Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Help with windows explorer and manage credentials. Possible malware

03 Jan 2012   #1

windows 7 home 64bit
 
 
Help with windows explorer and manage credentials. Possible malware

Hello. I'm new here and figured I'd see if someone could help.

I started scanning the other day for spyware and maleware. Came up with a sweet IM program I never installed. So I uninstalled it. No issues. I started looking for other programs I didn't install. Found a toolbar widgi I think it was? Anyway I scanned with spyhunter and located application updater and lots of cookies. Could only delete some cookies the others where being used by another user. I found the pathway for some of the application updater files which begins c:/user. ..... when I go to windows explorer there is no user folder under c:/ ?? I found the application updater under c:/ but can't delete because its being used by another user. I can't find the process to stop it. Also don't know if its related but a couple files or programs tell me I dont have administrator privileges but im logged in as administrator. I go to manage credentials in control panel/ user accounts and it thinks a minute then gives me the windows explorer not responding and fails to open.

Any ideas our help would be appreciated. Thinking someone had hacked my pc? Or some maleware or spyware is there.

Thanks kach474

My System SpecsSystem Spec
.

03 Jan 2012   #2

windows 7 x64 Home Premium
 
 

The bad news is Widgi toolbar is definitely malware. The good news is it's not that hard to remove.

Download Malwarebyte (free version). Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Open Control Panel.
Go to "uninstall a program" and uninstall the Widgi toolbar.
Then run Malwarebytes.

BTW... what browser are you using?
My System SpecsSystem Spec
03 Jan 2012   #3

windows 7 home 64bit
 
 

I have malewarebytes and have used it for a long time. It doesn't find it. I uninstalled it before these problems. I run Internet explorer
My System SpecsSystem Spec
.


04 Jan 2012   #4

windows 7 x64 Home Premium
 
 

Yeah... sometimes the little bugger hides. Did you look in IE > Tools > Manage Add ons? Sometimes it's in there, and can be removed like any other add on (it's a longshot, but worth a try).

I have also had good luck removing this particular malware by using ESET. ESET :: Get a FREE Online Virus Scan
My System SpecsSystem Spec
04 Jan 2012   #5

windows 7 home 64bit
 
 

I was able to get the toolbar taken care of. Now my problem is getting the application updater off and the user folder back.
My System SpecsSystem Spec
04 Jan 2012   #6

windows 7 x64 Home Premium
 
 

Hmmm... I've removed this from 3 or 4 computers, and uninstalling the toolbar always took the updater out with it. But that was back in 2010. They must've changed it since then. The trick was realizing it sometimes installed as a freestanding program and an addon, and you'd have to uninstall it in both places to get rid of it.

Sorry, but I've run out of things that I know will work. I'd be just guessing from here on out, and I don't want to steer you wrong.
My System SpecsSystem Spec
04 Jan 2012   #7

windows 7 home 64bit
 
 

I understand. Ill double check when I get home make sure its gone from both places. Thanks for the info.
My System SpecsSystem Spec
04 Jan 2012   #8

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote:
- Widgi Toolbar is capable of extorting information such personal financial data (credit card numbers, online banking login details), user profiles, software registration keys, and passwords – from the infected system.
Quote:
Some Widgi Toolbar infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc.
It would be wise to change all your passwords immediately for any online sites you go to, particularly banking logins and other important sites. If you've used your credit cards online, keep an eye on your accounts for rouge usage and contact your banking facility.

It sounds as though it's still running in the background, limiting your access to the areas that would allow you to shut it down.

D/L & run this application (RKill). Read the instructions. Do not restart the system once you have run this or the malware will just restart.

Bleeping Computer Downloads: RKill

Now try running Malwarebytes (full system scan) to see if it picks up anything.

There may be remnants of it left in your system, particularly in the registry keys. Malwarebytes should be able to find these. However, just to be sure, check to see if these keys are present in your registry.
  • HKEY_CLASSES_ROOT\Interface\{2DC9C611-D7C2-42A3-9312-BFF512812022}“(Default)” =“IWidgiToolbarHost”
  • KEY_CLASSES_ROOT\Interface\{C3ABD5A3-E699-4B9F-97FF-25B121A41276 “(Default)” = “IWidgiBHO”
  • HKEY_CLASSES_ROOT\CLSID\{C089D5FC-CFE2-4BCD-A522-2981448227CE}
If they are, back up the registry and then delete these registry keys.

Next, D/L & run MS Safety Scanner. (Full System Scan)

Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

Hopefully this cleans everything out & you'll have control of your PC back.
My System SpecsSystem Spec
05 Jan 2012   #9

windows 7 home 64bit
 
 

cool thanks. will do the passwords immediately. i ran the ESET online scanner and it found the application updater and the toolbar got them deleted. ill check the registry tonight and make sure. thanks for the help. i have malewarebytes and have run it numerous times. it never found either one. didn't find then till i ran spyhunter and the ESE.
My System SpecsSystem Spec
05 Jan 2012   #10

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

According to what I found, Malwarebytes should have been able to fully remove the infection. Of course, viruses are always evolving and this could have been a new variant. Just make sure to change all your passwords.

Another program you might try next time is SuperAntiSpyware, the portable version. Put it on a FD & run it from there. However, since they are constantly updating the definitions for it, you'll have to d/l the latest version when you need it.

SUPERAntiSpyware.com - SUPERAntiSpyware Portable Scanner
My System SpecsSystem Spec
Reply

 Help with windows explorer and manage credentials. Possible malware




Thread Tools



Similar help and support threads for2: Help with windows explorer and manage credentials. Possible malware
Thread Forum
Unusual file-infecting malware steals FTP credentials Security News
Solved soft to manage launching of soft on 5760*1080 and manage, its so panic Graphic Cards
Internet Explorer best at blocking malware Security News
how to manage explorer select first folder automaticly ? Customization
Explorer.exe showing as malware System Security
To open "Manage" windows explorer stops working BSOD Help and Support
Explorer cant remember credentials Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:16 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33