Help with windows explorer and manage credentials. Possible malware
-
Help with windows explorer and manage credentials. Possible malware
Hello. I'm new here and figured I'd see if someone could help.
I started scanning the other day for spyware and maleware. Came up with a sweet IM program I never installed. So I uninstalled it. No issues. I started looking for other programs I didn't install. Found a toolbar widgi I think it was? Anyway I scanned with spyhunter and located application updater and lots of cookies. Could only delete some cookies the others where being used by another user. I found the pathway for some of the application updater files which begins c:/user. ..... when I go to windows explorer there is no user folder under c:/ ?? I found the application updater under c:/ but can't delete because its being used by another user. I can't find the process to stop it. Also don't know if its related but a couple files or programs tell me I dont have administrator privileges but im logged in as administrator. I go to manage credentials in control panel/ user accounts and it thinks a minute then gives me the windows explorer not responding and fails to open.
Any ideas our help would be appreciated. Thinking someone had hacked my pc? Or some maleware or spyware is there.
Thanks kach474
-
-
-
I have malewarebytes and have used it for a long time. It doesn't find it. I uninstalled it before these problems. I run Internet explorer
-
-
Yeah... sometimes the little bugger hides. Did you look in IE > Tools > Manage Add ons? Sometimes it's in there, and can be removed like any other add on (it's a longshot, but worth a try).
I have also had good luck removing this particular malware by using ESET. ESET :: Get a FREE Online Virus Scan
-
I was able to get the toolbar taken care of. Now my problem is getting the application updater off and the user folder back.
-
Hmmm... I've removed this from 3 or 4 computers, and uninstalling the toolbar always took the updater out with it. But that was back in 2010. They must've changed it since then. The trick was realizing it sometimes installed as a freestanding program and an addon, and you'd have to uninstall it in both places to get rid of it.
Sorry, but I've run out of things that I know will work. I'd be just guessing from here on out, and I don't want to steer you wrong.
-
-
I understand. Ill double check when I get home make sure its gone from both places. Thanks for the info.
-
- Widgi Toolbar is capable of extorting information such personal financial data (credit card numbers, online banking login details), user profiles, software registration keys, and passwords – from the infected system.
Some Widgi Toolbar infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc.
It would be wise to change all your passwords immediately for any online sites you go to, particularly banking logins and other important sites. If you've used your credit cards online, keep an eye on your accounts for rouge usage and contact your banking facility.
It sounds as though it's still running in the background, limiting your access to the areas that would allow you to shut it down.
D/L & run this application (RKill). Read the instructions. Do not restart the system once you have run this or the malware will just restart.
Bleeping Computer Downloads: RKill
Now try running Malwarebytes (full system scan) to see if it picks up anything.
There may be remnants of it left in your system, particularly in the registry keys. Malwarebytes should be able to find these. However, just to be sure, check to see if these keys are present in your registry.
- HKEY_CLASSES_ROOT\Interface\{2DC9C611-D7C2-42A3-9312-BFF512812022}“(Default)” =“IWidgiToolbarHost”
- KEY_CLASSES_ROOT\Interface\{C3ABD5A3-E699-4B9F-97FF-25B121A41276 “(Default)” = “IWidgiBHO”
- HKEY_CLASSES_ROOT\CLSID\{C089D5FC-CFE2-4BCD-A522-2981448227CE}
If they are, back up the registry and then delete these registry keys.
Next, D/L & run MS Safety Scanner. (Full System Scan)
Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free
Hopefully this cleans everything out & you'll have control of your PC back.
Last edited by Borg 386; 04 Jan 2012 at 14:30.
-
cool thanks. will do the passwords immediately. i ran the ESET online scanner and it found the application updater and the toolbar got them deleted. ill check the registry tonight and make sure. thanks for the help. i have malewarebytes and have run it numerous times. it never found either one. didn't find then till i ran spyhunter and the ESE.
-
According to what I found, Malwarebytes should have been able to fully remove the infection. Of course, viruses are always evolving and this could have been a new variant. Just make sure to change all your passwords.
Another program you might try next time is SuperAntiSpyware, the portable version. Put it on a FD & run it from there. However, since they are constantly updating the definitions for it, you'll have to d/l the latest version when you need it.
SUPERAntiSpyware.com - SUPERAntiSpyware Portable Scanner