Computer Support Forum

Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Question: Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

My computer was running slow so I went to my task manager and seen a whole bunch of Google Chrome processes running. I was confused at first because I don't even have Google Chrome installed. As I tried to stop the processes one at a time, more only popped up. Then I looked it up on the net, found others yall have helped on this site, and know there's something wrong. If possible, would like to know how and when the malware was installed as I have multiple students that use the pc and this is the first time ever had this happen, would like to know if it was a user doing something wrong by accident or on purpose (is even possible to know, but mainly would like to just get pc fixed!)

I right clicked and Disabled Antivirus AutoDetect (Norton); Downloaded zoek and have result log attached. Required a pc reboot and did that too. Problem is still happening. It also changed my home page to google.com (I changed it back). I also uploaded a picture of my task manager if that helps any.

Thanks!!!

Relevance 100%
Preferred Solution: Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.

Please attach all report using button below. Doing this, you make it easier for me to analyze and fix your problem.

Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

6 more replies
Relevance 149.35%

Hi TwinHeadedEagle,
I have almost exactly the same problem running on my computer. I have run zoek, malwarebytes, and AdwCleaner and I still have the problem. Rather than create a new post in the forum I have just replied to this post since it seems so similar. I have now run Farbar and have attached the two logs. I also included a pic of my task manager showing the processes that keep loading. Can you help me? Thank you!
 

Answer:Fake Google Chrome Process in Task Manager & Don't Even Have Google Chrome Installed!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 109.04%

I keep getting memory error's. So I opened up task manager and I have about 10 instances of Google Chrome running and they keep multiplying. I don't even have Google Chrome on my machine.
 

Answer:Fake Google Chrome in task manager

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

4 more replies
Relevance 107.88%

When I restart from Sleep, I have windows open that look like a browser with various ads in them. I looked in my task manager and saw a number of Chrome processes named Wgvsgnxdj.exe *32 that use about 20% of the CPU. When I end the processes, they restart on their own. The processes are all located in the AppData/LocalLow/Adobe/zqjpwqzm folder.

Can you please help me out? I have scanned with MalwareBytes, MaAfee, SpyBot 2, and tdsskiller. None of these have found anything.

I have attached FRST scan logs.

Thank You!
 

Answer:Fake Google Chrome Processes in Task Manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 107.88%

I have a Windows 7 Lenovo laptop that is running very slow.  I ran virus scans, including Malwarebytes that returned zero results.  I have noticed in Task Manager that there are several processes running with a description of "Google Chrome". 
 
The exe file is in the \userprofile\appdata\locallow\Sun\ folder. This exe cannot be deleted since there is a lock on it. Even if I kill the processes from Task Manager, they regenerate faster than I can delete.
 
Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome processes in Task Manager

Hi. Please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

7 more replies
Relevance 107.88%

I am experiencing the same issues as some of your other users with a Fake Google Chrome process residing my Task Manager screen. My issue on my Laptop began yesterday, after I tackled removing a dllhost.exe issue over the weekend. I thought I had done well to get rid of it, using information from your forum, but then this file showed up the next day.My file is titled "Immytfefs.exe" and it states that it resides in the "C:\Users\User\AppData\LocalLow\Adobe\nmvkurfye" directory.It says it is a Google Chrome process, but I have uninstalled that program, and it is still there. I have Norton360 and MalwareBytes running, and neither detect this issue. I have downloaded your FARBAR Recovery Tools and ran the process to create the First and Addition files. and will attempt to upload them with this issue request. [Can't upload] If anyone has answers to this, that would be much appreciated.I came to this forum, because I can see others are currently experiencing the same issues.Please let me know what I can do to resolve this.  I think this is a true virus...Sincerely,David I can't seem to upload the FRST and Addition files to this post, so maybe someone can help me with that also. FRST.txt************Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by User (administrator) on USER-PC on 11-11-2014 12:54:20Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFMFWEVJLoaded Profile: User (Avai... Read more

Answer:Fake Google Chrome exes in Task Manager

Ran ESET Powelikscleaner.exe tool and did find Poweliks virus, and cleaned it.  Do not see the multiple files in Task Manager running behind the scenes.  Virus may have been involved with that!
Will keep the forum posted if any other files pop up.  Thanks for your help, and I am being patient...just reading alot of what others are experiencing.

3 more replies
Relevance 105.56%

Strider said:


A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.Click to expand...

I had the same issue. Hopefully you can help. File attached. The google chrome process was called "Eskuyiyifxt.exe*32"
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 105.56%

A fake Google chrome file and dllhost.exe 32 file keeps spamming my task manager. I downloaded the real "Google chrome" from Google so I could use the "Google chrome task manager" to get rid of it but it didn't work. I turned my thumbnail preview off and I haven't seen dllhost.exe 32* since but I'm not sure if its completely takin care of that problem. My temporary fix for the fake Google Chrome file right now is when it starts spamming my task manager I right-click on it> open file location> start logging off and when the force shutdown menu appears I click cancel. For some reason it completely vanishes from my task manager for a couple seconds when I start logging off. Then I go back to my "open file location" and quickly delete the file before it starts back up. This stops it from spamming me but I have to do it every time I get on my computer. Still looking for a permanent solution for it.
 

Answer:Fake Google Chrome file spamming my processes in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 105.56%

Hello -
A customer of mine brought their personal laptop to me to look into why large amounts of data are being used up on their Verizon Hotspot.  This is a Windows 7 Home Premium laptop.  I ran multiple virus scans including ComboFix and Malwarebytes that returned zero results.  I then noticed in Task Manager that there were multiple processes running that belonged to Google Chrome.  I then verified that Chrome is not even installed.  I found the running .exe file in the \userprofile\appdata\locallow\Google directory.  Rebooted into 'Safe Mode' and then removed the folder and then scanned the registry for the same .exe name and removed them as well.  I then restarted the pc and the files reappeared, this time in the Adobe directory rather than Google.  I repeated the steps above with the same results.  Would you please help me with removing this virus?  Thank you.

Answer:Fake Google Chrome Running Multiple Processes in Task Manager

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

10 more replies
Relevance 103.53%

Infections date probably on 10/26/2014. Fake google chrome processes (a lot of them) are running in the task manager, hogging memory and CPU. Computer is slow.

The process name is listed as Mjjckmsq.exe *32 in task manager, and is running from the location....
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\Uuiputi\fzsdleeocr
.....as mentioned by task manager when I right-click on the process and ask to open file location.

This EmieUserList is a hidden folder and is not visible in the LocalLow folder even if I enable the "show hidden files and folders" option.

I have run the Farbar Recovery scan tool and have attached the results with this post.

Please let me know if there is anything else I can do to help solve this problem.
 

Answer:Fake Google Chrome processes named Mjjckmsq.exe *32 in task manager slowing computer down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 103.53%

Hello,

First off, I'm a new member to the forum and I would like to express my sincere appreciation for help resolving this problem. I'm usually able to clean up malware but have not been successful in this case. As I've read through the furum, I've noticed other posts with a similar issue so this must be something new going around.

The issue I have is popups (always three windows) which became noticeable about five days ago and prompted my actions. I have two accounts on the infected PC and the issue is present on one account while the other account is free of the issue. As I investigated, I noticed a fake google chrome entry in the processes tab of the task manager. Its name is "cphngsji.exe*32" and its listed description is "google chrome." There are 10 to 15 entries in the task manager and it varies increasing and decreasing randomly. The randomly increasing and decreasing entries are visible and correspond to peaks and valleys in the CPU usage trace on the performance tab of the task manager. I also have an issue with the CPU fan running a great deal of the time when the infected account is active. This began several months ago and I now believe it is a result of this infection.

So far I have run my antivirus (McAfee), a tool called SUPERAntiSpyware Free Edition. They were able to find and fix other bugs but not this one. I also ran a McAfee tool called 'GetSusp' which identified three PUP's and one Assumed Dirty ... Read more

Answer:Fake google chrome entry in task manager causing popups and system slowness

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wa... Read more

7 more replies
Relevance 103.53%

The process name is listed as wgjbmmc.exe *32 in task manager.
When I 'Open file location' it is located at...
C:\Users\USERNAME\AppData\LocalLow\EmieUserList\pgngpdf\zhgekhrmttku

I attached the FRST results files.

Thank you
 

Answer:Fake Google Chrome processes named wgjbmmc.exe *32 in task manager slowing computer down

Hello.
Uninstall Microsoft Security Essentials

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:

Start
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\Software\Classes\.exe: => <===== ATTENTION!
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\Run: [Wkudeas] => regsvr32.exe /s "C:\Users\Jeff\AppData\Local\{CB212118-3492-4DED-963D-DAB6283A1E07}\Wkudeas.dll" <===== ATTENTION
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {08c6c7e4-0e4a-11e0-9774-96bca1c77bb5} - G:\setup.exe -a
HKU\S-1-5-21-2545292765-1230149573-3276927781-1001\...\MountPoints2: {e5848bdb-fdad-11e1-8325-8bf135db7bca} - G:\setup.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {C69147BC-0DE3-470F-9D13-13BFFC7C77BA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that bo... Read more

8 more replies
Relevance 98.31%

My computer is being taken over by fake chrome processes using the vast majority of my CPU.

Answer:Massive amounts of CPU being used by a Fake chrome process in task manager

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553421 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 96.28%

I have seen this same problem on the forums but I need a specific fix that works for me. There is a process that appears on startup that claims to be Google Chrome but obviously is not. You can't end the process and even when you boot into safe mode and delete the file, it just loads up from another location. It roams around in: C:/Users/gordon2/AppData/LocalLow. I found the same problem on another page on the forum but the fix that was used does not work for me due to file and folder names being different. Please create a fix like the one used in the other forum that I can use to remove this malicious process. http://www.bleepingcomputer.com/forums/t/551943/fake-google-chrome-processes/
 
I have attatched logs from FRST that will give you the information you need.
 
Also attatched is the fixlog.txt file that was used in the last forum, but does not work for me since the file and folder names are different.
 
Thanks for your help.
 
-Benjamin

Answer:Fake Google Chrome Process

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555149 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 96.28%

I'm at the affected PC to communicate and hopefully resolve this issue. Thanks for any help that you can give me. Tried to end process but keeps replicating and is using up large amount of memory. Google Chrome is not installed on this PC.
 

Answer:Fake google chrome process

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

20 more replies
Relevance 96.28%

Hello,
 
Our HTPC got infected with virus:
C:\Users\Rita\AppData\LocalLow\Move Networks\Tssjgwzkpwxk\Qtnhygxoegxf\bewzwczd (bewzwczd.exe *32)
 
Here is FIRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Rita (administrator) on LIVINGROOMPC on 03-11-2014 12:57:41
Running from C:\Users\Rita\Desktop
Loaded Profile: Rita (Available profiles: Rita & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited                                                  ) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
() C:\Program Files\NVIDIA C... Read more

Answer:Fake Google Chrome Process

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554585 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 96.28%

Hello, I have followed the instructions for posting to this thread and uploaded the two documents from FRST. I am having the fake google chrome process virus as well, please help!
 

Answer:Fake Google Chrome Process

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 96.28%

TwinHeadedEagle helped me last week with a Trojan Ad Clicker virus. That seemed to have been fixed, but now having a different issue with a corrupt Google Chrome file. (even though I don't use Google Chrome or have even downloaded it)
 

Answer:Fake Google Chrome Process

Re-run FRST.exe as you did before ...
Download fixlist.txt that you find attached at the bottom of this post and save it same place you
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
> Attach here fixlog.txt logreport.
 

4 more replies
Relevance 95.12%

Attached are the FRST Scan log. Please assist thank you
 

Answer:Fake Google Chrome Process koojvzqjimm.exe

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:

CloseProcesses:
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3266
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3317
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3418
C:\Users\Gerry\AppData\LocalLow\EmieSiteList\Otclmgmy\Xuwjkyrjjxjn
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-425655839-3175279930-4035450205-1000\...\Run: [Zdylhklb] => regsvr32.exe /s "C:\Users\Gerry\AppData\Local\Microsoft\Zdylhklb.dll" <===== ATTENTION
C:\Users\Gerry\AppData\Local\Microsoft\Zdylhklb.dll
EmptyTemp:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
 

1 more replies
Relevance 95.12%

I too have fake google chrome processes running. The process name however is suljhdhadm.exe so i didn't wanna follow the same steps as everyone else if mine was a different version. If the same steps would work for me i wouldn't mind being redircted to a forum that would help ^_^.
 

Answer:Fake google chrome process name : suljhdhadm.exe

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 95.12%

Just to go along with the information I've already provided, I noticed on Monday of this week that my system seemed to bog down when trying to run my web browser and work program (DataCad). Mouse constantly flickers and shows the spinning circle like it is working. I will attach the FRST logs from the FarBar scan which I have just run. Look forward to any help that can be provided.

Thank you very much,

Chris
 

Answer:Multiple Google Chrome Process (fake)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 95.12%

I see a bunch of these on here, but as per instructions, am creating my own thread as the fix seems to be tailor made for specific situations. Any help greatly appreciated. You are truly Gods amongst men!
 

Answer:Fake Google Chrome Process (lsnibwfea.exe)

Hello,

Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

5 more replies
Relevance 94.25%

Greetings,

It appears this is not an uncommon problem. I'm sure hoping you folks can help.

The file is Rfhzyoqz.exe and is currently in the /AppData/LocalLow/EmieUserList/Wtzvbhu/Ebuagpaabob/ folder. There are apparently other related folders involved, including Tejgrfd in this same folder.

I will download the scan log tools and upload the logs shortly.

Thanks for being there,
grandpayoda
 

Answer:Fake Google Chrome Process running on my system

Here are the files from execution of FRST and AdwCleaner - run under Safe Mode when the Fake Google Chrome processes are not active. If I need to run them again under a normal boot, let me know, but note that I had trouble trying to run FRST under a normal boot (though it may have been because Norton 360 was active).
 

12 more replies
Relevance 94.25%

The fake process name is listed as ixqtjtdyrpo.exe*32 in task manager and is running from location:

C:\Users\USERNAME\AppData\LocalLow\EmieUserList\ixqtjtdyrpo\Zwpdwoxk

EmieUserList is a hidden folder that is not visible in the LocalLow folder even if I enable the system to show hidden files and folders.

I could not manually delete the EmieSiteList, so I erased the "ixqtjtdyrpo" folder in order to stop my CPU from running at 100% and slowing my computer.

I attached the results of FRST scan. Thank you in advance for your help.

ADDENDUM: I found this forum because this thread from yesterday appears to be similar to my computer problems.

http://malwaretips.com/threads/uyit...rome-process-emieuserlist-emiesitelist.36345/
 

Answer:ixqtjtdyrpo.exe*32 Fake Google Chrome Process EmieSiteList

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 94.25%

Many Google chrome processes running in task manager, very slow. Any help would be greatly appreciated.
 

