Wkudeas.dll" <===== ATTENTION
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {08c6c7e4-0e4a-11e0-9774-96bca1c77bb5} - G:\setup.exe -a
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {e5848bdb-fdad-11e1-8325-8bf135db7bca} - G:\setup.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that bo... Read more

8 more replies
Relevance 84.97%

My laptop runs slower than usual and is creating new folders in weird places. I did notice task manager processes for chrome and did an online search to find a few connected to fake processes like
programdata\ntuser.pol and programdata\Roaming and windows\XSxS.

I ran MGlogs and attached the zip that was one my desktop after it completed.
 

Answer:Task Manager Shows Fake Chrome Processes

Can you upload all of the other requested logs please?

I will post to procedures for your reference.

READ & RUN ME FIRST - Malware Removal Guide
 

10 more replies
Relevance 81.78%

My computer was running slow so I went to my task manager and seen a whole bunch of Google Chrome processes running. I was confused at first because I don't even have Google Chrome installed. As I tried to stop the processes one at a time, more only popped up. Then I looked it up on the net, found others yall have helped on this site, and know there's something wrong. If possible, would like to know how and when the malware was installed as I have multiple students that use the pc and this is the first time ever had this happen, would like to know if it was a user doing something wrong by accident or on purpose (is even possible to know, but mainly would like to just get pc fixed!)

I right clicked and Disabled Antivirus AutoDetect (Norton); Downloaded zoek and have result log attached. Required a pc reboot and did that too. Problem is still happening. It also changed my home page to google.com (I changed it back). I also uploaded a picture of my task manager if that helps any.

Thanks!!!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 81.78%

Hi TwinHeadedEagle,
I have almost exactly the same problem running on my computer. I have run zoek, malwarebytes, and AdwCleaner and I still have the problem. Rather than create a new post in the forum I have just replied to this post since it seems so similar. I have now run Farbar and have attached the two logs. I also included a pic of my task manager showing the processes that keep loading. Can you help me? Thank you!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 79.75%

I keep getting memory error's. So I opened up task manager and I have about 10 instances of Google Chrome running and they keep multiplying. I don't even have Google Chrome on my machine.
 

Answer:Fake Google Chrome in task manager

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

4 more replies
Relevance 79.46%

Hello, I've seen a few topics relating to my problem but wasn't sure if the steps are exactly the same for each person or if they are customized from problem to problem.
 
I'm running windows 7 and as other users have stated, my computer was running slowly, freezing up periodically and minimizing programs I was using. I checked task manager and at that time I saw many dllhost with description COM surrogate running, and trying to end the processes they just kept appearing again. At that time I had AVG as my antivirus and malwarebytes. Only AVG detected the file but it could not delete it. I then uninstalled AVG and changed my antivirus to Bitdefender and that seemed to have stifled the symptoms although I don't believe it ever fixed the problem. My computer was running smoothly for about a week and now I have a filename uirrvmzweu.exe with description google chrome. My computer symptoms are about the same as they were when the dllhost process was running. They both act very similar as far as I can see.
 
Any help would be much appreciated, thank you.

Answer:COM Surrogate and google chrome processes in task manager

Welcome njsLets start with this ...Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.Next run Autoruns.Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.txt).Please attach the text file to your next reply.

15 more replies
Relevance 78.88%

I am experiencing the same issues as some of your other users with a Fake Google Chrome process residing my Task Manager screen. My issue on my Laptop began yesterday, after I tackled removing a dllhost.exe issue over the weekend. I thought I had done well to get rid of it, using information from your forum, but then this file showed up the next day.My file is titled "Immytfefs.exe" and it states that it resides in the "C:\Users\User\AppData\LocalLow\Adobe\nmvkurfye" directory.It says it is a Google Chrome process, but I have uninstalled that program, and it is still there. I have Norton360 and MalwareBytes running, and neither detect this issue. I have downloaded your FARBAR Recovery Tools and ran the process to create the First and Addition files. and will attempt to upload them with this issue request. [Can't upload] If anyone has answers to this, that would be much appreciated.I came to this forum, because I can see others are currently experiencing the same issues.Please let me know what I can do to resolve this.  I think this is a true virus...Sincerely,David I can't seem to upload the FRST and Addition files to this post, so maybe someone can help me with that also. FRST.txt************Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by User (administrator) on USER-PC on 11-11-2014 12:54:20Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFMFWEVJLoaded Profile: User (Avai... Read more

Answer:Fake Google Chrome exes in Task Manager

Ran ESET Powelikscleaner.exe tool and did find Poweliks virus, and cleaned it.  Do not see the multiple files in Task Manager running behind the scenes.  Virus may have been involved with that!
Will keep the forum posted if any other files pop up.  Thanks for your help, and I am being patient...just reading alot of what others are experiencing.

3 more replies
Relevance 76.85%

Hello there,
 
I recently noticed my laptop running very slow, especially when using Youtube videos.  I deleted some old junk to free up some memory but that didn't help.  Defragged my laptop and ran several virus scans, but no improvment and nothing found on the scans.  I found a new program installed on my laptop called "Spigot Search Protection" which I uninstalled.  No improvement after this.  I then noticed about a dozen processes running on my Task Manager that appeared to be Google Chrome windows.  They were using up a ton of memory... and I use Firefox not chrome so I thought it was weird.  I uninstalled Google chrome, but they remained open and listed as google chrome programs.  I opened the file location and ran a virus scan directly, and it came back with no threats detected  (I ran Kaspersky). The image name for each process that is running is Lnzdypqnuf.exe*32 and appears as a GoogleChrome file.
At this time I did a Google search and came up with this website (it seems others have had the exact same problem).  I saw that each case should be handled specifically, so I decided to register and post instead of trying to figure it out myself. 
 
If anyone can assist me with getting rid of this problem I would greatly appreciate it.  I have never downloaded a virus before, and do not open ads or clickbait on websites.  I do use Utorrent once in awhile and expect that is how I downloaded this vir... Read more

Answer:Multiple Google Chrome Processes in Task Manager; Cannot close and laptop slow

BTW, am running on Windows 7

4 more replies
Relevance 75.69%

Hello,

First off, I'm a new member to the forum and I would like to express my sincere appreciation for help resolving this problem. I'm usually able to clean up malware but have not been successful in this case. As I've read through the furum, I've noticed other posts with a similar issue so this must be something new going around.

The issue I have is popups (always three windows) which became noticeable about five days ago and prompted my actions. I have two accounts on the infected PC and the issue is present on one account while the other account is free of the issue. As I investigated, I noticed a fake google chrome entry in the processes tab of the task manager. Its name is "cphngsji.exe*32" and its listed description is "google chrome." There are 10 to 15 entries in the task manager and it varies increasing and decreasing randomly. The randomly increasing and decreasing entries are visible and correspond to peaks and valleys in the CPU usage trace on the performance tab of the task manager. I also have an issue with the CPU fan running a great deal of the time when the infected account is active. This began several months ago and I now believe it is a result of this infection.

