Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: suspect a virus need help removing....please

05 Mar 2015   #21
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Just a quick note for Jacee. I looked at the UVK log and there's a suspicious CLSID here:

<ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

See:

Malware scan of geardifx.exe 6ff8b4d7212e45c74e4c85236953e26fb9b49b9c - herdProtect

Can write a script to remove it but as Jacee is the expert wait for her thoughts on the matter.


My System SpecsSystem Spec
.
06 Mar 2015   #22
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

Thx Callender! I will wait for more advice......
My System SpecsSystem Spec
06 Mar 2015   #23
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 
@ Jacee

Quote   Quote: Originally Posted by Jacee View Post
Please delete:
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe found by Eset ---->Win32/Bundled.Toolbar.Google.D potentially unsafe application

Will do!
My System SpecsSystem Spec
.

06 Mar 2015   #24
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 
@ Jacee

Quote   Quote: Originally Posted by Callender View Post
Just a quick note for Jacee. I looked at the UVK log and there's a suspicious CLSID here:

<ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

See:

Malware scan of geardifx.exe 6ff8b4d7212e45c74e4c85236953e26fb9b49b9c - herdProtect

Can write a script to remove it but as Jacee is the expert wait for her thoughts on the matter.

What do you think Jacee?
My System SpecsSystem Spec
06 Mar 2015   #25
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 
@ Jacee @ Callender

Thx for all the advice and help!

As I wait for advice on this suspicious UVK information, I wondered if, when you have a moment, either of you could glance at another thread I posted 2 days ago in the "back up and restore forum" ? At the risk of feeling and sounding greedy for your expert help, my college son gave us his comatose Samsung NP-QX410 laptop a few months back. He said HDD issue failure, so they purchased a new one and said if I could fix it I could have it. I'm trying to resurrect it and need some advice evaluating if it is possible without major investment. We'd like to give it to our 10 yr. old this June as a 5th grade graduation gift and his first computer.

Here is the thread:

need help recovering HDD for Samsung NP-QX410

If you get a chance to check it out Thank you. If not, I truly appreciate your valuable time and especially what you've already done to help me here!!!
My System SpecsSystem Spec
06 Mar 2015   #26
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

@ callender ... Malware scan of GEARDIFx.exe (DIFx Driver Installer) c6bb273233c29b6f674b9878be94382f43ba969c - herdProtect

@ vid4763... Someone else will have to help you with the HDD. I'm not an expert in that field!


Attached Images
suspect a virus need help removing....please-2015-03-06_112642.jpg 
My System SpecsSystem Spec
06 Mar 2015   #27
vid4763

windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
 
 

Jacee,

the GEARDIFx.exe is ok then?

If so, then thank you for all your help!!! I will be more careful in my future internet travels....and now much wiser!!
My System SpecsSystem Spec
06 Mar 2015   #28
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Note: GEARDIFx.exe (Jacee's link is okay) but what shows up in your log:

<ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

That's files in this location:


C:\ProgramData\application data\e1864a66-75e3-486a-bd95-d1b7d99a84a7\geardifx.exe

Well, that's (possibly) not okay.

So you need to check what's in that folder.

Suggest: Run UVK again - right click and "Run as Admin"

Choose "Misc Tools" then "File To Manage" > Browse

Navigate to C:\ProgramData\application data\e1864a66-75e3-486a-bd95-d1b7d99a84a7\geardifx.exe and select it.

Click "File Infromation" and in the window that opens up if you see:

MD5 Hash: b2a4f900050713c5099dba2910723a03

then it's okay.

If you see:

MD5 Hash: 63fbf80e79285b166d106f155c461cf6

then it's suspect.

Thanks Jacee!
My System SpecsSystem Spec
06 Mar 2015   #29
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by vid4763 View Post
Jacee,

the GEARDIFx.exe is ok then?

If so, then thank you for all your help!!! I will be more careful in my future internet travels....and now much wiser!!
It appears okay to me.

@ callender see this image ... regarding "6ff8b4d7212e45c74e4c85236953e26fb9b49b9c"
in the UVK log


Attached Thumbnails
suspect a virus need help removing....please-cannot-find.jpg  
My System SpecsSystem Spec
06 Mar 2015   #30
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

RE: MD5 hash in log.

Now why didn't I search for that!

Anyway the dodgy version of the file looks like it would have been picked up by the other scans. Apologies for the confusion.
My System SpecsSystem Spec
Reply

 suspect a virus need help removing....please




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Help removing the shortcut virus
Hello all, Can anyone give me a working solution for removing the shortcut virus, you know the one that creates shortcuts of all the files in any external device that is plugged in. I know you can just run CMD and use attrib -h -r -s /s /d f:\*.* to get the files shown again, but MSE ,...
System Security
BSOD on booting after windows logo. Atikdmag.sys relat. Suspect virus.
G,day. Warning: Depressed as F*** so sorry if I come off distasteful. I keep getting a BSOD crash on every load. It gets to the windows logo, the one that shines, and the screen goes black and the tower goes quiet. Then it BSOD's.
BSOD Help and Support
need help removing svchost.exe virus
hello i have been infected with the svchost virus and well its making me angry...can someine help? Things i have tried: using antivirus to remove it but it comes right back, and using rkill but it did not detect anything as a threat... so if anyone can help me please do so.... and sorry if...
System Security
All My Folders Are Gone After Removing Virus !!
i cant seem to see any of my folders on my laptop the wallpaper is now all black and there are only 2 icons on my desktop are my files deleted or just hidden :confused:
Performance & Maintenance
Help with removing happili virus
Hi there! Recently it seems as though my Google searches are being redirected to happili more and more often (and I think once to infomash?). Anyway, it seems as if people on here have been very helpful in helping folks remove this virus but, it also looks like the instructions vary on a system...
System Security
I Need Help Removing A Virus
When i try to select "remove all unhealed" in AVG it says that removing the virus can cause instability or a system crash. How can i get rid of it safely? Here's a screen of my AVG and the virus details. http://i964.photobucket.com/albums/ae126/SonicBrewtality/Virus.png
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:57.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App