Answer:fake google chrome process slowing machine

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 94.25%

Please help me remove whatever is causing this issue. I have no idea where it came from or how it started. Thank you.
 

Answer:Fake Google Chrome process displayed as hckovnetit.exe*32

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 93.09%

Twin Headed Eagle,

I'm not sure if the correct etiquette is to start a new thread or not but I have near exactly the same malware running on my system. It goes by the process jtnhzbckkgv.exe but besides that is also a fake Google Chrome, is found in the folder emiesitelist, and exhibits the same behavior as the malware discussed above. I looked at your fixlist.txt in an attempt to customize it for my computer but was unable to find and replace certain values. Is it possible you could work one more miracle? I have the logs you requested from the first user attached.
 

Answer:uyitudbeg.exe*32 Fake Google Chrome Process EmieUserList EmieSiteList

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 93.09%

The process name is listed as uyitudbeg.exe*32 in task manager and is running from location : C:\Users\USERNAME\AppData\LocalLow\EmieUserList\lxvctjj\pytuerskksw

There are two folders EmieSiteList and EmieUserList and are both hidden folders not visible in the LocalLow folder even if I enable the system to show hidden files and folders.

I attached the results of FRST scan. Thanks for your help. I cannot manually delete the EmieSiteList and EmieUserList folders.
 

Answer:uyitudbeg.exe*32 Fake Google Chrome Process EmieUserList EmieSiteList

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

14 more replies
Relevance 93.09%

My coputer is infected with the same malware. I noticed that google crome failed, but I do not have google crome so that got me thinking.
I have since deleted several folders which contain the malware and cleaned the registry too.. (It was in the run location in registry). I ran Malware bytes that loacted the root folder where the malware was located. Malware bytes has run to completion and it reports the system as clean. Symantec antivirus is still runnng

There are no processes of the malware running at this time, although the malware folders seem to be appearing . The folder names are
EmieBrowserModeList, EmieSiteList, EmieUserList which contain a single file. They are located in \\appdata\local\. I am concerned the malware is still around. Any help is appriciated

Thanks
Hil
 

Answer:uyitudbeg.exe*32 Fake Google Chrome Process EmieUserList EmieSiteList

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 93.09%

Hi
 
It seems this problem has been encountered before on these forums. 
 
I'm running Win 7 64 bit
 
I have these rogue processes running - multiple instances - using a lot of system memory and slowing the computer. 
 
(Google Inc.) C:\Users\Mark\AppData\LocalLow\Sun\zngaoca\Uonbgemojdgt\Zhhjeudnqbh.exe
 
I will run DDS later and attach.  I'm posting this from a second Windows installation (same disk, separate partition) on the same machine - which doesn't appear to be infected. 
 
For now I attach the results from FRST which I ran when last using the infected Windows installation.  I think it is quite easy to see the problem files - which appear to reside in the Sun (JAVA) folder of the users hidden AppData folder.  Naturally trying to delete these folders or kill the processes is to no avail - since some other hidden process or service is causing them to respawn when Windows boots. 
 
I have tried scanning with Avast and Internet Security Essentials from the "clean" windows installation to check for the malware on the "infected" partition - but nothing shows up. 
 
I have also tried RKill while running the infected installation - but this didn't pick anything up. 
 
RogueKiller64 causes a BSOD when run on both clean and infected partitions - which I'm sure is unrelated.  But interesting to know. 

Answer:Infected with multiple fake Google Chrome process malware

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the ran... Read more

11 more replies
Relevance 93.09%

UPDATE: This issue was resolved with Malwarebytes. Thank you.
Hello,

It appears that I have fake Google Chrome process malware on my computer. I do not recall installing any new software or Chrome updates, but this process is now there. I now have multiple running processes of executable files that appear to be fake Google Chrome Processes. adkshfjdkjd.exe *32 or something to this effect. Slowing computer, causing erratic buggy performance, etc., Norton Internet Security icon appeared twice in system try before deleting process and disabling suspicious start up file.

I have downloaded and installed Farbar Recovery Tool, run the initial scans and attached files. Any help with removing this would be greatly appreciated.

Thanks in advance,

Cameron
 

Answer:Fake Google Chrome Process Malware Removal Help Needed

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 93.09%

Computer has been running very slow since this showed up. Anywhere from 5 - 12 processes exist in the Task Manager, and the amount of memory for each constantly increases. If I end the processes, they just return 30 - 60 seconds later.

FRST.txt and Addition.txt logs attached.
 

Answer:Fake Google Chrome process wgjbmmc.exe clogging up resources

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

10 more replies
Relevance 93.09%

Please forgive me that I do not understand a lot about these types of things!  I have been reading other posts with similar situations, but do not understand what I read -as I don't know what a log is or even understand some of the steps.  If you can, please speak in "Crayola" for me!  I was able to follow the directions I found for creating the DDS and attach files (thanks to through instructions even though I don't know what they are!).   So here's my problem.
 
My computer (Dell -Windows 7 Home Premium -64 bit) started running really slow suddenly.  I opened up the task manager and saw that there were 12 instances of the same thing running -the image name was: vlvfbmxlyv.exe *32  - The description said:  Google Chrome.  The memory column for all of these said anywhere between 25,000 and 140,000.  I had Google Chrome installed, but we never use it (I use mostly IE 11.0 and sometimes Firefox as required by my son's homeschool).  I tried closing the processes and after a couple of them, more would generate so it was impossible.  I knew enough to know this sounds like a virus. I typed in the image name in a search but not a thing came up. I went and uninstalled Google Chrome (just in case it was something else) -restarted the computer and checked, but they were still there.  I ran a full scan with Microsoft Security Essentials (my only virus protection as it has worked for ... Read more

Answer:Fake Google Chrome Process/Virus -Cannot close or remove

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

43 more replies
Relevance 91.93%

Hi,
 
Was multitasking and installed what I believe was a fake Google Chrome update.  Based on some quick Google searching, I'm pretty sure this scam has been linked to something called a Zeus banking trojan.  Guessing that means I've installed some sort of keylogger.
 
File was called Chrome.exe and digitally signed by Air Software.  Running Windows Vista on an old Dell Inspiron17.  Basic McAfee AV.
 
For months I've been getting an auto Java update prompt on startup, located in the bottom-right toolbar, which I've been ignoring (gets blocked by Windows) and then closing. Today when using YouTube on Firefox (I generally use Chrome, but have a YouTube downloader built into FireFox) it prompted me that Java is out of date.  I rebooted, allowed that Java update to install, was distracted working on several other tasks on Chrome, and then saw the fake Chrome Update pop up.  Followed the steps blindly, as I was distracted.
 
Help in removing this, plus any other malware/viruses that have built up over the past couple of years would be appreciate.

Answer:Downloaded a Fake Google Chrome Update and Installed

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

22 more replies
Relevance 91.06%

Hi, I just found a neat little feature in Google Chrome and I'd like to share it with others who might not have noticed it.

First you'll click the wrench in the top-right of your browser.



Then navigate to the option 'View Background Pages'

Then in the open window you can manage the processes Chrome is currently using. To get a more detailed look click the 'Stats for nerds' option.




And you should find yourself at a page that looks like this:



Hope this helps!

More replies
Relevance 90.19%

Basically every time i start up chrome about 5-8 other chrome.exe 32s appear. 
Side note: its only doing it in chrome, i tried opening internet explorer and no .exe appeared in my task manager. 
They are slowing my browser massively, any help will be greatly appreciated.  

