Operating System
Windows 7
Infection date and initial symptoms
10-28/29-2014 (per folder 348pm, 10-28-2014)
Current issues and symptoms
1. Google Chrome has crashed! was displayed. I don't have google chrome.
2. Mouse still has arrow but also shows waiting round ball a lot of times.
3. Computer seems slow.
Steps taken in order to remove the infection
Ran Microsoft Security Essentials and nothing was flagged.

chris trip

New Member
Last night, while working on some vhs to dvd videos, I got an alert saying "Google Chrome has crashed". I don't have chrome on my computer. I looked at my task manager, nothing was showing under applications running, aside from nero, but under processes, there are 8+ different things for chrome. (wiljgkxpsy.exe*.32).
I clicked on open folder and apparently the folder was created yesterday at 348pm. The files are hidden and are under: AppData/LocallowApple Computer/CNVCZPGV/MUQUVESC
I ran Microsoft Security and nothing was flagged. I also tried Malware. Nothing related to Chrome was found.

Also, my mouse pointer on the screen is still showing but also will show a round ball like it's waiting/processing something. This didn't happen until last night after the message about chrome crashing.
What can I do to get rid of this.
Please, any help would be appreciated.
 

argus

Former MalwareTips Staff
Hello,



Please download Farbar Recovery Scan Tool (
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

chris trip

New Member
Hello,



Please download Farbar Recovery Scan Tool (
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thanks for your reply. I have run the scan mentioned above. I have uploaded the files as well.
 

Attachments

argus

Former MalwareTips Staff
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:
Start
C:\Users\Chris\AppData\LocalLow\Apple Computer\cnvczpgv\Muiquvesc
HKU\S-1-5-21-3997759202-3242781643-1077473636-1000\...\Run: [wwmasjcr] => regsvr32.exe /s "C:\Users\Chris\AppData\Local\ATI\wwmasjcr.dll" <===== ATTENTION
HKU\S-1-5-21-3997759202-3242781643-1077473636-1000\...\MountPoints2: {3bda4f72-a00e-11e0-a6e9-20cf30a04140} - J:\PhotoViewer.exe
C:\Users\Chris\AppData\Local\ATI\wwmasjcr.dll
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
EmptyTemp:
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
 

chris trip

New Member
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:
Start
C:\Users\Chris\AppData\LocalLow\Apple Computer\cnvczpgv\Muiquvesc
HKU\S-1-5-21-3997759202-3242781643-1077473636-1000\...\Run: [wwmasjcr] => regsvr32.exe /s "C:\Users\Chris\AppData\Local\ATI\wwmasjcr.dll" <===== ATTENTION
HKU\S-1-5-21-3997759202-3242781643-1077473636-1000\...\MountPoints2: {3bda4f72-a00e-11e0-a6e9-20cf30a04140} - J:\PhotoViewer.exe
C:\Users\Chris\AppData\Local\ATI\wwmasjcr.dll
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
EmptyTemp:
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.


Thank you for your reply. I did what you said. I have uploaded the file for you.
 

Attachments

argus

Former MalwareTips Staff
Please download MCShield from one of the following links:

MCShield -Official download link
  • Double click on MCShield-Setup to install the application.
    Next => I Agree => Next => Install ... per installation click on Run! button.
  • Wait a few seconds to MCShield finish initial HDD scan...
  • Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
  • When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt


Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
 

argus

Former MalwareTips Staff
The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

chris trip

New Member
Y
The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Just ran the DelFix tool.

Yes, it deleted the tools and file that were used earlier.

The file reads:
# DelFix v10.8 - Logfile created 29/10/2014 at 13:36:46
# Updated 29/07/2014 by Xplode
# Username : Chris - CHRIS-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\Users\Chris\Downloads\Addition.txt
Deleted : C:\Users\Chris\Downloads\Fixlog.txt
Deleted : C:\Users\Chris\Downloads\FRST 32.exe
Deleted : C:\Users\Chris\Downloads\FRST.txt
Deleted : C:\Users\Chris\Downloads\FRST64.exe
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #547 [Scheduled Checkpoint | 10/24/2014 00:50:45]
Deleted : RP #548 [Windows Update | 10/25/2014 20:18:07]
Deleted : RP #549 [Windows Update | 10/29/2014 20:12:53]
New restore point created !
########## - EOF - ##########
 

argus

Former MalwareTips Staff
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments