Solved suspect a virus need help removing....please

[Callender]

Just a quick note for Jacee. I looked at the UVK log and there's a suspicious CLSID here:

<ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

See:

Malware scan of geardifx.exe 6ff8b4d7212e45c74e4c85236953e26fb9b49b9c - herdProtect

Can write a script to remove it but as Jacee is the expert wait for her thoughts on the matter.

 

[vid4763]

Thx Callender! I will wait for more advice......

 

[vid4763]

@ Jacee

Please delete:
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe found by Eset ---->Win32/Bundled.Toolbar.Google.D potentially unsafe application

Will do!

 

[vid4763]

@ Jacee

Just a quick note for Jacee. I looked at the UVK log and there's a suspicious CLSID here:

<ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

See:

Malware scan of geardifx.exe 6ff8b4d7212e45c74e4c85236953e26fb9b49b9c - herdProtect

Can write a script to remove it but as Jacee is the expert wait for her thoughts on the matter.

What do you think Jacee?

 

[vid4763]

@ Jacee @ Callender

Thx for all the advice and help!

As I wait for advice on this suspicious UVK information, I wondered if, when you have a moment, either of you could glance at another thread I posted 2 days ago in the "back up and restore forum" ? At the risk of feeling and sounding greedy for your expert help, my college son gave us his comatose Samsung NP-QX410 laptop a few months back. He said HDD issue failure, so they purchased a new one and said if I could fix it I could have it. I'm trying to resurrect it and need some advice evaluating if it is possible without major investment. We'd like to give it to our 10 yr. old this June as a 5th grade graduation gift and his first computer.

Here is the thread:

http://www.sevenforums.com/backup-restore/363103-need-help-recovering-hdd-samsung-np-qx410.html

If you get a chance to check it out Thank you. If not, I truly appreciate your valuable time and especially what you've already done to help me here!!!

 

[Jacee]

@ callender ... Malware scan of GEARDIFx.exe (DIFx Driver Installer) c6bb273233c29b6f674b9878be94382f43ba969c - herdProtect

@ vid4763... Someone else will have to help you with the HDD. I'm not an expert in that field!

 

[vid4763]

Jacee,

the GEARDIFx.exe is ok then?

If so, then thank you for all your help!!! I will be more careful in my future internet travels....and now much wiser!!

 

[Callender]

Note: GEARDIFx.exe (Jacee's link is okay) but what shows up in your log:

<ContentsCommonAppData> | E1864A66-75E3-486a-BD95-D1B7D99A84A7

That's files in this location:


C:\ProgramData\application data\e1864a66-75e3-486a-bd95-d1b7d99a84a7\geardifx.exe

Well, that's (possibly) not okay.

So you need to check what's in that folder.

Suggest: Run UVK again - right click and "Run as Admin"

Choose "Misc Tools" then "File To Manage" > Browse

Navigate to C:\ProgramData\application data\e1864a66-75e3-486a-bd95-d1b7d99a84a7\geardifx.exe and select it.

Click "File Infromation" and in the window that opens up if you see:

MD5 Hash: b2a4f900050713c5099dba2910723a03

then it's okay.

If you see:

MD5 Hash: 63fbf80e79285b166d106f155c461cf6

then it's suspect.

Thanks Jacee!

 

[Jacee]

Jacee,

the GEARDIFx.exe is ok then?

If so, then thank you for all your help!!! I will be more careful in my future internet travels....and now much wiser!!

It appears okay to me.

@ callender see this image ... regarding "6ff8b4d7212e45c74e4c85236953e26fb9b49b9c"
in the UVK log

 

[Callender]

RE: MD5 hash in log.

Now why didn't I search for that!

Anyway the dodgy version of the file looks like it would have been picked up by the other scans. Apologies for the confusion.

 

[Jacee]

That's not a problem callender

 

[vid4763]

Jacee,

only thing of note is this file (found by ESET online, post #19, 3 days ago) seems to be gone from laptop without anything I did.

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe

I searched entire computer for it (including hidden files) and no results found.

Not sure what happened to it. Maybe ESET did remove it? or was removed when uninstalling System Mechanic? or updating version of Adobe Shockwave?

I am running ESET online again. I'll see if it comes up with anything and if so try to remove. I'll post my findings.

Also, I bought subscription for Malwarebytes Premium.

 

[vid4763]

@ Jacee

I ran ESET online. NO C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe .... In fact, I got NO THREATS detected.

THANK YOU! THANK YOU! Both you and Callender!!!!

and thank you for the education! Take care!!

 

[Jacee]

Good to know!!