suspect a virus need help removing....please

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #21

    Just a quick note for Jacee. I looked at the UVK log and there's a suspicious CLSID here:

    <ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

    See:

    Malware scan of geardifx.exe 6ff8b4d7212e45c74e4c85236953e26fb9b49b9c - herdProtect

    Can write a script to remove it but as Jacee is the expert wait for her thoughts on the matter.
      My Computer


  2. Posts : 94
    windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
    Thread Starter
       #22

    Thx Callender! I will wait for more advice......
    Last edited by vid4763; 06 Mar 2015 at 06:21.
      My Computer


  3. Posts : 94
    windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
    Thread Starter
       #23

    @ Jacee


    Jacee said:
    Please delete:
    C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe found by Eset ---->Win32/Bundled.Toolbar.Google.D potentially unsafe application

    Will do!
      My Computer


  4. Posts : 94
    windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
    Thread Starter
       #24

    @ Jacee


    Callender said:
    Just a quick note for Jacee. I looked at the UVK log and there's a suspicious CLSID here:

    <ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

    See:

    Malware scan of geardifx.exe 6ff8b4d7212e45c74e4c85236953e26fb9b49b9c - herdProtect

    Can write a script to remove it but as Jacee is the expert wait for her thoughts on the matter.

    What do you think Jacee?
      My Computer


  5. Posts : 94
    windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
    Thread Starter
       #25

    @ Jacee @ Callender


    Thx for all the advice and help!

    As I wait for advice on this suspicious UVK information, I wondered if, when you have a moment, either of you could glance at another thread I posted 2 days ago in the "back up and restore forum" ? At the risk of feeling and sounding greedy for your expert help, my college son gave us his comatose Samsung NP-QX410 laptop a few months back. He said HDD issue failure, so they purchased a new one and said if I could fix it I could have it. I'm trying to resurrect it and need some advice evaluating if it is possible without major investment. We'd like to give it to our 10 yr. old this June as a 5th grade graduation gift and his first computer.

    Here is the thread:

    need help recovering HDD for Samsung NP-QX410

    If you get a chance to check it out Thank you. If not, I truly appreciate your valuable time and especially what you've already done to help me here!!!
      My Computer


  6. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #26

    @ callender ... Malware scan of GEARDIFx.exe (DIFx Driver Installer) c6bb273233c29b6f674b9878be94382f43ba969c - herdProtect

    @ vid4763... Someone else will have to help you with the HDD. I'm not an expert in that field!
    Attached Thumbnails Attached Thumbnails suspect a virus need help removing....please-2015-03-06_112642.jpg  
      My Computer


  7. Posts : 94
    windows 7 professional 64 bit Version 6.1.7601 Service Pack 1 Build 7601
    Thread Starter
       #27

    Jacee,

    the GEARDIFx.exe is ok then?

    If so, then thank you for all your help!!! I will be more careful in my future internet travels....and now much wiser!!
      My Computer


  8. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #28

    Note: GEARDIFx.exe (Jacee's link is okay) but what shows up in your log:

    <ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

    That's files in this location:


    C:\ProgramData\application data\e1864a66-75e3-486a-bd95-d1b7d99a84a7\geardifx.exe

    Well, that's (possibly) not okay.

    So you need to check what's in that folder.

    Suggest: Run UVK again - right click and "Run as Admin"

    Choose "Misc Tools" then "File To Manage" > Browse

    Navigate to C:\ProgramData\application data\e1864a66-75e3-486a-bd95-d1b7d99a84a7\geardifx.exe and select it.

    Click "File Infromation" and in the window that opens up if you see:

    MD5 Hash: b2a4f900050713c5099dba2910723a03

    then it's okay.

    If you see:

    MD5 Hash: 63fbf80e79285b166d106f155c461cf6

    then it's suspect.

    Thanks Jacee!
    Last edited by Callender; 06 Mar 2015 at 15:44. Reason: edit text
      My Computer


  9. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #29

    vid4763 said:
    Jacee,

    the GEARDIFx.exe is ok then?

    If so, then thank you for all your help!!! I will be more careful in my future internet travels....and now much wiser!!
    It appears okay to me.

    @ callender see this image ... regarding "6ff8b4d7212e45c74e4c85236953e26fb9b49b9c"
    in the UVK log
    Attached Thumbnails Attached Thumbnails suspect a virus need help removing....please-cannot-find.jpg  
      My Computer


  10. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #30

    RE: MD5 hash in log.

    Now why didn't I search for that!

    Anyway the dodgy version of the file looks like it would have been picked up by the other scans. Apologies for the confusion.
      My Computer


 
Page 3 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:25.
Find Us