Help with windows explorer and manage credentials. Possible malware

Page 1 of 2 12 LastLast

  1. Posts : 11
    windows 7 home 64bit
       #1

    Help with windows explorer and manage credentials. Possible malware


    Hello. I'm new here and figured I'd see if someone could help.

    I started scanning the other day for spyware and maleware. Came up with a sweet IM program I never installed. So I uninstalled it. No issues. I started looking for other programs I didn't install. Found a toolbar widgi I think it was? Anyway I scanned with spyhunter and located application updater and lots of cookies. Could only delete some cookies the others where being used by another user. I found the pathway for some of the application updater files which begins c:/user. ..... when I go to windows explorer there is no user folder under c:/ ?? I found the application updater under c:/ but can't delete because its being used by another user. I can't find the process to stop it. Also don't know if its related but a couple files or programs tell me I dont have administrator privileges but im logged in as administrator. I go to manage credentials in control panel/ user accounts and it thinks a minute then gives me the windows explorer not responding and fails to open.

    Any ideas our help would be appreciated. Thinking someone had hacked my pc? Or some maleware or spyware is there.

    Thanks kach474
      My Computer


  2. Posts : 632
    windows 7 x64 Home Premium
       #2

    The bad news is Widgi toolbar is definitely malware. The good news is it's not that hard to remove.

    Download Malwarebyte (free version). Malwarebytes : Free anti-malware, anti-virus and spyware removal download
    Open Control Panel.
    Go to "uninstall a program" and uninstall the Widgi toolbar.
    Then run Malwarebytes.

    BTW... what browser are you using?
      My Computer


  3. Posts : 11
    windows 7 home 64bit
    Thread Starter
       #3

    I have malewarebytes and have used it for a long time. It doesn't find it. I uninstalled it before these problems. I run Internet explorer
      My Computer


  4. Posts : 632
    windows 7 x64 Home Premium
       #4

    Yeah... sometimes the little bugger hides. Did you look in IE > Tools > Manage Add ons? Sometimes it's in there, and can be removed like any other add on (it's a longshot, but worth a try).

    I have also had good luck removing this particular malware by using ESET. ESET :: Get a FREE Online Virus Scan
      My Computer


  5. Posts : 11
    windows 7 home 64bit
    Thread Starter
       #5

    I was able to get the toolbar taken care of. Now my problem is getting the application updater off and the user folder back.
      My Computer


  6. Posts : 632
    windows 7 x64 Home Premium
       #6

    Hmmm... I've removed this from 3 or 4 computers, and uninstalling the toolbar always took the updater out with it. But that was back in 2010. They must've changed it since then. The trick was realizing it sometimes installed as a freestanding program and an addon, and you'd have to uninstall it in both places to get rid of it.

    Sorry, but I've run out of things that I know will work. I'd be just guessing from here on out, and I don't want to steer you wrong.
      My Computer


  7. Posts : 11
    windows 7 home 64bit
    Thread Starter
       #7

    I understand. Ill double check when I get home make sure its gone from both places. Thanks for the info.
      My Computer


  8. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #8

    - Widgi Toolbar is capable of extorting information such personal financial data (credit card numbers, online banking login details), user profiles, software registration keys, and passwords – from the infected system.
    Some Widgi Toolbar infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc.
    It would be wise to change all your passwords immediately for any online sites you go to, particularly banking logins and other important sites. If you've used your credit cards online, keep an eye on your accounts for rouge usage and contact your banking facility.

    It sounds as though it's still running in the background, limiting your access to the areas that would allow you to shut it down.

    D/L & run this application (RKill). Read the instructions. Do not restart the system once you have run this or the malware will just restart.

    Bleeping Computer Downloads: RKill

    Now try running Malwarebytes (full system scan) to see if it picks up anything.

    There may be remnants of it left in your system, particularly in the registry keys. Malwarebytes should be able to find these. However, just to be sure, check to see if these keys are present in your registry.

    • HKEY_CLASSES_ROOT\Interface\{2DC9C611-D7C2-42A3-9312-BFF512812022}“(Default)” =“IWidgiToolbarHost”
    • KEY_CLASSES_ROOT\Interface\{C3ABD5A3-E699-4B9F-97FF-25B121A41276 “(Default)” = “IWidgiBHO”
    • HKEY_CLASSES_ROOT\CLSID\{C089D5FC-CFE2-4BCD-A522-2981448227CE}

    If they are, back up the registry and then delete these registry keys.

    Next, D/L & run MS Safety Scanner. (Full System Scan)

    Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

    Hopefully this cleans everything out & you'll have control of your PC back.
    Last edited by Borg 386; 04 Jan 2012 at 14:30.
      My Computer


  9. Posts : 11
    windows 7 home 64bit
    Thread Starter
       #9

    cool thanks. will do the passwords immediately. i ran the ESET online scanner and it found the application updater and the toolbar got them deleted. ill check the registry tonight and make sure. thanks for the help. i have malewarebytes and have run it numerous times. it never found either one. didn't find then till i ran spyhunter and the ESE.
      My Computer


  10. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #10

    According to what I found, Malwarebytes should have been able to fully remove the infection. Of course, viruses are always evolving and this could have been a new variant. Just make sure to change all your passwords.

    Another program you might try next time is SuperAntiSpyware, the portable version. Put it on a FD & run it from there. However, since they are constantly updating the definitions for it, you'll have to d/l the latest version when you need it.

    SUPERAntiSpyware.com - SUPERAntiSpyware Portable Scanner
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:11.
Find Us