Answer:Multiple Google chrome .exe 32 in task manager

Why Does Chrome Have So Many Open Processes

10 more replies
Relevance 89.03%

Hi,
 
I noticed a few days ago that my computer was running slow.  I opened the task manager and noticed that the dllhost.exe*32 was in my Task manager over 20 times.  I ran my antivirus and nothing came up, I have both Malware, and Comodo.  I read through some removal logs and found one that was the same issue as mine basically.  I downloaded the Farber Recovery Scan Tool.  At first, I didn't read ALL the way through it and ended up downloading someone else's fixlist.txt that was part of a reply.  At the time I just figured it was a blanket fix for everyone, didn't realize it was for that specific computer.  So I pressed fix and it seemed to work......temporarily.  I also deleted Chrome but it still pops up in my Task Manager although I don't have the program. 
 
So...now I have read more and am going to do this the right way.  I ran a new scan and am including it in the post.  Hopefully someone can help me fix the problem.  I really appreciate all the help. 
 
I have a HP Pavillion dm4, 64 bit, running Windows 7 Home Premium
 
Here are my logs:
 Addition.txt   40.46KB
  4 downloads
 

 FRST.txt   82.95KB
  5 downloads
 

 Shortcut.txt   81.92KB
  1 downloads
 
 
Any help would be greatly appreciated.  Thanks so much,
 
Mik

Answer:dllhostexe*32 and google chrome app appear over 20 times each in Task Manager.

Hi Mik,please do the following steps:Step 1Please download this attached
 fixlist.txt   2.7KB
  7 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste this log in your next reply.

17 more replies
Relevance 89.03%

I had been using AVG & found it adequate. I got this computer in fall 2009 with Windows 7 32-bit on it. Since then, I've been using Microsoft Security Essentials.But it never found anything, until this month.Nov 21, I decided to try AVG again. D/Led the 30 day trial version & ran it. It found 4 Trojans in less than an hour. There was a "buy right now" sales pitch - pushy already; I was suspicious. Deleted AVG on 26th.Dec 30, I found right away that my computer is infected with a serious, really active bit of Malware/virus. I don't know its name; it apparently settles into or at least uses a directory in Windows ... C:\\Windows\sysWOW\dllhost.exe is said to be the culprit. MalwareBytes was continuously blocking "ads," I guess they are, generated by dllhost.exe? Try as I may, I've not been able to do anything about it.(Update: I bought & used Malwarebytes in 2014, March thru July I think. It used a lot of CPU while running. Slowed me down. I thoughtlessly deleted it ... at least, I think I did.)The very frequent message that Malwarebytes is blocking outgoing "stuff" must have been generated by the virus itself, as MWB wasn't on here at that time. My CPU was running at=close to 100%. The main user seemed to be C:\Windows\SysWOW64\dllhost.exe.Dec 31, MSE found something!: Trojan:Win32/Powessere.A!reg - "severe, active." I said Remove it.Jan 1, MSE found Trojan:Win32/Powessere.A!reg - "severe, active" again. I said Quarantine it. I was in over my head.I'd "lost" my tru... Read more

Answer:More Badness & Task Manager Credits "Google Chrome"

Can you re-run malwarebytes this time remove the infections and post the new log.   Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile a... Read more

1 more replies
Relevance 89.03%

Hello, I've seen a few topics relating to my problem but wasn't sure if the steps are exactly the same for each person or if they are customized from problem to problem.
 
I'm running windows 7 and as other users have stated, my computer was running slowly, freezing up periodically and minimizing programs I was using. I checked task manager and at that time I saw many dllhost with description COM surrogate running, and trying to end the processes they just kept appearing again. At that time I had AVG as my antivirus and malwarebytes. Only AVG detected the file but it could not delete it. I then uninstalled AVG and changed my antivirus to Bitdefender and that seemed to have stifled the symptoms although I don't believe it ever fixed the problem. My computer was running smoothly for about a week and now I have a filename uirrvmzweu.exe with description google chrome. My computer symptoms are about the same as they were when the dllhost process was running. They both act very similar as far as I can see.
 
Any help would be much appreciated, thank you.

Answer:COM Surrogate and google chrome processes in task manager

Welcome njsLets start with this ...Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.Next run Autoruns.Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.txt).Please attach the text file to your next reply.

15 more replies
Relevance 88.45%

A bunch of these jpkncmkh.exe *32 processes are always open in my task manager and my cpu is running at 90 to 100% and I don't have google chrome and the description is google chrome.  These must be viruses I need to get rid of im going to attach a frst files and logs because I saw other posts that did that. Please Help!!??
 
I want to copy and paste a fix list like I saw other people do to get rid of them but I don't know  how?
 
 

Answer:Fake Chrome Processes Please Help jpkncmkh.exe *32 description google chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554784 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

20 more replies
Relevance 88.16%

I am suddenly unable to use Google Chrome (nothing happens), task manager (nothing happens). I have tried clicking on a system Reset, nothing happens. I have tried a restore, message says it is unable to start restore. PC is taking ages to come on and switch off.

Other things are slow. PC is practically unusable. Any suggestions?

Answer:Reset, task manager, Google Chrome plus other things not working

Do a repair install.
It will allow you to keep your files, settings and apps.
No product key is required.
Activation is automatic.
Repair Install Windows 10 with an In-place Upgrade

14 more replies
Relevance 88.16%

hello I have been playing with this multiple google chrome processes in task manager past few days it is malware but haven't been successful in removing it I have traced file to multiple disguised fake folders it created saved the location in note pad and booted computer in safe mode deleted the folder only to have it reappear in a new folder it created.  done this three times before investigating more on line about the issue. if im understanding correctly it requires a more practiced hand than my own to fully remove it I will post a farbar txt of its findings in this chat and if anyone is available to walk me through how to remove it I would greatly appreciate your time and help I hate  to say this but I really admire this one normally I can handle basic malware but this is really out of my league
I work during the day Monday through Friday 8 to 5 so any time during evenings or weekends I can really spend time and get this removed with a practiced hand
sincerely
EvilAxis
 
this is the current paths the infected folders took while I vainly tried to remove it doing the find folder reboot in  safemode and delete its  made quite a journey and is really a amazing little bug
 
1st attempt original location    C:\Users\Jason\AppData\LocalLow\AVG SafeGuard toolbar\Iqlhknlcn\Dyzpbxtjfb
 
jumped after safe mode delete and reboot
 
2nd  location          ... Read more

Answer:Multiple google chrome found in task manager on computer

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.  Please post the addition.txt as well.

5 more replies
Relevance 88.16%

My lap top is running slow my google has been taken over by yahoo and i have lots of chrome,exe*32 files in mt task manager. i've removed yahoo as my search and put google as my deault but yahoo just comes back again. i havent used the lap top in a while my daughter uses it more she doesnt know whats happened, im a complete novice and dont know one end of the lap top from the other so will need a patient helper and no pc jargon as i wont understand, im not even sure if ive posted this thread right.
thanks
 

Answer:google taken over by yahoo and lots of chrome.ex*32 files in task manager

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

11 more replies
Relevance 86.71%

Hi all,
 
First of all I want to say thank you, you are just wonderful guys and we are lucky to have you in our lives.
I've searched and found here similar posts by other users. But I thought it would be wise to troubleshoot this one together.
As one of the admin said that using some tools without the guidance of a professional troubleshooter\penetration tester is not recommended, so you know thought not to take the chances
 
Here is a log file from AdwCleaner
 
# AdwCleaner v5.102 - Logfile created 14/03/2016 at 19:38:48
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : h***z - DESKTOP-EN7P12P
# Running from : C:\Users\ha\Downloads\adwcleaner_5.102.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\_acestream_cache_
Folder Found : C:\ProgramData\mntemp
Folder Found : C:\Users\h***z\AppData\Local\Temp\Video Converter
Folder Found : C:\Users\h***z\AppData\LocalLow\.acestream
Folder Found : C:\Users\h***z\AppData\Roaming\.acestream
Folder Found : C:\Users\h***z\AppData\Roaming\acestream
Folder Found : C:\Users\h***z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
 
***** [ Files ] *****
 
File Found : C:\Users\h***z\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\h***z\AppData\Local\Go... Read more

Answer:While in Chrome mouse cursor move by itself and opened Google Chrome Task Manage

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please run the AdwCleaner tool and clean everything that was identified.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.Let me know what problems persists.

