Tachyon Internet Security acting as malware. Installed without my consent and I cant remove it.

[Tachyon is a virus]

What a nightmare. I got this program automatically installed on my computer without my consent. It looks like a fake antivirus utility. LOL how great.

Tried to remove it using malwarebits or zemana, failed. I cant even delete the program folder, it says I need admin rights. When I try to give admin rights, the same Tachyon denies access WTF. If I try to uninstall it through control panel, some random popups with chinese or korean characters. WTF?

Also it created 5 processes in my task manager and, guess what, they cant get removed either.

This is an absolute malware. Tachyon is a virus, please help me remove it. I dont want it in my computer they entered my PC without my consent, this is very frustrating. I am using Windows 8.1

 

[cryogene13]

Same, problem and appeared on same day as the OP. Need a way to uninstall it.
(By any chance, do you have Tencent Gaming Buddy/ Gameloops installed in your pc? It is mostly associated with it.)

 

[Tachyon Virus]

Yeah, same problem, but I got it on a Win10. I used Malwarebytes to delete it and it detected like 40 trojans for me.
@cryogene13 I had Tencent Gaming Buddy installed like 3 months ago, so I think that may not be the cause, unless it left something in sys32 folder.

 

[Burrito]

The company seems fine.

Can one of you upload one of the relevant files to VirusTotal?

.

 

[Orionn]

It seems like this "antivirus" was installed on everyone's pc yesterday. Im not sure where it's from but it might be from gameloop like the other person said. Malwarebytes wasn't able to remove it so I used Absolute Uninstaller and it was uninstalled smoothly.

 

[TwinHeadedEagle]

Hi,

It is a Chinese antivirus and they are promoting themselves through download bundlers which people usually get by searching for pirated software etc. I got it myself during testing but was able to uninstall it just fine through control panel.

If you still have problems I'll need FRST logs:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[cryogene13]

I was able to remove it without any third party software, unfortunately it's uninstaller is not present so I stopped its services and thereafter it was very easy to remove.

 

[Ryan_Heyel]

Hello,

I am running on Windows 7 professional 64 bit.

the other day I booted up my computer and right when I booted in, chrome opened for a half a second and went away without me touching it. After a few minutes I got a pop up in my bottom right corner for an antivirus alert program labeled "TACHYON ENDPOINT SECURITY." I never download this so I went to task manager to kill it. When I try to end the task I get a pop up. "Operation could not be completed, access is denied."
If I go to the file location. (C:/program files (x86)/TACHYON/T5) and try to delete anything it gives me the same error for lack of administrative privileges.
I use firefox, I never use chrome, it was there as a backup. So I went and deleted everything associated with it.
If I try to change my administrative privileges it wont let me, everything is greyed out.
If I go to CMD to try and force delete it, it also gives me an error.
I notices the program had created two folders in my C: and D: drives, in the main directory. A folder called " !@IEUK" if this folder is deleted, renamed or edited in any way, windows explorer crashes, denying you the ability to get rid of it.
I scanned with malwarebytes for root kits and it actually found a handful of various other problems but none of them were Tachyon.
When I boot into safe mode, even with networking options enabled, all my internet connections are blocked. I am using a wireless PCI adapter and it can not be enabled.
I went into the registry, searched for TACHYON files and tried to delete the files I found but it gives me "deletion error, can not delete files."
I tried windows backup and after selecting the backup date of August 1st (the only one available) the computer began the process of restoring. After ten minutes or so it popped back to the desktop with an error. "There are no available restore points" the program deleted it during the process. brilliant.
I downloaded spy hunter on my laptop and put the install file on a thumb drive due to everyone recommending it. However when I go through the install process I get an install error. Setup failed. Same with another program Wiper soft. It will not allow anything to be installed.

I downloaded the Farbar recovery tool and moved it over with my thumb drive. The scan worked, however due to disabled internet I can not post the file, and I do not want to bring the possibly corrupted thumb drive back to my working laptop.

This thing sucks. I dont want to loose all my stuff and I'm not to keen on trying to upgradae windows 7 in hopes of windows 10 fixing it as there are several other posters who seem to be running windows 10 and have the same problem.

 

[sivco]

[QUOTE = "TwinHeadedEagle, должность: 827497, участник: 6533"]
Привет,

Это китайский антивирус, и они продвигают себя через загрузочные пакеты, которые люди обычно получают, ища пиратское программное обеспечение и т. Д. Я получил его сам во время тестирования, но смог просто удалить его через панель управления.

Если у вас все еще есть проблемы, мне нужны журналы FRST:

Пожалуйста, скачайте Farbar Recovery Scan Tool и сохраните его на рабочем столе.

Примечание . Вам необходимо запустить версию, совместимую с вашей системой. Если вы не уверены, какая версия относится к вашей системе, загрузите их обе и попробуйте запустить их.
Только один из них будет работать в вашей системе, это будет правильная версия.

• Дважды щелкните, чтобы запустить его. Когда инструмент откроется, нажмите « Да», чтобы отказаться от ответственности.
• Нажмите кнопку сканирования .
  
  
  
  
  
• Он создаст журнал ( FRST.txt ) в том же каталоге, в котором запускается инструмент. Пожалуйста, приложите его к вашему ответу.
• При первом запуске инструмент создает еще один журнал ( Addition.txt ). Пожалуйста, приложите его к вашему ответу.

[/ QUOTE ]Я получил это сегодня,обычными средствами не удаляется.Help me.

 

[MrLien]

I just happened to have the exact same issue. The Tachyon antivirus got installed without my consent. Although I could uninstall it, I think a type of ransomware got into my system. All my file extensions now have “.prandel” and I have no idea how to decrypt my datas. I tried searching for all ransomware decryption tools, but none had the .prandel extension fix. Very new to this ransomware issue. Have I lost all my data now?

 

[kapri369]

I got this too also my DNS was changed to an 'Israeli' one called XGLOBE LTD without my consent and it installed this Tachyon thing and all other kinds of malware, I suggest you also check your DNS in Internet protocol v4 or v6 then click properties > advanced and see if you have it too.

 

[Wraith]

@Jack I suggest you look into this thread. I'm suspecting a spammer attack. So many new members and all of them commenting on the same post on the same day. I might be wrong but it's worth a look.

 

[NachoNC]

@Jack I suggest you look into this thread. I'm suspecting a spammer attack. So many new members and all of them commenting on the same post on the same day. I might be wrong but it's worth a look.

Not an spammer attack i came here from google i just got that "antivirus" installed by itself yesterday got like 80 malwares removed by antimalwarebytes (i had 0 before).
I think that this is the only forum that is talking about this and we all came here for answers.


PD: sorry for my bad english i hope that you can understand me. But i think that there are a lot of people being concerned about this random antivirus that is getting on our computers.
If it helps before tachyon started installing itself in front of my eyes it started to open chrome windows with "chaintor" on it, i dont know what chaintor is but i was playing minecraft with friends and watching youtube.

 

[INCA]

Hello,

I'm an engineer at INCA Internet and TACHYON Internet Security is our endpoint product.
There has been recent reports from users that our TACHYON Internet Security software is being installed without their consent.
We are currently investigating issue and also would like to request your help on this issue.

I'm personally leaning towards to a possible Botnet trying to accomplish its unknown purpose.
It could also possibly be a Install Monster (PUA) since one user noticed the DNS has been hijacked.
Reference : Detecting the Russian Install Monster Bundler | RSA Link

However, nothing has been confirmed since I haven't been able to find the source to regenerate this issue.
Any information will be helpful for me to try to locate the source and prevent further damages.
I'm sorry that many users had to experience this issue suddenly and had to see our product like this.

I would also like to clear out the confusion on that our software does not install automatically.
Even if it is included as a bundle software the agreement is displayed and the user has the freedom to choose.
TACHYON Internet Security has partnered with 3DP and StarCodec in the past as bundle software.
The user has to agree with the agreement like the one shown below in order to install the software.


Deleting the software :
Assuming that the software has not been tampered, you should be able to delete the software by following the steps below.

Step 1 :
1. Go to Control Panel and click “Program and Features”
2. Right-click TACHYON Internet Security from the program list and proceed to uninstallation.
(Some users have reported that the language is displayed in Korean. You can follow the screenshots taken by @Jack who has kindly posted it at Discuss - Tachyon Internet Security)

Step 2 :
You can proceed to the uninstallation by double clicking the Uninstall file in the following directory :
C:\Program Files (x86)\TACHYON\T5\ixAvsUninst.exe

Please post any information that will help me find the source to this issue.
Any suspected 3rd party software that was installed previously or website visited?
Regardless of the TACHYON software, are you seeing any unwanted ads on your PC?
Was there any DNS hijacking?

Thank you.

 

[TwinHeadedEagle]

Hi,

@INCA

I got this one via IStartSurf bundler.

Tachyon Internet Security md5 hash which was downloaded by a bundler:

8acde7887680e88f56b2c9a74c9658dd

VirusTotal

VirusTotal

www.virustotal.com

It was executed by using

/S

command line argument which is probably a quiet installation. Once it is done Tachyon Internet Security pops up.

User doesn't know what is happening in the background.

 

[Bazoga]

Hello
i killed it with avast free, with a scan on startup, and finished the rest like the DNS issue manually