Solved "Virus" - GET ALL PASSWORDS

[Kathy]

Hello all
I got OS: Windows 7 Ultimate

Everytime i start-up my laptop appears an icon on the desktop named "GET ALL PASSWORDS" , and it an "exe" format.

I dunno if its a virus but i guess yes, I scanned it and there're no problems in there.
I scanned with AVG , Malwarebytes.

I checked the Startup Items, there's no strange services
I looked
I did all the things that i should do, and nothing helps.


Help me please.

 

[NoN]

Baby please don't click.......:shock:

try to locate before in your Program Files/ Program Files (x86) but don't even think double clicking!

 

[Kathy]

Baby please don't click.......:shock:

try to locate before in your Program Files/ Program Files (x86) but don't even think double clicking!

I wont click, I scanned all the computer and didn't find any errors or viruses ;S
Help please,

 

[NoN]

Looks like a password-cracker from a recovery software and from a previous install:

get all passwords - Bing Videos

 

[Kathy]

Oh :O Dangerous

 

[SledgeDG]

It seems to be a password stealer . from here:

Password finder get all passwords you want in seconds

Delete it and empty your recycling bin.

-DG

 

[NoN]

Oh :O Dangerous

Maybe not so (if you don't use it), but you better double check in "Program & Features" if there's an uninstaller there....

 

[EzioAuditore]

Upload that file to virustotal.

 

[bmcdevitt]

just to be safe id check your processes and services, and see if anything fishy named like it is running. It doesn't look like you installed it though, it just looks downloaded.

 

[Kathy]

SledgeDG, I prefer not to delete it this way .. cause i tried this before and it cames back everytime
NoN, Thank you for supporting
EzioAuditore, I did .. what the next step?
bmcdevitt, I can attach my process, but the services it's too long list.. to attach it in jpeg images?

 

[Golden]

Hi Kathy,

Firstly, you did exactly the right thing by not clicking it - the first step to good security is awareness.

Can you tell us a bit about this laptop please? Acer? Gateway? Has that password thing always been there since you bought it?

Regards,
Golden

 

[Kathy]

Oh, it been removed now... suddenly i can't see it on desktop :S

 

[NoN]

Go in start menu then click run and type, msconfig go in start up tab...you can slice the list with screenshots using the capture tool...

So then, reboot and see if it reappears!!

 

[Kathy]

HP Pavillion dv5
I see this icon everytime i startup the computer.
Sometimes it suddenly disappears, but this time it took so much time than ever to let me Prntscrn of it .
and now .. it disappeared again ..

 

[Kathy]

MSConfig - Startup

 

[SledgeDG]

Kathy: in that case you either have a so called "Dropper" on your system or you visit pages that upload that exe to your computer again and again...
If you have Malwarebytes run a full scan and it doesn't find the dropper, there is no way of knowing what really causes this file to reappear.

If it comes through the browser, I would switch off Javascript, stay away from any P2P Soft for the time being
It could even come through some Flashplayer etc...

You could also test some online AVs from this thread:
http://www.sevenforums.com/security-basics/8557-online-file-scanner-sites.html

-DG

 

[Golden]

Mmm......I wonder if this is some form of bloatware. Is your Windows an OEM version?

 

[Kathy]

Ok guys, I'll do all steps you wrote..
I'll check after Online scanning and rebooting if it appears another time, If yes, so I'll replay back..

 

[NoN]

Thought that first of bloatwares password recovery from the manufacturer...but if it isn't inside an uninstaller then...might be a malware.

 

[SledgeDG]

one more idea in case the culprit can't been found:
Make sure you see extensions of known files

next time when the exe reappears, delete it and then take any Text file, name it "GET ALL PASSWORDS.EXE"
Set it to read only and see if that malware file comes back by getting around this "construct"
I bet it doesn't
-DG