So far I have run my antivirus (McAfee), a tool called SUPERAntiSpyware Free Edition. They were able to find and fix other bugs but not this one. I also ran a McAfee tool called 'GetSusp' which identified three PUP's and one Assumed Dirty ... Read more

Answer:Fake google chrome entry in task manager causing popups and system slowness

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wa... Read more

7 more replies
Relevance 98.81%

A bunch of these jpkncmkh.exe *32 processes are always open in my task manager and my cpu is running at 90 to 100% and I don't have google chrome and the description is google chrome.  These must be viruses I need to get rid of im going to attach a frst files and logs because I saw other posts that did that. Please Help!!??
 
I want to copy and paste a fix list like I saw other people do to get rid of them but I don't know  how?
 
 

Answer:Fake Chrome Processes Please Help jpkncmkh.exe *32 description google chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554784 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

20 more replies
Relevance 96.35%

Noticed other people having the same issue. Hopefully this can get fixed.
 

Answer:Fake Google Chrome processes

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

1 more replies
Relevance 96.35%

As described, multiple fake Chrome processes. As opposed to just the fix, I'd also like any details you can give me about this issue and what causes it.
 

Answer:Fake Google Chrome Processes

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and w... Read more

9 more replies
Relevance 96.35%

Hello,
 I see a couple other people have posted this same problem in the last few days so hopefully someone can help.
 I have got 5-20 processes running under image name Bcexfymkqard.exe*32. Description Google Chrome. I have never installed Chrome. It is sucking maximum bandwidth from my modem. Malwarebytes did not clean it.  Please help. Here are my FRST and Addition logs:
 
FRST:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by John (administrator) on JOHN-PC on 21-10-2014 08:33:05
Running from C:\Users\John\Downloads
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Locktime So... Read more

Answer:Need Help... Fake Google Chrome processes

Bumpety Bump.  Can anyone help me with this?

22 more replies
Relevance 96.35%

Hello. Recently my PC has become infected with the "Google Chrome" virus where a fake .exe posing as Chrome creates itself, runs itself, and opens many processes which hogs CPU and RAM. Deleting the .exe is no good because this virus recreates itself in a new random folder upon next PC startup and does its same thing again. I have already run Farbar Recovery Tool, so attached are my FRST and Addition txts.
 

Answer:Fake Google Chrome processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 96.35%

Hi - I'm new here, and found that I'm having the same problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
I've read through the above mentioned post above along with many others. I also followed a post on Reddit about this - below:
http://www.reddit.com/r/sysadmin/comments/2kl04m/fake_google_chrome_browser_process_max_out_cpu/
 
This process was continually running and spawning new processes.
C:\Users\Mike\AppData\LocalLow\Roblox\Lxjonxrom\lqsxdhhzll.exe
 
I also noticed information was being cleared and rewritten to this folder continuously:
C:\Users\Mike\AppData\LocalLow\Google\Dcdeecveb
 
I followed the suggestion about using Taskkill in the Reddit post and killed the process then immediately deleted the two folders mentioned above. I actually have all the contents of these folders still in my recycle bin (if needed).
 
Since killing the processes and removing the folders the offending processes have not restarted, however I am concerned there may be more lurking. Can you please assist with this?
 
Also, any idea how this virus/malware is being spread?  I noticed the create time on the folders was on 11/3/14 and 6:28pm.
 
Thank you in advance for all the great work you do!  This appears to be a great community!
 
Logs from DDS are attached.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344... Read more

Answer:Fake Google Chrome Processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

10 more replies
Relevance 96.35%

i saw that other users had this issue solved but that the fix files were created for their particular machines. i'm hoping to get the same kind of assistance.
 

Answer:more fake google chrome processes

Hi,

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

C:\Users\morgan\AppData\LocalLow\{E7AE305C-39A3-4FFB-8910-E33B62A071E7}\Jcacvhbrtnb\tctmnaabyyis
HKU\S-1-5-21-4241491024-506926899-3993154103-1000\...\Run: [Cmhysiwv] => regsvr32.exe /s "C:\Users\morgan\AppData\Local\{56AD1659-E116-40E9-B946-5D157B41769E}\Cmhysiwv.dll" <===== ATTENTION
C:\Users\morgan\AppData\Local\{56AD1659-E116-40E9-B946-5D157B41769E}
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131147,20033,0,25,0
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&
EmptyTemp:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not w... Read more

5 more replies
Relevance 96.35%

I just ran my FRST scan while in safe mode. I don't know if that will affect the outcome of the log or going forward. I've had had this problem for a few days and haven't been able to stop and just post about it. Thank you very much in advance for assistance.
 

Answer:Fake Google chrome processes

Here is my addition file as well.
 

6 more replies
Relevance 96.35%

I need help with a fake google chrome problem. Many processes are running and slowing my computer way down. I've taken multiple steps to attempt to fix this but my problem is still here. please help me
 

Answer:Need help on fake google chrome processes

Here are zoek results, I realized they may be helpful. Like I said above, the problem is still afflicting my computer after this.
 

11 more replies
Relevance 96.35%

Hello,
 
I've seen others with the same problem, but I am getting a process in Windows Task Manager that won't go away even if I go into Safe Mode and delete the file.  It is located in User\AppData\LocalLow.  I have attached the image of Windows Task Manager and the 2 FRST files.
 
Thank you for any help!
 

Answer:Fake Google Chrome Processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
I will reply back later today with a fix.
 
 
Regards,
Georgi

8 more replies
Relevance 96.35%

No idea where to begin with this. Please help!
 

Answer:Fake Google Chrome Processes

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
===================================


Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware wa... Read more

7 more replies
Relevance 96.35%

My computer started running really slow when I logged on today and websites were taking forever to load.  I noticed that there is a process called Neweozpowt.ext*32 running 10 or more times in the task manager and I can't kill them as they respawn.  Please help

Answer:Fake Google Chrome processes

Please disregard found the issue with help from Farbar recovery tool.

2 more replies
Relevance 96.35%

I just migrated Windows 7 from one SSD to another SSD today. I did not do any type of install - just cloned the drives and set up the new drive to be the boot master. I ran the ZOEK before I knew what I was supposed to do with requesting help from this forum, so I uploaded that log, too.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 96.35%

The description pretty much says it all, I ran FRST and those files are attached.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 96.35%

Windows 7 PC just started running very slowly.  Noticed numerous (sometimes up to 25) processes named "mmxctdbwkm.exe" running, spawning, re-spawning constantly.  Norton 360 popups indicating "Google Chrome using excessive memory resources" - task manager shows processes having descriptions "Google Chrome" which obviously they are not as Google Chrome is not installed on this PC!  Files are under C:\users\John\appdata\LocalLow\.... I would like to follow the procedure in the link below as it describes my problem fairly accurately.  However, the process appears to require 2-way collaboration and information sharing so wanted to check first before diving in.  Thank you in advance for your help.
 
http://www.bleepingcomputer.com/forums/t/551186/fake-google-chrome-running-multiple-processes-in-task-manager/
 

Answer:Fake Google Chrome processes

Start with the scanning for Poweliks. If it is found and removed there will be more cleanup of other malware to do.
 
Please download Powelikscleaner (by ESET) and save it to your Desktop. (let me know if poweliks was found and removed as shown in the last image)
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
 

 
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
 

16 more replies
Relevance 95.53%

Hello.  I believe I'm having a similar issue to the one resolved in the following post:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
Google Chrome is not installed on my PC, but the Task Manager continues to show 3 instances of the Google Chrome process named "jhtrmnotfjhv.exe" running.  If I end the processes, they just reappear.  I ran Malwarebytes, Spybot, and SuperAntiSpyware but no suspicious files were detected.  The file was originally saved in "c:/users/%username%/appdata/locallow/macromedia/jognafav/udrswncoq". I surmised after some online research that all of the content in subfolder "jognafav" was bogus, so I logged in as an administrator and removed the entire folder.  However, when I logged back in as myself an identical version of this folder (and all its contents) reappeared in "c/users/%username%/appdata/locallow/temp".  I'm convinced this process is affecting my PC's performance as I've noticed changes in the past few days.  Can you please help?  I downloaded the DSS tool and generated the requested logs.  These are attached for your review.
 
Thank you.  

Answer:Fake Google Chrome (jhtrmnotfjhv.exe) processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

10 more replies
Relevance 95.53%

Hi - I'm new here, and found that I'm having a similar (same?) problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
I don't have Google chrome installed, but I see multiple processes running (named browser.exe) with Google Chrome as the description.  I also found that the process was being run from C:\Users\%USERNAME%\AppData\LocalLow\EmieSiteList\Ytybvruxk\gaynsmnsbl - so, like the other user, I ended the processes and deleted the folder, but the folder just immediately regenerated. 
 
I have downloaded dds and run it to create logs if you would like me to post those. Additionally, I have downloaded Fabar Recovery Tool as instructed in the other thread but have not run it yet.
 
Thank you for any help you can provide.

Answer:Fake Google Chrome (browser.exe) processes also

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

14 more replies
Relevance 95.53%
Relevance 95.53%

Hello. I believe I'm having a similar issue to the one resolved in the following post:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
Google Chrome is not installed on my PC, but the Task Manager continues to show 3 instances of the Google Chrome process named "jhtrmnotfjhv.exe" running. If I end the processes, they just reappear. I ran Malwarebytes, Spybot, and SuperAntiSpyware but no suspicious files were detected. The file is saved in "c:/users/%username%/appdata/locallow/temp/jognafav/udrswncoq".  I'm convinced this process is affecting my PC's performance as I've noticed changes in the past few days. Can you please help? I downloaded the DSS tool and generated the requested logs. These are attached for your review.
 
Thank you.

Answer:Fake Google Chrome (jhtrmnotfjhv.exe) processes

Hello pantojaf,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked... Read more

4 more replies
Relevance 95.53%

Hello. I have read most of your replies, and I am hoping I don't need to start a new thread and I can just upload my scan files here. Please let me know if I need to do something different.

Thank you in advance for all your help.
 

Answer:Fake Google Chrome Processes Running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 95.53%

Apparently this is going around, but I just got hit with a bunch of fake google chrome processes, and I have never downloaded, installed or used chrome. Log files attached.

Thanks in advance for the help!
 

Answer:Multiple fake google chrome processes

I also ran a scan with malwarebytes anti-rootkit. Those logs are attached. It found an instance of the poweliks Trojan, which hit me last week and I thought was gone, but maybe this is all related? After the malwarebytes scan, the bogus processes are gone right now, but I'm skeptical that all is well now. One thing I do know is maybe it's time to ditch Norton 360...
 

5 more replies
Relevance 95.53%

Hello,
 
I believe I am having a similar issue to this thread:
 
www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
On my customer's computer, I keep getting processes showing up in task manager that are called browser.exe *32 (identified as Google Chrome) even though Chrome is not installed on the PC.  I traced the processes to the User/AppData/LocalLow/ and the folders they are coming from are called NarratorHagg and VolunteerJawa.  I have deleted them in safe mode but they keep regenerating.
 
I ran the FRST scan and I will post my scan log below.  Any help is appreciated!
 
---------------------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by fogal3 (administrator) on ORTHOWS3 on 26-08-2014 16:02:22
Running from C:\Users\fogal3\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/to... Read more

Answer:Fake Google Chrome processes (browser.exe *32)

Hello,please do the following:Step 1Please download this attached
 fixlist.txt   2.58KB
  37 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Make sure the option Addition.txt (under Optional Scan) is checked.Press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

7 more replies
Relevance 95.53%

Hello,
I have several fake google chrome processes that keep appearing under task manager.  If I end the processes, more just appear.
All have the name:  ybvwcdhrvmk.exe *32
The location of this process is AppData>LocalLow>Apple Computer>cizveoortqui>fqevmdgnxsk
Please help!  Thanks in advance!
Sunil

Answer:Fake google chrome processes keep appearing

Step 1: Malwarebytes Scan. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the Scan Log which shows the Date and time of the scan just performed.Click 'Export'.Click 'Text file (*.txt)'In the Save File dialog box which appears, click on Desktop.In the File name: box type a name for your scan log.A message box named 'File Saved' should appear stating "Your file has been successfully exported".Click OkCopy Paste that... Read more

6 more replies
Relevance 95.53%

Was reading threads from many other people with the same issue. Seems all the fixes were specific to their machines & there is no generic fix. Would love some help with this. Thank You!
 

Answer:Another case of fake Google Chrome processes

oops.. apparently I attached 2 copies of each report.. disregard the extra copies. sorry and here's the Addition.txt from FRST
 

4 more replies
Relevance 95.53%

I have afake google chrome process in task manager and don't have google chrome installed. First indication of an issue was when popups prompted me to allow a windows command processor to do something. I believe I always said no.. but my kids may have said yes.
 

Answer:Fake Google Chrome Processes Running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

17 more replies
Relevance 95.53%

Looking for best way to fix this malware/virus issue. Currently do not have any virus protection/software (thought I did & up til recently this computere was not used for downloading files/internet access so virus software was not really needed).

Attached addition.txt and frst.txt for you to view. Computer running Windows xp 32bit. Symptoms started when downloaded zip file for printer drivers because I couldnt find my disk. Or at same time, maybe from an external drive I was copying a file to.

Again, computer harddrive constantly running, so much that manouvering around on the internet is painstaking...google chrome not installed yet processes keep popping up in task manager.

If you can help me clean this up, I would be grateful, and then suggest some virus protection software....cause obviously I need it.
Thanks.
 

Answer:Fake Google Chrome processes running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 95.53%

Thank you in advance for any help you can provide.

It's really nice to know that for every bad guy creating these viruses, there's a good guy out there to help people in need. Thank you for the work you do, and thank you for reading my post.

I hope the information above is sufficient.

EDIT: P2P program utorrent has been disabled
 

Answer:Multiple Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 95.53%

Howdy,
 
New here, seem to have the same problems as many others.  Fake browser.exe processes.
 
I ran FRST as admin, here are my logs.
 
Any help is appreciated.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-08-2014
Ran by David_2 (administrator) on BOUNTIFUL on 29-08-2014 15:08:55
Running from C:\Users\David_2\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(CrossLoop) C:\Users\David_2\AppData\L... Read more

Answer:Another Fake Google Chrome (browser.exe) processes

Hi there,please do the following:Step 1Please download this attached
 fixlist.txt   357bytes
  8 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste this log in your next reply.

5 more replies
Relevance 95.53%

Hi - I'm new here, and found that I'm having a similar (same?) problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/545162/browserexe-rogue-process-taking-up-memory
 
I don't have Google chrome installed, but I see multiple processes running (named browser.exe) with Google Chrome as the description.  I also found that the process was being run from C:/Users/%USERNAME%/AppData/LocalLow/BrowserVoice/VinylGravity - so, like the other user, I ended the processes and deleted the folder, but the folder just immediately regenerated.  There was a NavigatorBeerware folder that appeared in C:/Users/%USERNAME%/AppData/LocalLow as well.
Both of those folders remanifest immediately upon deletion.  So I attempted to rename the (browser).exe in C:/Users/%USERNAME%/AppData/LocalLow/BrowserVoice/VinylGravity to browser.old as the other user did, but a new browser.exe immediately appeared.  The original folder(s) had appeared on 8/20/2014 9:36PM.
I downloaded & ran the free trial versions of spybot & malwarebytes, and no suspicious files were found/removed.  I'm periodically plagued with incessant popups that sometimes go dormant for a while.  Thank you in advance for having a look at my issue!  Attached are my logs:
 

 attach-jrm25.txt   16.9KB
  9 downloads

 dds-jrm25.txt   40.29KB
  9 downloads

Answer:Fake Google Chrome (browser.exe) processes

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi jrm25,
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal cr... Read more

14 more replies
Relevance 95.53%

TwinHeadedEagles helped me with this problem on Oct. 27th and it seemed to fix it but sadly it has come back six days later.

I'll repost my explanation from last thread:
Hello. Recently my PC has become infected with the "Google Chrome" virus where a fake .exe posing as Chrome creates itself, runs itself, and opens many processes which hogs CPU and RAM. Deleting the .exe is no good because this virus recreates itself in a new random folder upon next PC startup and does its same thing again.
 

Answer:Fake Google Chrome processes have returned

Hi, again.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

3 more replies
Relevance 95.53%

Hello. I have an infection where there is a .exe called "Fzpjrgr.exe" posing as Google Chrome that runs itself on startup and opens usually a dozen different processes (Chrome tabs) and keeps reopening them if I try to end the processes. I have also booted in Safe Mode, found the location of the .exe and deleted it, only to have the .exe recreate itself later in a new location and continue opening itself. My anti-virus software doesn't detect this infection. Can someone please help me in removing this?

Answer:Fake Google Chrome processes virus

bump. Still looking for help. Included in this post are my FRST.txt and Addition.txtScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014Ran by Joe (administrator) on JOE-PC on 25-10-2014 18:44:24Running from C:\Users\Joe\DownloadsLoaded Profile: Joe (Available profiles: Joe)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe(Intel... Read more

6 more replies
Relevance 95.53%

Hi There,
New to the site. I seem to have the same problem many others have discussed here. I dowloaded and ran the FRST and here are my results.
Can you please help?? An additional note, as I was typing this yet another window is playing something in the background although I can't see it.
 
FRST Notepad-
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-08-2014 01
Ran by Christine (administrator) on MURPHS on 29-08-2014 17:59:04
Running from C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAL3Z1SU
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Pr... Read more

Answer:Fake Google Chrome (browser.exe) processes - I have it as well

Hi there,you have more than one malware running on your system.Please execute Combofix to start with:Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.(You can find more detailed instructions in this guide on using Combofix.)

8 more replies
Relevance 95.53%

I first noticed my computer was running slow on 11/1 (it was last used on 10/30 without any noticeable issues). I looked in the Task Manager and there are 10-15 processes named "arwrlqtdyy.exe *32" (with descriptions of "Google Chrome"). I do not have Google Chrome installed on my computer. Ending these processes does nothing as they just re-appear. Malwarebytes Anti-malware and Microsoft Security Essentials both said my computer was clean. Any help you can provide would be greatly appreciated! I have attached the FRST scan log (as well as the Addition one). Thanks in advance!
 

Answer:Request Help with Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 95.53%

Ran Malware which did not find anything, Spybot found a few things but did not remove the Google Chrome stuff.

Tried to run FRST but it says it's not compatible with my system. What do you recommend?
 

Answer:Fake Google Chrome processes hogging CPU

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 95.12%

Could you please help me considering this is my work computer. I have added both files from the program I downloaded from your website first64
 

Answer:Help with fake chrome in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 94.71%

OS: Windows 7 Home Premium SP1
 
Avast antivirus keeps popping up with a message that it has shielded my computer from an executable file named yogozjvdaoeg.exe 
I have searched online for references to this, and cannot find a thing.
 
Chrome had also begun launching itself randomly. 
I went into Task Manager and discovered 12 instances of this file running, with a reference to Google Chrome.  I tried ending these processes, and for every one I ended, another one (or more) would start immediately.  
I have uninstalled Google Chrome, and still these processes are running, with no way to end them. 
I tried using Taskkill, but again, for every instance killed, a whole new set would start up immediately.
 
I went to the file location (see image) and tried manually deleting it, but it states that Chrome is running, so it cannot be deleted.  Chrome is not running, it has been uninstalled.

 
Is this a Chrome thing, or could it be malware?  I ran Malwarebytes, and it did not find anything.
 
Thank you for any help you can give.
 

Answer:Cannot end processes in Task Manager; Chrome related

Hi jbhere and
 
yogozjvdaoeg.exe
Upload here - https://www.virustotal.com/en/
Post link of result.
 
Thank you!

5 more replies
Relevance 94.3%

Hello,
 
I have the fake google chrome malware on my laptop. I followed the steps in the following link but with no success. http://www.bleepingcomputer.com/forums/t/546245/fake-google-chrome-browserexe-processes-i-have-it-as-well/
 
I would greatly appreciate some help.
Thank you.
 
Jake
 
EDIT: I just restored my computer to 6 hours earlier. So far I have not seen any fake google chrome pop ups. 
I am running a McAfee Scan to see if there's anything else. 
Is it possible that the malware was removed simply by restoring my system to before the incident occurred?

Answer:Fake Google Chrome (browser.exe) processes - Another Victim

Hello Jake,let's check the current state of your computer with a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

7 more replies
Relevance 94.3%

First noticed on 10/30/2014, in the volume mixer there were anywhere from 3 to 4 different Google Chrome volume bars displayed, all muted. If unmuted, the audio of an ad could be heard. When Task Manager was opened, there were multiple processes (orazjsv.exe) that were running, anywhere from 4 to 12 at any given time.

Tracing the folder to where orazjsv.exe is installed, I deleted the entire folder in Safe Mode only to have it reinstall in a different location once Windows was restarted. So far everytime I have deleted it, it has been from an existing folder in the AppData folder under my username, particularly a folder within the LocalLow folder. I have run Malwarebytes, Norton AV, and CCleaner. Currently I also have my firewall set to block the program from sending or receiving data.
 

Answer:Need Assistance, multiple fake google chrome processes

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:

Start
C:\Users\WastelandRogue\AppData\LocalLow\Adobe\pgnzuluwmcae
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-645926314-533527359-3572142578-1001\...\Run: [Ycebtlrd] => regsvr32.exe /s "C:\Users\WastelandRogue\AppData\Local\Skype\Ycebtlrd.dll" <===== ATTENTION
C:\Users\WastelandRogue\AppData\Local\Skype\Ycebtlrd.dll
HKU\S-1-5-21-645926314-533527359-3572142578-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-645926314-533527359-3572142578-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
FF SearchPlugin: C:\Users\WastelandRogue\AppData\Roaming\Mozilla\Firefox\Profiles\uwzpg0nw.default\searchplugins\trovi-search.xml
C:\Users\WastelandRogue\AppData\Roaming\Mozilla\Firefox\Profiles\uwzpg0nw.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\WastelandRogue\AppData\Roaming\Mozilla\Firefox\Profiles\uwzpg0nw.default\searchplugins\safesearch.xml
C:\Users\Wast... Read more

3 more replies
Relevance 94.3%

I have seen this Trojan on this forum before, but I need to get it off unique to my computer so I don't accidentally kill my computer.
A fake Google Chrome application called "ckfgiex.exe" is running multiple processes and lagging my computer like crazy. It is located in my LocalLow data folder (at seemingly random folder choices in LocalLow since it plants itself into a different folder for each different user). Thankfully it doesn't run in Safe Mode. How do I get this thing off of my computer?
Thanks,
Aidan
 

Answer:Fake Google Chrome processes taxing computer

16 more replies
Relevance 94.3%

Thank you for you help. Husband thinks it may have happened yesterday when attaching GoPro, but can't say for sure.
 

Answer:Multiple fake Google Chrome processes - CPU bogged down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 94.3%

Good Evening,
 
I am having a similar problem as others have posted about with rogue Google Chrome processes (Nteibgrnv.exe*32) appearing in my task manager and bogging down my computer.  I cannot stop the processes, cannot remove the folder where they are coming from, cannot find anything with either Norton Internet Security or Super AntiSpyware.  I could not delete the folder where they were coming from unless I went into safe mode but then the processes reappeared when I booted back into normal mode.
 
Can someone please help me deal with this?  I am pretty computer literate and will try to follow instructions as best as possible.
 
The DDS.txt log is pasted below.  The Attach.txt log is attached as instructed.  Thanks in advance for any help you can give!
 
KK
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by William at 22:36:13 on 2014-10-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3042 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Window... Read more

Answer:Fake Google Chrome Processes (Nteibgrnv.exe*32) Cannot stop them!

Hello Again,
 
Did I do something wrong in the original post?  I see people with the same issue who posted today already got replies.  I was at work all day and not able to check the forums often.  If I did something wrong and need to post a new or different version of the log, please let me know.
 
Thanks,
 
KK

19 more replies
Relevance 94.3%

Today my laptop became infected with a virus that runs multiple processes described as Google Chrome (name of processes: jwpvubxyrw.exe *32). These processes vastly slow down performance. I believe the virus was installed after an internet explorer error screen prompted me to run a program in the command prompt, which I accepted. The laptop is an Acer Aspire E1-731-4699 running 64-bit Windows 7. I would greatly appreciate help to remove this virus. Here are the contents of the DDS.txt report:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by RussellAult at 17:07:13 on 2014-10-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3934.925 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Syst... Read more

Answer:Virus with Fake Google Chrome executable processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

12 more replies
Relevance 94.3%

I see similar threads showing up in the last few days. I noticed lag spikes in a game, and a slowed frame rate. Checked task manager and discovered multiple processes claiming to be google Chrome. All have the same name, all are fairly large, and while they can be stopped, they reappear almost instantly. File source traced to hidden folders, folders deleted in safe mode but reappeared. Processes show up late in the windows loading process, before any user processes are opened. FRST scan run, files attached.
 

Answer:Fake Google Chrome processes slowing Windows

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 94.3%

complete beginner here. forgive my for my outdated knowledge and lingo.

Google Chrome process called "vfiujynubu.exe" is creating itself in random folders around my computer and running itself on startup, creating many processes and hogging CPU and RAM. When I try to delete the .exe, i either can't or it recreates itself upon next computer startup and continues running fake Chrome processes (even after I have completely uninstalled Chrome).

I am a subscriber to webroot secureanywhere and reported this problem to them. They suggest it is not a problem. They probably are correct. However I don't understand why all these processes continue to run (and why the .exe is even there) after I uninstall chrome. Here is the exchange:

Hello,

After examining all the information and logs you returned to us. We can see that the file you are referring to is a genuine Google Chrome file.
[G] c:\users\keim delepine\appdata\locallow\rbxlogs\ihmevlph\kywngyniqin\vfiujynvbv.exe [MD5: 0BDAE865738D27A4D84D50591C8C9D2D] [Flags: 10001000.21689]

More info on this file can be found on the (Virus Total)VT link below:
https://www.virustotal.com/en/file/...e974ebff8700f5f93dca2ec8a6b0991e2ac/analysis/

If you still suspect that your computer is infected, please provide any additional details that might lead you to believe that your computer's behavior is due to malware, and not an unrelated technical issue.

Thank you,

The Webroot Threat Research
Your Message (Nov 6,... Read more

Answer:Fake? google chrome processes running wild

hope this helps!
 

6 more replies
Relevance 94.3%

Here are uploads of FRST log, DDS and Attach logs.

Any help is appreciated.

Regards
 

Answer:Multiple Fake Google Chrome Processes Running

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 93.48%

Multiple Fake Google Chrome Processed are running on laptop. See multiple similar threads. Ran FRST and have provided logs. Any assistance would be greatly appreciated!
 

Answer:Multiple Fake Google Chrome Processes Running on Laptop

Uninstall Ask Toolbar.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:

Start
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe [1693800 2012-03-04] (MusicLab, LLC)
C:\Program Files (x86)\BearShare Applications\MediaBar
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
C:\Program Files (x86)\Ask.com
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4192403223-262647996-3079662322-1000\...\Run: [Xjdzilqlbnw] => regsvr32.exe /s "C:\Users\Jane\AppData\Local\{692D8DB2-29A3-41AE-92B9-083ADAB4A61B}\Xjdzilqlbnw.dll" <===== ATTENTION
C:\Users\Jane\AppData\Local\{692D8DB2-29A3-41AE-92B9-083ADAB4A61B}
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll [1778608 2012-03-04] (MusicLab, LLC)
C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr... Read more

4 more replies
Relevance 93.48%

I'm having a lot of trouble with this virus/malware and have tried a couple methods suggested on this forum. Mabye because fix designed for that person. I've attached a FRST scan below.
 

Answer:Fake Google Chrome Processes making computer slow

Please Reply If you can!
 

4 more replies
Relevance 93.48%

fake google chrome processes run in the background causing memory log jam. Processes keep popping up if you closes them or delete them. Location of running processes are similar to the other posts similar forums. Users\*name*\AppData\LocalLow\Adobe\eairvsfboeds\Hpgvkcia
 

Answer:Fake google chrome running multiple processes (ybbkifcdeb.exe)

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.
 

3 more replies
Relevance 93.48%

I have seen the threads where others had this problem. My task manager shows at least a dozen instances of Google Chrome running even though I have removed Chrome. Another users thread identified this as a Trojan Virus?
 
I have followed the Preparation Guide as best I can & attached the "DDS" and "Attach" logs. This is all pretty new / foreign to me & I am a little over my head but I think I attached what's needed.
 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.65.2
Run by Tayler at 13:32:41 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1040 [GMT -8:00]
.
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windo... Read more

Answer:Multiple fake Google Chrome Processes - Logs included.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554911 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 93.48%

I have an issue similar to the reported here:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
This is on my wife's PC. She removed Chrome from the computer but there are 6 Rogue Chrome process (dxvjblkaap.exe) running in Task Manager. I have tried to remove using: Norton 360, Spybot, CCleaner, Malwarebytes Anti-Malware, Emisoft Emergency Kit, adware cleaner and MS defender. All did not locate or remove the problem. The problem program is in a hidden folder in this location 'C:\Users\PA\AppData\LocalLow\EmieUserList\yxwnnavwldvm\sjbwkwojunjx\dxvjblkaap.exe'. This is listed in the DDS log file output. I also downloaded and ran FRST64 the output log show the offending process in the Process Whitelist part of the log file. as the following: '(Google Inc.) C:\Users\PA\AppData\LocalLow\EmieUserList\yxwnnavwldvm\sjbwkwojunjx\dxvjblkaap.exe'.
I someone could assist me in the removal of this problem it would be very much appreciated.

Answer:Fake Google Chrome Rogue Processes (dxvjblkaap.exe) Can't remove

Hello and welcome to Bleeping Computer! My nickname is Pystryker , and I will be helping you with your issue today.Before we get started, I have a few things I need to go over with youIf you are receiving help for this issue at another forum, please let me know so I can close this thread.Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may in... Read more

22 more replies
Relevance 93.48%

Multiple fake google chrome processes name pwkoxslg.exe
 
Farbar Recovery Scan Tool logs attached.
Thank you for your help.
 
 

Answer:Fake Google Chrome Multiple Processes (2014-11-13 1944)

Hello MarioDDN,  Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.  If you do not understand any step(s) provided, please do not hesitate to ask before continuing.  Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine. Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.  I will be analyzing your log. I will get back to you with instructions.  Download attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machi... Read more

8 more replies
Relevance 93.48%

I am having an issue similar to the one reported here:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
This is on my home PC.  I have tried running mcafee internet security, spybot, and some other cleaners but the problem still persists.  I tried starting in safe mode and deleting all the folders where this program is originating from but the folders just continue to move to another location under the same root folder.  Please help me remove this problem.  It takes up a lot of system resources and I'm not sure what other damage it is doing.
 
C:\Users\Liam\AppData\LocalLow\HPAppData\fouadtzmzyjz\gcnhpmqwztsz
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Liam at 11:39:41 on 2014-12-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8188.2511 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atie... Read more

Answer:Fake Google Chrome Rogue Processes (Fqivsuimptm.exe) Can't remove

Hello shuytco,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked ... Read more

11 more replies
Relevance 93.48%

Guys I just joined to help you out with this. I have been infected twice now with this Chrome random executables. It installs as you all have said
C:\Users\jschwartz\AppData\LocalLow\Microsoft\Pjddrcnolzd\updovrrefmes

It creates a Schedule Task in Task Scheduler to relaunch a random dll. If your infected you can sort scheduled tasks by task run in the last 1 hour.

BTW all folder directories it creates under the Locallow directories are random as well as the dll names and exe's are all random too. If you use "process Explorer" you can suspend the regsvr32.exe then kill all the random executables it creates.

I don't know which program is launching regsvr32.exe but the command is shown when my User Access Control prompts me to let it run. Heres how its launched:

C:\windows\syswow64\cmd.exe /c start regsvr32.exe "Path to the random dll under the locallow directory"

Hope this helps....still investigating. This problem I got infected from just regular browsing on the internet. No inappropriate websites. This is my work laptop so I don't have Admin rights but can contribute with what I find.

Hope this helps.
 

Answer:Fake Google Chrome Processes making computer slow

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

1 more replies
Relevance 92.25%

My computer is being taken over by fake chrome processes using the vast majority of my CPU.

Answer:Massive amounts of CPU being used by a Fake chrome process in task manager

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553421 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 88.56%

ok I have a Dell gx240 with windows xp home edition with 512 mb of ram.
It has been running extremely slow lately.
and bringing up task manager to stop the unwanted processes isn't working at all (Ill hit end process and nothing at all happens)
And I too am also experiencing the search engine redirecting thing. sometimes clicking a link prompts a download for a application-octet stream(?) type file.....

Answer:Task Manager wont end processes, Google searches redirected

Hello can we run MBAM as it should resolve a few of these issues. 512 RAM with XP is the bare minimum so slownees will be somewhat common.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button... Read more

11 more replies
Relevance 86.92%

Hi, I just found a neat little feature in Google Chrome and I'd like to share it with others who might not have noticed it.

First you'll click the wrench in the top-right of your browser.



Then navigate to the option 'View Background Pages'

Then in the open window you can manage the processes Chrome is currently using. To get a more detailed look click the 'Stats for nerds' option.




And you should find yourself at a page that looks like this:



Hope this helps!