7 more replies
Relevance 86.42%

Hello there,
 
I recently noticed my laptop running very slow, especially when using Youtube videos.  I deleted some old junk to free up some memory but that didn't help.  Defragged my laptop and ran several virus scans, but no improvment and nothing found on the scans.  I found a new program installed on my laptop called "Spigot Search Protection" which I uninstalled.  No improvement after this.  I then noticed about a dozen processes running on my Task Manager that appeared to be Google Chrome windows.  They were using up a ton of memory... and I use Firefox not chrome so I thought it was weird.  I uninstalled Google chrome, but they remained open and listed as google chrome programs.  I opened the file location and ran a virus scan directly, and it came back with no threats detected  (I ran Kaspersky). The image name for each process that is running is Lnzdypqnuf.exe*32 and appears as a GoogleChrome file.
At this time I did a Google search and came up with this website (it seems others have had the exact same problem).  I saw that each case should be handled specifically, so I decided to register and post instead of trying to figure it out myself. 
 
If anyone can assist me with getting rid of this problem I would greatly appreciate it.  I have never downloaded a virus before, and do not open ads or clickbait on websites.  I do use Utorrent once in awhile and expect that is how I downloaded this vir... Read more

Answer:Multiple Google Chrome Processes in Task Manager; Cannot close and laptop slow

BTW, am running on Windows 7

4 more replies
Relevance 85.26%

Hello,

As noted above, I'm currently having problems with a process that is being detected as Gooogle Chrome taking up most of the resources on my system. This, even though I don't have Chrome installed on my computer. I've tried deleting the file, but it just pops up somewhere else.

I ran FRST and have attached the resulting reports to this thread. Any help you can provide would be greatly appreciated.

Thanks in advance,

J
 

Answer:Google Chrome Processes stalling system, but Chrome isn't installed

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 85.26%

I have many "Google Chrome" processes running (jthzgxbastyz.exe *32), but I don’t have Chrome installed on this computer. I have tried to run Malwarebytes and Malwarebytes anti-root, MacAfee root kit, and several others. Anything I try to open, never actually opens. I ran DDS, but it doesn’t look like its accessing the file system. I am an administrator on this computer, but when I attempt to download anything now from Internet Explorer, I get a Security Alert " Your current security settings do not allow this file to be downloaded." I reset IE and it allows me to download the programs, but I still can’t run them. Hope this helps! Seems like I have a full blown infestation. L
 
Windows 7 Home Premium
 

 attach.txt   933bytes
  1 downloads
DDS LOG
 

 FRST.txt   22.46KB
  1 downloads
FRST LOG
 

Answer:Multiple Google Chrome Executables Running, but Chrome Not Installed

Hey, Please post the FRST Log into the thread rather attaching them. ;)

36 more replies
Relevance 85.26%

I noticed a lat jump after updating adobe. I checked my processes and there is a ton of Google Chrome Processes running. I did not have chrome loaded at that time. I have win 7. I have run bitfinder and it finds nothing wrong. I try ending them but they launch right back up. Bitfinder has found 430 infected web resource detected just today but it blocks it and says computer is safe. 
 
kraxzciwyk.exe*32  is the image name and the description is Google Chrome.

Answer:Lots of Google Chrome processes running but don't have chrome installed

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

16 more replies
Relevance 84.68%

Computer running very slow, a couple of dozen tasks show up in Windows Task Manager with Image Name Nuyxhacoxa.exe having Decription 'Google Chrome'.

Chrome has been uninstalled from the system.
 

Answer:Malware/Virus infection - dozens of jobs showing in task manager with Description = 'Google Chrome'

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 83.52%

Could you please help me considering this is my work computer. I have added both files from the program I downloaded from your website first64
 

Answer:Help with fake chrome in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 82.94%

The processes are named Adjyodaeamxj.exe *32, There are at least five of these processes running at any given time, though sometimes many more will run. They are using up large chunks of memory and taxing my computer.
 

Answer:Processes from Google Chrome, do not have chrome installed.

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 81.78%

My laptop runs slower than usual and is creating new folders in weird places. I did notice task manager processes for chrome and did an online search to find a few connected to fake processes like
programdata\ntuser.pol and programdata\Roaming and windows\XSxS.

I ran MGlogs and attached the zip that was one my desktop after it completed.
 

Answer:Task Manager Shows Fake Chrome Processes

Can you upload all of the other requested logs please?

I will post to procedures for your reference.

READ & RUN ME FIRST - Malware Removal Guide
 

10 more replies
Relevance 81.49%

Hi , I have been in this forum last month as I was having some problems with my toshiba laptop, it was sent to to the service center and it is now back and I started it using yesterday.
After I did a CLEAN INSTALL as told in this forum , My is working great.
It looks light, loads quick and is quite fast.
Now When I was looking into TASK MANAGER today , I noticed something strange,
I had FIRE FOX open and CHROME too,
Fire fox was 1 service in task manager while chrome was 12 , It looked strange so I ended one process and whole chrome browser shut down, then I re opened it and it again shows multiple services, all using MEMORY too.

Here is the picture when chrome is not opened



and then here is the one when I opened chrome,



Please tell me is this a thing to worry ???
How can I overcome this problem

Answer:Task Manager Shows 12 Process for CHROME

This is a "feature" of Chrome - Each module in Chrome runs as a separate process, so shows up as a unique PID in Task Manager. This includes each Tab that is open, and each Add-on. It is designed this way for stability - supposedly a fault in one process will not "take Down" the whole program.

Its something that can look odd but it's basically a quirk of programming style

I can only assume that either you closed the main process or the system is set-up by chrome to assume that if a user closes one process they wish to close all

3 more replies
Relevance 79.46%

Hello,
 
I'm trying to repair my parents computer. They were getting Trojan horse warning messages and crashing to blue screens. So far I have updated the BIOS and uninstalled all the browser addons and questionable apps I found on there PC. Since updating the BIOS it hasn't crashed to blue screen. However I'm getting a lot of lywqyjla.exe processes that say they belong to Google Chrome. I uninstalled Google Chrome and they are still there. Each of them is using varying amounts of memory and the CPU usage keeps spiking. I have run malware bytes and adw cleaner, each of them said they found and removed threats but these processes keep showing up.

Answer:Multiple Google Chrome processes running even though I uninstalled Google Chrome

Welcome to BC !
 
Run a scan using RKill. Read its description as to what it does. Once you have successfully run the scan, DO NOT reboot.
Proceed with the other scans. Reboot if the MBAM or other scans ask you to.
RKill Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then... Read more

1 more replies
Relevance 79.46%

Please help me..... :(My google chrome is not working. I have tried following several attempts to repair but still not working1. from google support i have tried using Internet download manager2. i have renamed default folder from user data as backup and opened google chrome still its not working3. looked for SFC:/ SCANNOW command even though that also not helped me4. I have uninstalled chrome and installed chrome beta.... same can't open that too5.I have tried Revo uninstaller that also not working to repair From last 3 days i am siiting infront of my laptop for repairing google chrome but i couldnot make it proper.Chrome is my favourite browser but its not working what to do?? Please help me :(((((((((((((

Answer:google chrome cannot open showing google chrome stopped work

If you mark it best answer, it will close out this question and Justin will put a lil' star by my name. You are most welcome, glad to help.To err is human but to really screw things up, you need a computer!

6 more replies
Relevance 79.17%

I see that many people here are having the same problem, and have had success in resolving it in these forums, so this seems to be the place to go to get help. I've followed the instructions listed in the preparation guide, and have enclosed the FRST files. Thanks in advance for your help.
 

Answer:Yet Another Fake Google Chrome

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 79.17%

Hi,
 
New to the site and having issues with that google chrome .exe fake program.  It generates a bunch of the program and run it in process.  Could anyone help me?  I ran malwarebyte have norton installed and even ran AdwCleaner but its still there and causes my pc to lag and flashes sometimes.  Oh here is the 2 FRST files.
 
Edit:  After trying out some malware removal programs I seem to have been able to remove it and here is the updated FRST logs in case you catch anything else or if I didn't really solve the root of the problem.  Thank You.

Answer:Fake Google Chrome .exe

Can someone help and look to see if my pc is clean now?  Thanks

15 more replies
Relevance 79.17%

Many instances of a fake Google Chrome are running in the background and I traced them using task manager to "Users/(My Name)/AppData/LocalLow/vprixmf". This is leading to a slow PC. A google search took me to this site and I found a thread with someone that had the same problem (http://malwaretips.com/threads/fake-google-chrome-virus-malware-cant-get-rid-of-this-thing.35419/). I did the scan with ZOEK but the fake Chrome is still present.
 

Answer:FAKE GOOGLE CHROME (10-20-14)

Hello,

In the top right corner of Chrome, click 3 lines, and then About Chrome. Picture of that windows would be good. If not, just tell me exactly what is written under Version.
 

10 more replies
Relevance 79.17%

Please help me! I have read up a lot on the other people with this problem. A file called "rchnxsshh.exe" appears, and it's description is "Google Chrome" although I've uninstalled Chrome. When I open file location, it is in my appdata/locallow/ various folders. I've read this is a backdoor Trojan that has entered my system through a flash/java exploit present in past versions.

I'm generally capable and good with computers but I am not sure what to do, as all the other solutions have been machine/user specific. Please help! Thank you.
 

Answer:Fake google chrome .exe

Will upload Zoek scan soon. Also, I'm noticing this weird thing where it will scroll to the bottom of a web page or document after like, 5 seconds. Very weird and annoying.
 

2 more replies
Relevance 79.17%

Hello,
 
In my Windows task manager, I have  multiples file labeled " Dcvdpgzxc". It is listed as Google Chrome in the description and it is location is AppData/localLow/ Adobe. Please help me get rid of it
 
 
 
EDIT: I forget to mention this is the second time, this has happen on the same computer. I had it once, I rebooted the computer, then deleted the location it was in " AppData/LocalLow/* (it was located somewhere else before).

Answer:Fake Google Chrome.....

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi smoth1,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run ... Read more

14 more replies
Relevance 79.17%

Hi,
  I may have a similar problem to the person who posted http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
  This seems to be a very new thing, because a Google search for it brings up mostly posts from this month, the only practical information about it is on this site, and standard anti-virus software seems to miss it entirely.
   This all started when I was browsing some sites about health food or exercise.  Suddenly, I was getting messages from Windows asking my permission to run regsrvr to register some dll, and I kept saying no, but it would come back up.  In the details, it said it was coming from some executable named by a really long random-looking string beginning with an X.
  There were a bunch of copies of that process in my task manager, taking up a lot of memory and CPU, and every time I tried to force-quit them, more appeared.  They show up in the task manager as Chrome, but the name of the process was this long string beginning with an X. It was an exe file under a strange folder within appdata/locallow/Adobe.
   I ran a quick scan with Windows Security Essentials, and also ran a custom scan of locallow, but it didn't find anything it thought was suspicious.
   I wanted to get back up and able to do stuff, so I rebooted in safe mode, reset my machine back a few days with system recovery, and deleted that entire folder inside appdata/locallo... Read more

Answer:Fake Google Chrome too

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552959 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

5 more replies
Relevance 79.17%

So I was on my computer trying to find some cheap clothing websites and I happened to stumbled upon a video that I then watched but shortly after was asked to update my google chrome.. from reading other forms I am thinking there is a few people with a similar problem.. I didn't even realise it could have been a virus until my computer start to run a little slower so I googled it and came to this page. I downloaded FRST and done as the forum suggested although when I visited virustotal it said the file which I copied was not recognised so I'm just wondering what I should now do?
 
This was the forum I used, http://www.bleepingcomputer.com/forums/t/548427/fake-google-chromeexe-virus/

Answer:Fake Google Chrome.exe app

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following: Analysis and research take some time, also sometimes real life gets in the way, please be patient. Limit your internet access to posting here, some infections just wait to steal typed-in passwords. Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good. Paste the logs in your posts, attachments make my work harder and more complicated. Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational. Note that we may live in totally different time zones, what may cause some delays between answers. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt!
Let's start and enjoy the fight! Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:
createsrpoint;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedpr... Read more

2 more replies
Relevance 79.17%

Hi, I am new to this site. I am drawn to this site because I am having the same "fake Google Chrome Malware" problem that several members have posted on this site recently. After googling for an hour, it seems this is the only place that offers viable solution!
 
I started to notice this a couple of days ago when the laptop was making loud noises even though I was not doing anything. From the task manger, there are over 15 fake chrome processes clogging up. I have Malwarebytes and Symantec installed, but they both failed to screen out the malware. I ran the Farbar Recovery Scan Tool as some the previous threads suggested and included the two txt files in this message.  Please help.
Thanks!
xun

Answer:Fake Google Chrome exe

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Malware WarningAll passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.
 Step 1
Please uninstall some programs:
... Read more

34 more replies
Relevance 78.88%

I've tried multiple anti-everything programs from Super Anti-Spyware, Malwarebytes, ComboFix, Spybot S&D, and various online scans that have found nothing, or found something but never fully cleaned my system. For a week or two, Google was being redirected to various ad sites, but after my system was "cleaned" everything was fine. Now today, anything remotely related to Google won't load at all. I've tried to manually remove the TDSS google-redirecting virus, but I have none of the files that supposedly come along with the virus.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Des at 14:42:16 on 2012-02-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1903 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\nvsvc32.... Read more

Answer:Infected with a virus that redirects Google, shows Google "not found nginx" also, no Youtube, Google Chrome or Google E...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

38 more replies
Relevance 78.3%

I'm trying to fix my mother-in-law's little Toshiba netbook. They were reporting that it ran incredibly slowly, and when I looked in task manager, I saw lots of browser.exe items that reported to be running in Chrome, but Chrome isn't even installed on the computer.

I ran the Malware protocol, but had trouble getting some of the logs. Roguekiller didn't put a log on the desktop as expected from the instructions. I think I messed up the Malwarebytes one because it didn't happen exactly as the instructions said it would and I missed my chance. I didn't want to re-run it because the instructions said not to. When I opened TDSSkiller, it said "Cannot initialize log". I ran it anyway but sure enough I didn't get a log. HitmanPro and MGLogs are attached.

I basically want permission to start all over and run the whole protocol again.

Thank you for your help.
 

Answer:Lots of Browser.exe's in Task Manager but Chrome not even installed

Try re running both RogueKiller and Malware Bytes please and see if you can get us the logs.
 

19 more replies
Relevance 78.3%

The process for me is named "uledyhxq.exe" and like i mentioned above, if you End Process/End Process Tree it causes it to duplicate like 'bunny rabbits' or 'gremlins'. The Folder of Origin is "C:\Users\ANUSTRT\AppData\LocalLow\Microsoft\Xjnxlhqx" yet I've noticed reappearing folders either in "C:\Users\ANUSTRT\AppData\LocalLow\Microsoft\" but also in the "C:\Users\ANUSTRT\AppData\LocalLow\Temp", "C:\Users\ANUSTRT\AppData\LocalLow\Sun", and "C:\Users\ANUSTRT\AppData\LocalLow\Adobe".

I also noticed that "AppData\LocalLow\Temp\ltotwuh", "AppData\LocalLow\Microsoft\Qzonkmt", "AppData\LocalLow\Adobe\Ivjczifql" folders have subfolders with closely resemble what you see in the "C:\Users\*USERNAME_HERE*\" directory.

I've attached my ADWCleaner & FRST scan logs
 

Answer:I too have a fake google-chrome infection

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 78.3%

Hi - I'm new here, and found that I'm having the same problem as the user who posted this:
 
http://www.bleepingcomputer.com/forums/t/553030/fake-google-chrome-jhtrmnotfjhvexe-processes/
 
I've read through the above mentioned post above along with many others. I also followed a post on Reddit about this - below:
http://www.reddit.com/r/sysadmin/comments/2kl04m/fake_google_chrome_browser_process_max_out_cpu/
 
This process was continually running and spawning new processes.
C:\Users\Mike\AppData\LocalLow\Roblox\Lxjonxrom\lqsxdhhzll.exe
 
I also noticed information was being cleared and rewritten to this folder continuously:
C:\Users\Mike\AppData\LocalLow\Google\Dcdeecveb
 
I followed the suggestion about using Taskkill in the Reddit post and killed the process then immediately deleted the two folders mentioned above. I actually have all the contents of these folders still in my recycle bin (if needed).
 
Since killing the processes and removing the folders the offending processes have not restarted, however I am concerned there may be more lurking. Can you please assist with this?
 
Also, any idea how this virus/malware is being spread?  I noticed the create time on the folders was on 11/3/14 and 6:28pm.
 
Thank you in advance for all the great work you do!  This appears to be a great community!
 
Logs from DDS are attached.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344... Read more

Answer:Fake Google Chrome Processes

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

10 more replies
Relevance 78.3%

My computer started running really slow when I logged on today and websites were taking forever to load.  I noticed that there is a process called Neweozpowt.ext*32 running 10 or more times in the task manager and I can't kill them as they respawn.  Please help

Answer:Fake Google Chrome processes

Please disregard found the issue with help from Farbar recovery tool.

2 more replies
Relevance 78.3%

Have a Windows 7 Pro 64bit system that has multiple chrome.exe processes running. The system does not have Chrome installed.Have run a full virus check with NIS and it did not find anything.Ran TDSSKiller and it came back clean.Do you have any suggestions as to how I might remove the Trojan or virus that infected my system? Thank You,Decatur31

Answer:Fake google chrome ( browser.exe)

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkbox:
 
List Installed Programs
 
Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

2 more replies
Relevance 78.3%

Hello all, I recently have contracted a virus on my pc that is calling itself google chrome. I haven't ever downloaded google chrome and yet, it somehow is on my pc. It only shows up in my processes tab and I am unable to remove it as it recreates itself when I try to. It is hidden in my loval C: drive and has really messed with my computer as it now freezes quite often and is much slower than before. Can somebody help me out here. Thanks

Answer:Fake Google Chrome Virus

Please run Malwarebytes AntiMalware Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically. 1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation. 2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.  Click on Update Now, after Malwarebytes is updated click on Scan. If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan  You will be prompted to update Malwarebytes, to do so click on Update Now.   3)  The scan will automatically run now.   4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions   5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes   6)  Please post the Malwarebytes log. To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.  To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.   Please run AdwCleaner Please d... Read more

9 more replies
Relevance 78.3%

I have a laptop that is running slow and after checking task manager I see several processes named Oigisuhyfs.exe and the description says that it is Google Chrome, I uninstalled Chrome, booted into safe mode and deleted the files in the Oigisuhyfs location but the virus just came back, after doing some research online I noticed that this was a recurring problem and read several posts on this website, all with a similar theme of instructions so I downloaded FRST and ran the scan, here are the results of the scan.......
 
Thanks in advance.

Answer:Fake Google Chrome virus

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire cont... Read more

14 more replies
Relevance 78.3%

I just migrated Windows 7 from one SSD to another SSD today. I did not do any type of install - just cloned the drives and set up the new drive to be the boot master. I ran the ZOEK before I knew what I was supposed to do with requesting help from this forum, so I uploaded that log, too.
 

Answer:Fake Google Chrome Processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 78.3%

I have a virus that creates a ton of processes that slows down my computer, and says its google chrome. It is in the appdata folder. What should I do?
John
 
Edit: I have a Windows 7, this is the folder for the program:
 
AppData\LocalLow\EmieBrowserModeList
 
The file name is srcgwulu.exe
 
To fix the problem, I tried to delete the file and contents in safe mode, but the file reappeared.

Answer:Fake google chrome virus

Here is the Farber Recovery Scan Tool
===========================================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by John Rieth (administrator) on JOHNRIETH-THINK on 30-12-2014 00:52:28
Running from C:\Users\John Rieth\Downloads
Loaded Profile: John Rieth (Available profiles: John Rieth)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files (x86)\Th... Read more

3 more replies
Relevance 78.3%

Same as the others. Up to 15 processess running under the guise of Google Chrome
 

Answer:Fake Google Chrome processess

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 78.3%

I just ran my FRST scan while in safe mode. I don't know if that will affect the outcome of the log or going forward. I've had had this problem for a few days and haven't been able to stop and just post about it. Thank you very much in advance for assistance.
 

Answer:Fake Google chrome processes

Here is my addition file as well.
 

6 more replies
Relevance 78.3%

Hello. Recently my PC has become infected with the "Google Chrome" virus where a fake .exe posing as Chrome creates itself, runs itself, and opens many processes which hogs CPU and RAM. Deleting the .exe is no good because this virus recreates itself in a new random folder upon next PC startup and does its same thing again. I have already run Farbar Recovery Tool, so attached are my FRST and Addition txts.
 

Answer:Fake Google Chrome processes

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 78.3%

Apparently there's malware in my CPU. Getting errors stating Google Chrome has crashed and I do not use Google Chrome nor is it installed in my computer. Do I follow the Windows 7 malware removal procedure? Any help would be appreciated.
 

Answer:Fake Google Chrome errors

Yes.
 

7 more replies
Relevance 78.3%

Hello,
 
I've seen others with the same problem, but I am getting a process in Windows Task Manager that won't go away even if I go into Safe Mode and delete the file.  It is located in User\AppData\LocalLow.  I have attached the image of Windows Task Manager and the 2 FRST files.
 
Thank you for any help!
 

Answer:Fake Google Chrome Processes

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
I will reply back later today with a fix.
 
 
Regards,
Georgi

8 more replies
Relevance 78.3%

Windows 7 PC just started running very slowly.  Noticed numerous (sometimes up to 25) processes named "mmxctdbwkm.exe" running, spawning, re-spawning constantly.  Norton 360 popups indicating "Google Chrome using excessive memory resources" - task manager shows processes having descriptions "Google Chrome" which obviously they are not as Google Chrome is not installed on this PC!  Files are under C:\users\John\appdata\LocalLow\.... I would like to follow the procedure in the link below as it describes my problem fairly accurately.  However, the process appears to require 2-way collaboration and information sharing so wanted to check first before diving in.  Thank you in advance for your help.
 
http://www.bleepingcomputer.com/forums/t/551186/fake-google-chrome-running-multiple-processes-in-task-manager/
 

Answer:Fake Google Chrome processes

Start with the scanning for Poweliks. If it is found and removed there will be more cleanup of other malware to do.
 
Please download Powelikscleaner (by ESET) and save it to your Desktop. (let me know if poweliks was found and removed as shown in the last image)
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
 

 
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
 

16 more replies
Relevance 78.3%

As described, multiple fake Chrome processes. As opposed to just the fix, I'd also like any details you can give me about this issue and what causes it.
 

Answer:Fake Google Chrome Processes

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and w... Read more

9 more replies
Relevance 78.3%

Hello,
 I see a couple other people have posted this same problem in the last few days so hopefully someone can help.
 I have got 5-20 processes running under image name Bcexfymkqard.exe*32. Description Google Chrome. I have never installed Chrome. It is sucking maximum bandwidth from my modem. Malwarebytes did not clean it.  Please help. Here are my FRST and Addition logs:
 
FRST:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by John (administrator) on JOHN-PC on 21-10-2014 08:33:05
Running from C:\Users\John\Downloads
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Locktime So... Read more

Answer:Need Help... Fake Google Chrome processes

Bumpety Bump.  Can anyone help me with this?

22 more replies
Relevance 78.3%

Like others on this site, I have been infected with a program that says it's Google Chrome but actually isn't.  Briefly, there is an executable file named “XSIAKQJE.EXE” (in Task Manager, the image name is the same with *32 afterwards) and has a description name of “Google Chrome” in Task Manager.  Google Chrome is not installed on the computer, nor any other Google application, but there are a minimum of 4 processes of this application running at the same time at any given time which easily goes up to 15 or so processes within a short period (<15 minutes) of computing.  As long as the internet connection is disabled, each running process is below 70mb of memory usage; after connection is made, 2-4 of the processes jump up to 100-400+MB of memory usage.  The application is running on an HP DV6T laptop computer, i7 Q720 Intel processor, 8gb ram, Windows 7 professional w/service pack 1 and all current updates performed.  The internet browser used is IE version 11.
 
Shown below is the DDS.txt file contents.  I have also attached the "attach.txt" file and 3 other files in a Zip file which details more specific information that I found while researching the behavior of this rogue application that I have not found others to have reported.  These 3 other files are in a Microsoft WinWord document - please let me know if that format is not able to be read.
 
I really do appreciate any help you can provide me... Read more

Answer:Fake Google Chrome application

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554736 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

23 more replies
Relevance 78.3%

Hello,

Early this year I started having problems with my browses. I got home page changes in both Firefox and Chrome. I tried using my Avast scan, always finding adware and such, but never actually solving the problem. After a few months, last week I tried running Netflix on my Chrome browser and I found out I had a fake Chrome version installed. I uninstalled it, erased all Chrome data left over in my machine and the program was gone. Only problem is the new Chrome installer didn't seem to work, both offline ad online versions. So I've been trying to fix this without luck. Today to my surprise, the fake Chrome is back on my desktop, only this time it doesn't appear in my Programs list or anywhere. When I looked at the root file it's a file called Setleaf. Please I need help getting rid of this fake program. It's already messing with my Firefox again and new adware is showing up everyday in my Programs list!

Hope you can give me a hand. Thx!
 

Answer:Fake Google Chrome nightmare!

Hello,
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

Install the progam and select update.
Once updated, click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Start Scan.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

1 more replies
Relevance 78.3%

Hello and help! My infection began November 8. Task manager shows 10 to 15 processes with identical names jpokptfz.exe*32 Google Chrome, using up to 40% of CPU. The processes reappear immediately after ending manually. Chrome is not currently installed on my machine. Computer is running very slow; fake Google Chrome is causing high CPU usage. Also, today I uninstalled Java, but I can't delete folder appdata/locallow/Sun; looks like subfolders contain the fake Google Chrome .exe files. I ran SuperAntiSpyware, Malwarebytes Anti-Malware 2.0, and Norton 360 AV with no success.
 

Answer:Another Fake Google Chrome infection

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 78.3%

Log for issue from this thread: http://www.bleepingcomputer.com/forums/t/555409/fake-google-chrome-slowing-computer/
 
Summary:  I run Windows 7.  Multiple processes labeled "Google Chrome" (which I do not have) had been slowing the computer.  I identified some of the files related to the issue, but when I deleted them they were recreated on next start-up.
 
I have not seen the processes running lately, but the related files are still present on the computer.  Norton and various malware removal programs have not identified or removed them.
 
DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by Home at 1:20:57 on 2014-12-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4080 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted... Read more

Answer:Fake Google Chrome Infestation

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559154 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Relevance 78.3%

Hello, my name is Michael and I have a virus on my computer. It disguises itself as Google Chrome. There are at least 30-40 of these suckers on my computer. I clearly know it's not ACTUALLY google chrome because of one simple reason.... I don't have Google Chrome on my computer. I am running 8.1 and ComboFix doesn't run on 8.1. The file is called ccbzyuln.exe with the chrome symbol. I see in my task manager. I'm also typing this on my phone. Last night I was playing on my PC perfectly fine. I play games such as DayZ and Counterstrike : Global Offensive. I was updating DayZ to the newest patch and I noticed it would spend a large amount of time being "BUSY WRITING TO DISK" I opened task manager and I see that 100% is on my disk tab and I'm stumped. Please help.
 

Answer:Google Chrome Fake program On my PC Plz Help!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 78.3%

Noticed other people having the same issue. Hopefully this can get fixed.
 

Answer:Fake Google Chrome processes

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

1 more replies
Relevance 78.3%

Hello this morning I noticed my computer was slow. The file was coming from a folder called Locallow in my Appdata folder. I renamed the file and deleted that folder because I thought it would do the trick but it recreates 5 minutes later. I suspect I have a virus. It's a work laptop.

Answer:Fake google chrome.exe virus

Hi there,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

9 more replies
Relevance 78.3%

I'm waiting on the Zoek application to complete. I'll then run FRST and attach the Zoek and FRST logs to this post.
 

Answer:Fake Google Chrome virus

Zoek results - .exe file still running after running Zoek. I may have been able to delete the "Temp" file it was in, but am afraid it is still in the registry and will re-load if the computer is rebooted.
 

3 more replies
Relevance 78.3%

My computer is running super, super slow. When I open my task manager I find several (usually about eight) Google Chrome processes (with the image name of mnmtbcm.exe) going on all at once, all sucking up loads of memory and completely bogging down my computer... Annnnd I don't even have Google Chrome installed. So, something must be up.
 

Answer:Fake Google Chrome Virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 78.3%

Looks like my grandmother's computer has succumbed to some malware and she's not having too great a time with it. Any help would be greatly appreciated. Thanks, and Merry Christmas!
 

Answer:Fake Google Chrome malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies