Solved I got the fake Chrome problem

I

I Love Lamp

New Member
Thread author
Nov 14, 2014
5
I want to provide all relevant info, so forgive me if this is a long first post.

A few weeks ago, I got the COM Surrogate / Poweliks virus and someone from another site aided me in removing it, but I was never quite convinced that the problem was gone. After the problem was supposed to be gone, I had 1 more instance of lots of COM Surrogate entries flooding my Task Manager and on one occasion, Rogue Killer found something and I was instructed to delete it. From that point on, it seemed like I was in the clear. As a side note, ever since this incident, I haven't been able to access the Windows App Store or run Xbox One Smartglass.

Ok, so now onto my new problem. I wanted some help with an Xbox achievement, so I googled it and clicked on a link to the site TrueAchievements.com in Internet Explorer. I proceeded in playing the game on my TV, and when I turned back to my computer, Windows Defender messages kept popping up saying that it has detected malware and was attempting to deal with it. When I tried to see what was going on, my computer grinded to a halt. I closed 1 Firefox window and it closed quickly. I then attempted to close Internet Explorer...2 of the tabs closed relatively quickly, but the one for TrueAchievements.com hung for a while and eventually a message popped up about a script that was trying to run and it gave me options to let it go or close it. I unplugged the internet at this point.

I then opened up Task Manager (this took a while to load) and I saw that there were 10 or so Google Chrome entries even though I wasn't using Chrome and almost never do. I still had Rogue Killer on my computer from the last problem, so I ran it and it killed a bunch of processes in the prescan, and after the scan finished, I deleted one red registry entry.

In Task Manager, I right clicked on the problem process and then opened the destination folder. I ended all of the fake Chrome processes and then quickly deleted the .exe, which immediately returned my computer to normal speed. However, I've been reading other peoples' accounts of this issue, and they say it comes back if you restart your computer, which I have not done yet.

The .exe was located here:
C:\Users\Zack\AppData\LocalLow\Temp\alojvbn\Htfkdhullt\Gofxwnzvsto.exe

I then ran a Windows Defender quick scan. Nothing was detected, but there were many Trojan entries in the quarantined area which I removed. They were all from tonight. I then ran a Malwarebytes (free version) threat scan and it didn't detect anything. Finally, I ran Rogue Killer once more and no processes were killed during the prescan and after the scan, there were no red entries in the registry tab. However, it did seem like there were quite a few yellow (or is it orange?) entries in the IAT Hooks tab.

My computer seems to be ok at this moment, but like I said, I haven't restarted yet. Any help with this would be much appreciated.
 
I

I Love Lamp

New Member
Thread author
Nov 14, 2014
5
Ok, I went ahead and restarted. I haven't seen anything flooding Task Manager.

I ran a scan of Rogue Killer, and it killed the following during the prescan:
[Proc.Svchost] svchost.exe -- [x] -> Killed [TermThr]

There are still a bunch of entries in that Anti Root Kit section that I don't remember seeing there earlier in the week. I also ran a Windows Defender quick scan and a threat scan in Malwarebytes (free version) and nothing was detected in either.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"




FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
I

I Love Lamp

New Member
Thread author
Nov 14, 2014
5
Ok, I ran Malwarebytes Anti-Rootkit and nothing was detected. I wasn't sure if you wanted me to include those 2 text files if nothing was found, but I attached them anyway. I also ran FRST and have attached those text files as well.
 

Attachments

  • mbar-log-2014-11-15 (13-53-29).txt
    2 KB · Views: 33
  • FRST.txt
    26.6 KB · Views: 54
  • Addition.txt
    45.8 KB · Views: 52
  • system-log.txt
    27 KB · Views: 33
I

I Love Lamp

New Member
Thread author
Nov 14, 2014
5
The performance has seemed fine, but after 2 significant incidents and 1 minor one in the span of a few weeks after being clean for a long time, I've been worried that something is still lingering on my pc somewhere. I don't know if these things plant themselves on your pc and come to life later or if they instantly start doing their business.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I do not see signs of infection here, if it comes back, I can help you again.


Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 
LeaGurl

LeaGurl

New Member
Nov 18, 2014
1
Help. I was reading the other post you were helping with regarding the chrome.exe virus. I lost the post when I had to go register. Ok, I have run the Farbar Recovery thing. Now what? I desperatly need help. My laptop is a mess over this virus. And, Ive always loved Chrome too. Ok, I'm eagerly awaiting your instructions. :)
 

Similar threads

I
  • Locked
Removing Zeus by resetting Windows
Replies
6
Views
261
Windows Malware Removal Help & Support
nasdaq
nasdaq
N
  • Locked
Gymnophiona Hijacker on my Chrome
Replies
2
Views
493
Windows Malware Removal Help & Support
nasdaq
nasdaq
anayaochoa98
  • Locked
No Reply Browser Keeps Changing to Bing or Despite Default Browser Being Different
Replies
5
Views
551
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top