More replies
Relevance 86.1%

Basically every time i start up chrome about 5-8 other chrome.exe 32s appear. 
Side note: its only doing it in chrome, i tried opening internet explorer and no .exe appeared in my task manager. 
They are slowing my browser massively, any help will be greatly appreciated.  

Answer:Multiple Google chrome .exe 32 in task manager

Why Does Chrome Have So Many Open Processes

10 more replies
Relevance 85.28%

Hi,
 
I noticed a few days ago that my computer was running slow.  I opened the task manager and noticed that the dllhost.exe*32 was in my Task manager over 20 times.  I ran my antivirus and nothing came up, I have both Malware, and Comodo.  I read through some removal logs and found one that was the same issue as mine basically.  I downloaded the Farber Recovery Scan Tool.  At first, I didn't read ALL the way through it and ended up downloading someone else's fixlist.txt that was part of a reply.  At the time I just figured it was a blanket fix for everyone, didn't realize it was for that specific computer.  So I pressed fix and it seemed to work......temporarily.  I also deleted Chrome but it still pops up in my Task Manager although I don't have the program. 
 
So...now I have read more and am going to do this the right way.  I ran a new scan and am including it in the post.  Hopefully someone can help me fix the problem.  I really appreciate all the help. 
 
I have a HP Pavillion dm4, 64 bit, running Windows 7 Home Premium
 
Here are my logs:
 Addition.txt   40.46KB
  4 downloads
 

 FRST.txt   82.95KB
  5 downloads
 

 Shortcut.txt   81.92KB
  1 downloads
 
 
Any help would be greatly appreciated.  Thanks so much,
 
Mik

Answer:dllhostexe*32 and google chrome app appear over 20 times each in Task Manager.

Hi Mik,please do the following steps:Step 1Please download this attached
 fixlist.txt   2.7KB
  7 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste this log in your next reply.

17 more replies
Relevance 85.28%

I had been using AVG & found it adequate. I got this computer in fall 2009 with Windows 7 32-bit on it. Since then, I've been using Microsoft Security Essentials.But it never found anything, until this month.Nov 21, I decided to try AVG again. D/Led the 30 day trial version & ran it. It found 4 Trojans in less than an hour. There was a "buy right now" sales pitch - pushy already; I was suspicious. Deleted AVG on 26th.Dec 30, I found right away that my computer is infected with a serious, really active bit of Malware/virus. I don't know its name; it apparently settles into or at least uses a directory in Windows ... C:\\Windows\sysWOW\dllhost.exe is said to be the culprit. MalwareBytes was continuously blocking "ads," I guess they are, generated by dllhost.exe? Try as I may, I've not been able to do anything about it.(Update: I bought & used Malwarebytes in 2014, March thru July I think. It used a lot of CPU while running. Slowed me down. I thoughtlessly deleted it ... at least, I think I did.)The very frequent message that Malwarebytes is blocking outgoing "stuff" must have been generated by the virus itself, as MWB wasn't on here at that time. My CPU was running at=close to 100%. The main user seemed to be C:\Windows\SysWOW64\dllhost.exe.Dec 31, MSE found something!: Trojan:Win32/Powessere.A!reg - "severe, active." I said Remove it.Jan 1, MSE found Trojan:Win32/Powessere.A!reg - "severe, active" again. I said Quarantine it. I was in over my head.I'd "lost" my tru... Read more

Answer:More Badness & Task Manager Credits "Google Chrome"

Can you re-run malwarebytes this time remove the infections and post the new log.   Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile a... Read more

1 more replies
Relevance 84.87%

Hi Melwaretips Pros,

I see a number of these bihsffi.exe processes running and it's taking up a lot of RAM on my system. Currently unable to remove this through traditional AV tools. I have also run RKill but it did not seem to find and remove this issue. Please take a look at the attached FRST scan logs and let me know if you are able to assist.
Thanks,
Steve C.
 

Answer:Fake Google Chrome Processes "bihsffi.exe *32"

I ran malwarebytes and it seem to have removed a registry setting and upon reboot the processes did not start. I was then able to delete the contents of EmieUserList folder. Attached is the updated FRST.txt for your review.
 

9 more replies
Relevance 84.05%

My lap top is running slow my google has been taken over by yahoo and i have lots of chrome,exe*32 files in mt task manager. i've removed yahoo as my search and put google as my deault but yahoo just comes back again. i havent used the lap top in a while my daughter uses it more she doesnt know whats happened, im a complete novice and dont know one end of the lap top from the other so will need a patient helper and no pc jargon as i wont understand, im not even sure if ive posted this thread right.
thanks
 

Answer:google taken over by yahoo and lots of chrome.ex*32 files in task manager

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

11 more replies
Relevance 84.05%

hello I have been playing with this multiple google chrome processes in task manager past few days it is malware but haven't been successful in removing it I have traced file to multiple disguised fake folders it created saved the location in note pad and booted computer in safe mode deleted the folder only to have it reappear in a new folder it created.  done this three times before investigating more on line about the issue. if im understanding correctly it requires a more practiced hand than my own to fully remove it I will post a farbar txt of its findings in this chat and if anyone is available to walk me through how to remove it I would greatly appreciate your time and help I hate  to say this but I really admire this one normally I can handle basic malware but this is really out of my league
I work during the day Monday through Friday 8 to 5 so any time during evenings or weekends I can really spend time and get this removed with a practiced hand
sincerely
EvilAxis
 
this is the current paths the infected folders took while I vainly tried to remove it doing the find folder reboot in  safemode and delete its  made quite a journey and is really a amazing little bug
 
1st attempt original location    C:\Users\Jason\AppData\LocalLow\AVG SafeGuard toolbar\Iqlhknlcn\Dyzpbxtjfb
 
jumped after safe mode delete and reboot
 
2nd  location          ... Read more

Answer:Multiple google chrome found in task manager on computer

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.  Please post the addition.txt as well.

5 more replies
Relevance 84.05%

I am suddenly unable to use Google Chrome (nothing happens), task manager (nothing happens). I have tried clicking on a system Reset, nothing happens. I have tried a restore, message says it is unable to start restore. PC is taking ages to come on and switch off.

Other things are slow. PC is practically unusable. Any suggestions?

Answer:Reset, task manager, Google Chrome plus other things not working

Do a repair install.
It will allow you to keep your files, settings and apps.
No product key is required.
Activation is automatic.
Repair Install Windows 10 with an In-place Upgrade

14 more replies
Relevance 81.18%

(1) istart.webssearches.com was installed on all 3 of my browsers after downloading "File downloader". It hijacked the default search engine and home page. I successfully redefined them, but since the hijack Chrome closes itself immediately after being run and, if it does stay open, does not remember the previously open tabs.
 
(2) Before installing the suspect program I had created a system restore point and also saved my registry files using ERUNT, but restoring them did not fix the problem. Malwarebytes found and removed Win tasks for "MySearchDial" and a registry key with a suspect Chrome extension - but this didn't help either.
 
(3) The problems disappear if I manually kill the numerous chrome processes found in Task Manager. But the processes and the problems with Chrome are back after the next bootup.
 
==================== DDS.TXT ========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.67.2
Run by Abba at 10:25:34 on 2014-10-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8182.4845 [GMT 3:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Free Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes =========... Read more

Answer:When Chrome is run, fake chrome processes make it disappear

Hello buznog,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.

 1.Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder. 2.Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 shut down your protection software now to avoid potential conflicts.run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your ... Read more

8 more replies
Relevance 80.77%

Computer running very slow, a couple of dozen tasks show up in Windows Task Manager with Image Name Nuyxhacoxa.exe having Decription 'Google Chrome'.

Chrome has been uninstalled from the system.
 

Answer:Malware/Virus infection - dozens of jobs showing in task manager with Description = 'Google Chrome'

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 78.72%

Need assistance getting rid of this fake chrome processes Trojan.
 

Answer:Fake chrome processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 78.72%

Hello, I have been having issues with what seems to be a virus. Fake Chrome processes (like 5-15 at a time), with a Chrome logo but a seemingly random-generated character name. I've found very similar threads on here (http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/ and the like), but the fixes I've read were custom written for each user. Just like the aforementioned users I've tried Spybot, MalwareBytes, and Avira but they cannot seem to detect it. I've also tried manually deleting the files, and they just regenerate, often in a new folder. From what I've gathered I should post my FRST and Addition logs, not sure if it makes a difference but I did run FRST in safe mode to generate these logs. Any help is greatly appreciated, as I am out of my league here.
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by Computer (administrator) on COMPUTER-PC on 20-10-2014 15:39:30
Running from C:\Users\Computer\Desktop
Loaded Profile: Computer (Available profiles: Computer)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the... Read more

Answer:Fake Chrome Processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
Next please download the following file => and save it to the Desktop.NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Also can you please temporary disable Avira real-time protection. Check here how:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Then go to... Read more

18 more replies
Relevance 78.72%

Greetings!

Somehow I got this fake Google Chrome virus and it seems to be going around right now. Anyway, I have the usual symptoms - high-running fan, CPU spiking near 100%, slow loading, many "Chrome" processes running, multiply when I try to stop them, coming from LocalLow folder. I don't even use or have Chrome running on this machine. I guess I need that FixList file?

Attached are the FARBAR FRST and Addition text files.

Any and all help would be greatly appreciated!
 

Answer:Fake Chrome exe processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

12 more replies
Relevance 78.72%

I have seen some other posts where this issue was fixed for them. it looks like I need the same thing. Can you help?
 

Answer:Fake Chrome processes

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your rep... Read more

5 more replies
Relevance 78.31%

Hello,
 
I'm trying to repair my parents computer. They were getting Trojan horse warning messages and crashing to blue screens. So far I have updated the BIOS and uninstalled all the browser addons and questionable apps I found on there PC. Since updating the BIOS it hasn't crashed to blue screen. However I'm getting a lot of lywqyjla.exe processes that say they belong to Google Chrome. I uninstalled Google Chrome and they are still there. Each of them is using varying amounts of memory and the CPU usage keeps spiking. I have run malware bytes and adw cleaner, each of them said they found and removed threats but these processes keep showing up.

Answer:Multiple Google Chrome processes running even though I uninstalled Google Chrome

Welcome to BC !
 
Run a scan using RKill. Read its description as to what it does. Once you have successfully run the scan, DO NOT reboot.
Proceed with the other scans. Reboot if the MBAM or other scans ask you to.
RKill Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then... Read more

1 more replies
Relevance 77.9%

I also have a computer infected with the fake Chrome processes.  Am looking for instructions and help to remove this problem.  This virus (or whatever its proper categorization is) is creating a folder under %Appdata%\LocalLow\<someApp>.  It originally placed its content folder under %Appdata%\LocalLow\Microsoft, but when I deleted this (while running in safe mode without internet), it re-created its folder under Adobe when I next started the computer up with internet.  I had also scanned the registry for any entries containing the bogus process executable (which for me is cmuocngg.exe) or folder (which for me is vvsvhiwsgirv) and deleted these entries.  Didn't help.  I ran a scan with Malwarebytes to no avail; it found more than 500 files which it quarantined (mostly under temp directories), but did not stop the virus.  Ran Autoruns, but didn't see any entries that looked obviously suspicious.  The computer is running Vista, which I was going to upgrade, but now have to deal with this problem first.  Thanks in advance for any pointers on identifying the elements at the heart of this so they can be removed.  Please let me know what info I should include to help (I'm new at this).

Answer:Need help removing fake Chrome processes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554787 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 77.9%

I am running Windows 7 Professional 64 bit. A couple of weeks ago I notices that my system was running a lot of CPU time even when nothing was being done on the system. I looked at the Task Manager and found a number of processes named Jbzazkalaf.exe and owned by Chrome. I have run Malwarebytes, and Norton Internet Security scans numerous time, but found nothing. Based on some of the postings on this forum, I downloaded the FRST and ran a scan with it. The two files, FRST.txt and Addition.txt are attached.
Can you help?
 

Answer:Fake Chrome processes Jbzrzkalaf.exe using a lot of CPU

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
=======================================

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool ne... Read more

5 more replies
Relevance 77.9%

Hello. First of all I would like to preemptively thank the wonderful person who chooses to help me with this issue. I believe I have included all the details, but if I've missed something I can go ahead and post again. I've browsed this forum for a small amount of time and found that several other people are having this issue as well, and I'm hoping I can get the help I need.
 

Answer:Multiple Fake chrome processes

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let t... Read more

3 more replies
Relevance 77.49%

I will open a program, close it, and then when i try to open it again a message appears saying that an existance of it is still running. When i look at my processes i see that it is in fact But when i try to "end Process" it does not close. The warning pops up, i say yes, and yet it does nothing. I can not seem to close these programs. And this causes shuting down to take up to 15-20 min unless i force a shut down. The problem has occured with Opera.exe CCAPP.exe outlook.exe and maybe more. Please help thanks!
 

Answer:HELP Task Manager wont close certain processes. End Task does nothing!

http://www.softtreetech.com/24x7/archive/49.htm
 

5 more replies
Relevance 77.08%
Answer:In windows task manager: 8 chrome procceses in chrome built in task manager: 4 procceses

that's normal, Chrome uses multiple processes to increase stability/performance.
 

1 more replies
Relevance 76.67%

Hi,

I saw some other posts on this forum which seemed to have a similar problem with the fake google chrome processes. I've run FRST and attached the logs. Any help would be appreciated!

The folder the .exe is running from is C:\Users\Allan\AppData\LocalLow\Adobe\Yrchindou\lqkucjscrcwe
 

Answer:Fake chrome processes running as sjidauor.exe

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies